PayloadContent IKEv2 AuthenticationMethod Certificate ChildSecurityAssociationParameters DiffieHellmanGroup 14 EncryptionAlgorithm AES-128-GCM LifeTimeInMinutes 1410 DeadPeerDetectionRate Medium DisableRedirect EnableCertificateRevocationCheck 0 EnablePFS 0 IKESecurityAssociationParameters DiffieHellmanGroup 14 EncryptionAlgorithm AES-256 IntegrityAlgorithm SHA2-256 LifeTimeInMinutes 1410 LocalIdentifier $CLIENT_NAME PayloadCertificateUUID $UUID1 OnDemandEnabled 0 OnDemandRules Action Connect RemoteAddress $SERVER_ADDR RemoteIdentifier $SERVER_ADDR UseConfigurationAttributeInternalIPSubnet 0 IPv4 OverridePrimary 1 PayloadDescription Configures VPN settings PayloadDisplayName VPN PayloadOrganization IKEv2 VPN PayloadIdentifier com.apple.vpn.managed.$(UUID_GEN) PayloadType com.apple.vpn.managed PayloadUUID $(UUID_GEN) PayloadVersion 1 Proxies HTTPEnable 0 HTTPSEnable 0 UserDefinedName $SERVER_ADDR VPNType IKEv2 PayloadCertificateFileName $CLIENT_NAME PayloadContent $P12_BASE64 PayloadDescription Adds a PKCS#12-formatted certificate PayloadDisplayName $CLIENT_NAME PayloadIdentifier com.apple.security.pkcs12.$(UUID_GEN) PayloadType com.apple.security.pkcs12 PayloadUUID $UUID1 PayloadVersion 1 PayloadContent $CA_BASE64 PayloadCertificateFileName ikev2vpnca PayloadDescription Adds a CA root certificate PayloadDisplayName Certificate Authority (CA) PayloadIdentifier com.apple.security.root.$(UUID_GEN) PayloadType com.apple.security.root PayloadUUID $(UUID_GEN) PayloadVersion 1 PayloadDisplayName IKEv2 VPN ($SERVER_ADDR) PayloadIdentifier com.apple.vpn.managed.$(UUID_GEN) PayloadRemovalDisallowed PayloadType Configuration PayloadUUID $(UUID_GEN) PayloadVersion 1