Operation Manual

ManualsBrandsApple ManualsOtheriOS Implementierung

Chapter 4 Infrastructure and integration 40

•

URLStringProbe: Optional. A server to probe for reachability. Redirection isn’t supported.

The URL should be to a trusted HTTPS server. The device sends a GET request to verify that

the server is reachable.

Action

This required key denes VPN behavior for when all of the specied matching rules evaluate as

true. Values for the Action key are:

•

Connect: Unconditionally initiate the VPN connection on the next network

connection attempt.

•

Disconnect: Tear down the VPN connection and do not trigger any new connections

on demand.

•

Ignore: Leave any existing VPN connection up, but do not trigger any new connections

on demand.

•

EvaluateConnection: Evaluate the ActionParameters for each connection attempt. When this is

used, the key ActionParameters, described below, is required to specify the evaluation rules.

•

Allow: For iOS devices with iOS 6 or earlier, see Backward compatibility.

ActionParameters

This is an array of dictionaries with the keys described below, evaluated in the order in which

they occur. Required when Action is EvaluateConnection.

•

Domains: Required. An array of strings that dene the domains for which this evaluation

applies. Wildcard prexes are supported, such as *.example.com.

•

DomainAction: Required. Denes VPN behavior for the domains. Values for the DomainAction

key are:

•

ConnectIfNeeded: Brings up VPN if DNS resolution for the domains fails, such as when the

DNS server indicates it can’t resolve the domain name, or if the DNS response is redirected,

or if the connection fails or times out.

•

NeverConnect: Don’t trigger VPN for the domains.

When DomainAction is ConnectIfNeeded, you can also specify the following keys in the

connection evaluation dictionary:

•

RequiredDNSServers: Optional. An array of IP addresses of DNS servers to be used for resolving

the domains. These servers don’t need to be part of the device’s current network conguration.

If these DNS servers aren’t reachable, VPN will be triggered. For consistent connections,

congure an internal DNS server or a trusted external DNS server.

•

RequiredURLStringProbe: Optional. An HTTP or HTTPS (preferred) URL to probe, using a GET

request. If DNS resolution for this server succeeds, the probe must also succeed. If the probe

fails, VPN is triggered.

Backward compatibility

Before iOS 7, domain triggering rules were congured from arrays of domains:

•

OnDemandMatchDomainAlways

•

OnDemandMatchDomainOnRetry

•

OnDemandMatchDomainNever

The OnRetry and Never cases are still supported in iOS 7 or later, although deprecated in favor of

the EvaluateConnection action.

100% resize factor