I have configured a .mobileconfig profile for my iOS and Mac devices.
My intention:
- Have my VPN connect only on specific domain requests outside of my local home internal network. (these domains are internal resources I want to reach externally, via my internal DNS.)
In my .mobileconfig file I have specified DNS where the VPN should not connect. I have setup an ActionParameters dictionary using the ConnectIfNeeded string.
I have also specified a wildcard for all other domains and used the NeverConnect string.
my config rules look as such:
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Disconnect</string>
<key>DNSServerAddressMatch</key>
<array>
<string>192.168.0.1</string>
<string>192.168.0.2</string>
</array>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>Domains</key>
<array>
<string>internalserver.domain.com</string>
</array>
</dict>
<dict>
<key>DomainAction</key>
<string>NeverConnect</string>
<key>Domains</key>
<array>
<string>*</string>
</array>
</dict>
</array>
</dict>
Things work, VPN connects on that domain request externally – except the VPN does not disconnect on other domain requests. It remains connected until I either manually disconnect it, or connect to my internal network with the specified DNS.
I’m at a loss as to why the VPN remains connected on other domain requests outside the domains I specified under ConnectIfNeeded .
would anyone have any idea why – or am I missing something above to have the VPN disconnect on other domain requests apart from the ones above?
I have added periods around the * to signify all other domains the VPN should not connect.
However this didn’t change anything – and the VPN remains connected if I navigate to the specified internal domain.