Mac OS Sierra ignoring VPN mobile profile

apple.stackexchange https://apple.stackexchange.com/questions/255876

  •  24-03-2021
  •  | 
  •  

Question

I have a web page that creates VPN mobile configuration profiles and signs them with a X.509 certificate.

Whilst apparently the signature is recognised, and the profile works well with iOS 10, it does not work with MacOS Sierra, either signed or unsigned.

In the past, the same mobile configuration worked well with previous versions of OS/X.

Even more puzzling, when feeding the mobile profile, system preferences open however, neither it does not configure the VPN, nor it displays any error.

The VPN itself is using Cisco IPsec configurations, and is well supported.

The mobile config before being added the login and password, and signed, is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>IPSec</key>
            <dict>
                <key>AuthenticationMethod</key>
                <string>SharedSecret</string>
                <key>LocalIdentifier</key>
                <string>yyyyyyyyy</string>
                <key>LocalIdentifierType</key>
                <string>KeyID</string>
                <key>RemoteAddress</key>
                <string>xx.xx.xx.xx</string>
                <key>SharedSecret</key>
                <data>
                xxxxxxxxxxxxxxx
                </data>
                <key>XAuthEnabled</key>
                <integer>1</integer>
                <key>XAuthName</key>
                <string><<LOGIN>></string>
                <key>XAuthPassword</key>
                <string><<PASSWORD>></string>
                <key>OnDemandEnabled</key>
                <integer>0</integer>
            </dict>
            <key>IPv4</key>
            <dict>
                <key>OverridePrimary</key>
                <integer>1</integer>
            </dict>
            <key>PayloadDescription</key>
            <string>Configures VPN settings</string>
            <key>PayloadDisplayName</key>
            <string>VPN</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.vpn.managed.008CCDD8-C6C4-42EE-B7D0-B168DF6233B7</string>
            <key>PayloadOrganization</key>
            <string>ISCTE-IUL</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>EFD0F300-06A7-4551-89B3-33CD523FEFF2</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Proxies</key>
            <dict>
                <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
            </dict>
            <key>UserDefinedName</key>
            <string>VPN ISCTE-IUL</string>
            <key>VPNType</key>
            <string>IPSec</string>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>VPN provisioning for ISCTE</string>
    <key>PayloadDisplayName</key>
    <string>VPN provisioning for ISCTE</string>
    <key>PayloadIdentifier</key>
    <string>dynamic-eduroam.187.18.17.172.rede.CBADB8DE-9EB5-45DE-8982-90020B8328A0</string>
    <key>PayloadOrganization</key>
    <string>ISCTE-IUL</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>7E9A03A7-0CB1-415C-85B6-552A42D63F58</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>
Was it helpful?

Solution

The answer is rather simple. Somewhat I had this files in my archive as profile.mobile, and they have to be named something.mobileconfig.

Licensed under: CC-BY-SA with attribution
Not affiliated with apple.stackexchange
scroll top