Always-On VPN or Connect on Demand with MacOS Server

[Eric.chen3742]

I am having trouble keeping my iOS devices connected to my home VPN server (on MacOS Server) while they are locked. Is there any way to enable Connect on Demand or Always On modes with the L2TP VPN that is built into server? I have downloaded the Apple Configurator app and tried opening the mobileconfig profile generated by server, but there is no always on or connect on demand option.

 

[Eric.chen3742]

I seem to have figured it out. I just need to add the following to my VPN configuration file.

<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    <key>InterfaceTypeMatch</key>
    <string>Cellular</string>
</dict>
<dict>
    <key>Action</key>
    <string>Connect</string>
    <key>InterfaceTypeMatch</key>
    <string>WiFi</string>
</dict>
<key>Action</key>
    <string>Disconnect</string>
    <key>InterfaceTypeMatch</key>
    <string>WiFi</string>
    <key>SSIDMatch</key>
    <array>
        <string>My Home Network</string>
    </array>
</array>

This profile works just fine on my iPhone, but whenever I try to install this on my Mac, I get the following error.

The server is unreachable. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

Console seems to throw up this error when connecting:

pppd
Failed to set up security context 1

Any ideas on what I'm doing wrong? I tried removing the portion to do with Connect on demand while on cellular connection, but that doesn't seem to fix anything.