VPN Payload
A VPN payload provisions iOS devices with settings to connect to a VPN. It includes options for configuring the connection type, providing authentication credentials or certificates, setting the VPN to activate on demand, and using a proxy server for the connection.
In order to connect to a VPN, you may need to install an authentication app or client specific to your VPN type on the device. Use a software payload to send an associated VPN app to the device.
A VPN payload may have the following options, depending on the type of connection:
Profile Settings
Payload Name
|
The name of the payload.
|
Connection name
|
The name of the connection as it is displayed on the device.
|
Connection type
|
The type of VPN.
|
Identifier
|
An identifier for the custom SSL VPN. Use reverse DNS format. For example: com.example.vpn
|
Server
|
The name or IP address of the VPN server.
|
Account
|
The name of the user account.
|
Realm
|
The realm for authenticating the connection.
|
Role
|
The role for authenticating the connection.
|
User authentication
|
The authentication type. Options may include Password, RSA SecurID, or Certificate.
|
Password
|
The password for the user account.
With AnyConnect, the user will always be prompted for the password. AnyConnect doesn't allow the password to be auto-filled.
|
Authentication Settings
Machine Authentication
|
The authentication type. Options include Shared Secret / Group Name or Certificate. Shared secrets that contain quotation marks are not supported.
|
Group, Group Name, or Login group or domain
|
The name of the group for the connection.
|
Shared secret
|
The shared secret for the connection.
|
Encryption Level
|
•None. Does not use encryption.
•Automatic. Uses 40-bit encryption for the Compression Control Protocol.
•Maximum (128 bit). Uses 128-bit encryption for the Compression Control Protocol.
|
Send all traffic
|
Route all wireless traffic through the VPN connection.
|
Use hybrid authentication
|
Use the shared secret, name, and server certificate to authenticate.
|
Prompt for password
|
Prompt the device user for the password.
|
Identity certificate
|
The certificate for authentication.
|
Include user PIN
|
Request PIN during connection and send with authentication.
|
Enable VPN on demand
|
Establish a VPN connection automatically when the device user attempts to access specified domains. Provide the domain or host name and the action to perform when the user attempts access. Actions include:
Always. Any address at the included domain initiates a VPN connection.
Never. Doesn't initiate a connection, but if the VPN is already active, it is used for any address at the included domain.
Establish if needed. Initiates a VPN connection for any address at the included domain after a DNS look-up has failed.
|
Custom Data
|
Add key value pairs as additional data for the custom connection.
|
Proxy Settings
Proxy
|
Use a proxy server with a VPN connection.
|
Proxy Server URL
|
The URL of the proxy server.
|
Server and Port
|
The fully qualified address and port of the proxy server.
|
Authentication
|
The username to connect to the proxy server.
|
Password
|
The password to connect to the proxy server.
|