Appendix B Configuration Profile Format 55
IPSec Dictionary Keys
The following elements are for VPN payloads of type IPSec
Wi-Fi PayloadThe Wi-Fi payload is designated by the com.apple.wifi.managed PayloadType value.
This describes version 0 of the PayloadVersion value. In addition to the settings
common to all payload types, the payload defines the following keys.
Key Value
RemoteAddress String. IP address or host name of the VPN server. Used for Cisco
IPSec.
AuthenticationMethod String. Either “SharedSecret” or “Certificate”. Used for L2TP and
Cisco IPSec.
XAuthName String. User name for VPN account. Used for Cisco IPSec.
XAuthEnabled Integer. 1 if XAUTH is ON, 0 if it is OFF. Used for Cisco IPSec.
LocalIdentifier String. Present only if AuthenticationMethod = SharedSecret.
The name of the group to use. If Hybrid Authentication is used,
the string must end with “[hybrid]”. Used for Cisco IPSec.
LocalIdentifierType String. Present only if AuthenticationMethod = SharedSecret.
The value is “KeyID”. Used for L2TP and Cisco IPSec.
SharedSecret Data. The shared secret for this VPN account. Only present if
AuthenticationMethod = SharedSecret. Used for L2TP and Cisco
IPSec.
PayloadCertificateUUID String. The UUID of the certificate to use for the account
credentials. Only present if AuthenticationMethod = Certificate.
Used for Cisco IPSec.
PromptForVPNPIN Boolean. Whether to prompt for a PIN when connecting. Used
for Cisco IPSec.
Key Value
SSID_STR String. SSID of the Wi-Fi network to be used. This key name is
declared as APPLE80211KEY_SSID_STR in <Apple80211/
Apple80211API.h>.
HIDDEN_NETWORK Boolean. Besides SSID, the device uses information such as
broadcast type and encryption type to differentiate a network.
By default, it is assumed that all configured networks are open
or broadcast. To specify a hidden network, you need to include a
boolean for the key “HIDDEN_NETWORK” or
APPLE80211KEY_HIDDEN_NETWORK.