Actions
Feature #13484
open
IPsec Profile Wizard/Apple: Support on-demand connections in exported profile
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
Connect on demand is super helpful, and is pretty easy to add by hand to a profile, but would be even better to have added automatically (especially since the domain name is known to pfsense (it's domain by default).
For reference this is the added bit, some of the items could be
<key>OnDemandEnabled</key>
<integer>1</integer> <<---- this is 0 in generated file.
<key>OnDemandRules</key>
<array>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>Your Network SSID to not start the vpn in.... because you're behind the network</string>
</array>
<key>Action</key>
<string>Disconnect</string>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>Domains</key>
<array>
<string>domains to trigger connect on, I use *.mydomain.org </string>
</array>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
</dict>
</array>
</dict>
<dict>
<key>Action</key>
<string>Ignore</string>
</dict>
</array>
</dict> <--- this is the end of the dict that usually preceeds the original <integer>0</integer> above.
Can't say how nice it is to have apps on my phone connect to my home network on demand, freshrss, wikis, etc.... might help others. Probably a couple hours of time to update the profile generator for a pretty big gain for your users.
Updated by
Actions