starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #402] Default mobileconfig OnDemandRules have been changed #375

New issue
Closed
opened 2026-03-02 08:01:44 +03:00 by kerem · 1 comment
kerem commented 2026-03-02 08:01:44 +03:00
Owner
Copy link

Originally created by @Serg046 on GitHub (Oct 3, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/402

It used to be just

<key>OnDemandRules</key>
<array>
  <dict>
  <key>Action</key>
  <string>Connect</string>
  </dict>
</array>

but now

<key>OnDemandRules</key>
<array>
  <dict>
    <key>InterfaceTypeMatch</key>
    <string>WiFi</string>
    <key>URLStringProbe</key>
    <string>http://captive.apple.com/hotspot-detect.html</string>
    <key>Action</key>
    <string>Connect</string>
  </dict>
  <dict>
    <key>InterfaceTypeMatch</key>
    <string>Cellular</string>
    <key>Action</key>
    <string>Disconnect</string>
  </dict>
  <dict>
    <key>Action</key>
    <string>Ignore</string>
  </dict>
</array>

Why is it so? You are now not able to configure automatic VPN on request for GSM, it is possible for WiFi only. I guess this repo is not the best choice to report but not sure what is a better place.

Originally created by @Serg046 on GitHub (Oct 3, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/402 It used to be just ``` <key>OnDemandRules</key> <array> <dict> <key>Action</key> <string>Connect</string> </dict> </array> ``` but now ``` <key>OnDemandRules</key> <array> <dict> <key>InterfaceTypeMatch</key> <string>WiFi</string> <key>URLStringProbe</key> <string>http://captive.apple.com/hotspot-detect.html</string> <key>Action</key> <string>Connect</string> </dict> <dict> <key>InterfaceTypeMatch</key> <string>Cellular</string> <key>Action</key> <string>Disconnect</string> </dict> <dict> <key>Action</key> <string>Ignore</string> </dict> </array> ``` Why is it so? You are now not able to configure automatic VPN on request for GSM, it is possible for WiFi only. I guess this repo is not the best choice to report but not sure what is a better place.
kerem closed this issue 2026-03-02 08:01:44 +03:00
kerem commented 2026-03-02 08:01:45 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Oct 4, 2023):

@Serg046 Hello! Thank you for reporting this issue. As you mentioned, the default mobileconfig OnDemandRules were updated for the most common use case, which is to automatically connect the VPN while on Wi-Fi networks, such as public Wi-Fi found at airports, coffee shops and in hotel rooms. For cellular connections, users may prefer not to use a VPN in the common use case. The captive portal detection is for detecting Wi-Fi login pages, which users may encounter when connecting to certain Wi-Fi networks. The VPN can connect after users log in.

You can customize the default mobileconfig OnDemandRules by editing /opt/src/ikev2.sh on your server (if you installed the VPN without using Docker), editing /opt/src/ikev2.sh inside the Docker container, or by building a custom Docker image. Refer to build from source code.

<!-- gh-comment-id:1746003557 --> @hwdsl2 commented on GitHub (Oct 4, 2023): @Serg046 Hello! Thank you for reporting this issue. As you mentioned, the default mobileconfig OnDemandRules were updated for the most common use case, which is to automatically connect the VPN while on Wi-Fi networks, such as public Wi-Fi found at airports, coffee shops and in hotel rooms. For cellular connections, users may prefer not to use a VPN in the common use case. The captive portal detection is for detecting Wi-Fi login pages, which users may encounter when connecting to certain Wi-Fi networks. The VPN can connect after users log in. You can customize the default mobileconfig OnDemandRules by editing `/opt/src/ikev2.sh` on your server (if you installed the VPN without using Docker), editing `/opt/src/ikev2.sh` [inside the Docker container](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#bash-shell-inside-container), or by building a custom Docker image. Refer to [build from source code](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#build-from-source-code).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#375
No description provided.