Per-App VPN payload for MDM

Developer Tools & Services General
Ivan8585 OP
Created Apr ’16
Replies 0
Boosts 0
Views 1.5k
Participants 1

I'm trying to set Per-App VPN with MDM. Here is how payload looks like:


<array>
  <dict>
  <key>PayloadDescription</key><string>Configures Per-App VPN</string>
  <key>PayloadDisplayName</key><string>Per-App VPN</string>
  <key>PayloadOrganization</key><string>My Company</string>
  <key>PayloadIdentifier</key><string>my.company.mdm.test.perappvpn</string>
  <key>PayloadType</key><string>com.apple.vpn.managed.applayer</string>
  <key>PayloadUUID</key><string>PAYLOAD_UUID</string>
  <key>PayloadVersion</key><integer>1</integer>


  <!-- VPN Payload -->
  <key>UserDefinedName</key><string>Name</string>
  <key>VPNType</key><string>VPN</string>
  <key>VPNSubType</key><string>my.company.vpn.app</string>


  <!-- Per-App VPN Payload -->
  <key>VPNUUID</key><string>VPN_UUID</string>
  </dict>
</array>
<key>PayloadIdentifier</key><string>my.company.mdm.test.perappvpn</string>


Im getting errors:


Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MDM: Attempting to perform MDM request: InstallProfile
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MC: Loaded SetupAssistant.framework
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MC: Loaded FrontBoardServices.framework
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MC: Loaded NetworkExtension.framework
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Error) MC: Payload “Per-App VPN” contains ignored fields. They are: <CFBasicHash 0x13663ec20 [0x1a1999b68]>{type = mutable dict, count = 1,
  entries =>
  1 : VPNUUID = <CFString 0x136509a20 [0x1a1999b68]>{contents = "05f8309d-9a7c-4662-bf28-04b92dc07437"}
  }
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Note ) MC: Checking for MDM installation...
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Note ) MC: ...finished checking for MDM installation.
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Error) MC: Payload “Per-App VPN” contains ignored fields. They are: <CFBasicHash 0x145d5e7e0 [0x1a1999b68]>{type = mutable dict, count = 1,
  entries =>
  1 : VPNUUID = <CFString 0x145d5e7a0 [0x1a1999b68]>{contents = "05f8309d-9a7c-4662-bf28-04b92dc07437"}
  }
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Note ) MC: Beginning profile installation...
Apr 25 16:32:32 iPad profiled[141] <Error>: NEConfiguration initWithAppLayerVPNPayload failed, missing VPN configuration
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Error) MC: Rolling back installation of profile “my.company.mdm.test.perappvpn”...
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Error) MC: Installation of profile “my.company.mdm.test.perappvpn” failed with error: NSError:
  Desc   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  Sugg   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The profile “my.company.mdm.test.perappvpn” could not be installed.
  US Sugg: The VPN service “Per-App VPN” could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
     "my.company.mdm.test.perappvpn"
  )
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The VPN service “Per-App VPN” could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
     "Per-App VPN"
  )
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Error) MC: Profile “my.company.mdm.test.perappvpn” failed to install with error: NSError:
  Desc   : Не удалось установить профиль
  Sugg   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  US Desc: Profile Failed to Install
  US Sugg: The profile “my.company.mdm.test.perappvpn” could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  Sugg   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The profile “my.company.mdm.test.perappvpn” could not be installed.
  US Sugg: The VPN service “Per-App VPN” could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
     "my.company.mdm.test.perappvpn"
  )
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The VPN service “Per-App VPN” could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
     "Per-App VPN"
  )
Apr 25 16:32:32 iPad profiled[141] <Warning>: notify name "com.apple.neconfigurationchanged" has been registered 20 times - this may be a leak
Apr 25 16:32:32 iPad profiled[141] <Notice>: (Error) MC: Installation failed. Error: NSError:
  Desc   : Сбой установки профиля
  Sugg   : Не удалось установить профиль
  US Desc: Profile Installation Failed
  US Sugg: Profile Failed to Install
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль
  Sugg   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  US Desc: Profile Failed to Install
  US Sugg: The profile “my.company.mdm.test.perappvpn” could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  Sugg   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The profile “my.company.mdm.test.perappvpn” could not be installed.
  US Sugg: The VPN service “Per-App VPN” could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
     "my.company.mdm.test.perappvpn"
  )
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The VPN service “Per-App VPN” could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
     "Per-App VPN"
  )
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Error) MC: Install profile data error. Error: NSError:
  Desc   : Сбой установки профиля
  Sugg   : Не удалось установить профиль
  US Desc: Profile Installation Failed
  US Sugg: Profile Failed to Install
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль
  Sugg   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  US Desc: Profile Failed to Install
  US Sugg: The profile “my.company.mdm.test.perappvpn” could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  Sugg   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The profile “my.company.mdm.test.perappvpn” could not be installed.
  US Sugg: The VPN service “Per-App VPN” could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
     "my.company.mdm.test.perappvpn"
  )
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The VPN service “Per-App VPN” could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
     "Per-App VPN"
  )
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Error) MDM: Command Status: Error
  Error: NSError:
  Desc   : Сбой установки профиля
  Sugg   : Не удалось установить профиль
  US Desc: Profile Installation Failed
  US Sugg: Profile Failed to Install
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль
  Sugg   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  US Desc: Profile Failed to Install
  US Sugg: The profile “my.company.mdm.test.perappvpn” could not be installed.
  Domain : MCInstallationErrorDomain
  Code   : 4001
  Type   : MCFatalError
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить профиль «my.company.mdm.test.perappvpn».
  Sugg   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The profile “my.company.mdm.test.perappvpn” could not be installed.
  US Sugg: The VPN service “Per-App VPN” could not be installed.
  Domain : MCProfileErrorDomain
  Code   : 1009
  Type   : MCFatalError
  Params : (
     "my.company.mdm.test.perappvpn"
  )
  ...Underlying error:
  NSError:
  Desc   : Не удалось установить службу VPN «Per-App VPN».
  US Desc: The VPN service “Per-App VPN” could not be installed.
  Domain : MCVPNErrorDomain
  Code   : 15000
  Type   : MCFatalError
  Params : (
     "Per-App VPN"
  )
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MDM: Polling MDM server https://some-server/server for next command.
Apr 25 16:32:32 iPad mdmd[7287] <Error>:  SecTrustEvaluate  [leaf AnchorTrusted]
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MDM: Transaction completed. Status: 200
Apr 25 16:32:32 iPad mdmd[7287] <Notice>: (Note ) MDM: Server has no commands for this device.
Apr 25 16:32:34 iPad mdmd[7287] <Notice>: (Note ) MDM: mdmd stopping.


My questions:


1. Why VPNUUID parameter ignored?

2. What is wrong with payload and how to do such payload right?

Replies  0
Boosts  0
Views  1.5k
Participants  1
Per-App VPN payload for MDM
First post date Last post date
 
 
Q