Chapter 4 Infrastructure and integration 40
•
URLStringProbe: Optional. A server to probe for reachability. Redirection isn’t supported.
The URL should be to a trusted HTTPS server. The device sends a GET request to verify that
the server is reachable.
Action
This required key denes VPN behavior for when all of the specied matching rules evaluate as
true. Values for the Action key are:
•
Connect: Unconditionally initiate the VPN connection on the next network
connection attempt.
•
Disconnect: Tear down the VPN connection and do not trigger any new connections
on demand.
•
Ignore: Leave any existing VPN connection up, but do not trigger any new connections
on demand.
•
EvaluateConnection: Evaluate the ActionParameters for each connection attempt. When this is
used, the key ActionParameters, described below, is required to specify the evaluation rules.
•
Allow: For iOS devices with iOS 6 or earlier, see Backward compatibility.
ActionParameters
This is an array of dictionaries with the keys described below, evaluated in the order in which
they occur. Required when Action is EvaluateConnection.
•
Domains: Required. An array of strings that dene the domains for which this evaluation
applies. Wildcard prexes are supported, such as *.example.com.
•
DomainAction: Required. Denes VPN behavior for the domains. Values for the DomainAction
key are:
•
ConnectIfNeeded: Brings up VPN if DNS resolution for the domains fails, such as when the
DNS server indicates it can’t resolve the domain name, or if the DNS response is redirected,
or if the connection fails or times out.
•
NeverConnect: Don’t trigger VPN for the domains.
When DomainAction is ConnectIfNeeded, you can also specify the following keys in the
connection evaluation dictionary:
•
RequiredDNSServers: Optional. An array of IP addresses of DNS servers to be used for resolving
the domains. These servers don’t need to be part of the device’s current network conguration.
If these DNS servers aren’t reachable, VPN will be triggered. For consistent connections,
congure an internal DNS server or a trusted external DNS server.
•
RequiredURLStringProbe: Optional. An HTTP or HTTPS (preferred) URL to probe, using a GET
request. If DNS resolution for this server succeeds, the probe must also succeed. If the probe
fails, VPN is triggered.
Backward compatibility
Before iOS 7, domain triggering rules were congured from arrays of domains:
•
OnDemandMatchDomainAlways
•
OnDemandMatchDomainOnRetry
•
OnDemandMatchDomainNever
The OnRetry and Never cases are still supported in iOS 7 or later, although deprecated in favor of
the EvaluateConnection action.
100% resize factor
