Default mobileconfig OnDemandRules have been changed

[Serg046]

It used to be just

<key>OnDemandRules</key>
<array>
  <dict>
  <key>Action</key>
  <string>Connect</string>
  </dict>
</array>

but now

<key>OnDemandRules</key>
<array>
  <dict>
    <key>InterfaceTypeMatch</key>
    <string>WiFi</string>
    <key>URLStringProbe</key>
    <string>http://captive.apple.com/hotspot-detect.html</string>
    <key>Action</key>
    <string>Connect</string>
  </dict>
  <dict>
    <key>InterfaceTypeMatch</key>
    <string>Cellular</string>
    <key>Action</key>
    <string>Disconnect</string>
  </dict>
  <dict>
    <key>Action</key>
    <string>Ignore</string>
  </dict>
</array>

Why is it so? You are now not able to configure automatic VPN on request for GSM, it is possible for WiFi only. I guess this repo is not the best choice to report but not sure what is a better place.

[hwdsl2]

@Serg046 Hello! Thank you for reporting this issue. As you mentioned, the default mobileconfig OnDemandRules were updated for the most common use case, which is to automatically connect the VPN while on Wi-Fi networks, such as public Wi-Fi found at airports, coffee shops and in hotel rooms. For cellular connections, users may prefer not to use a VPN in the common use case. The captive portal detection is for detecting Wi-Fi login pages, which users may encounter when connecting to certain Wi-Fi networks. The VPN can connect after users log in.

You can customize the default mobileconfig OnDemandRules by editing /opt/src/ikev2.sh on your server (if you installed the VPN without using Docker), editing /opt/src/ikev2.sh inside the Docker container, or by building a custom Docker image. Refer to build from source code.