<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <!-- https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html -->
    <key>PayloadDisplayName</key>
    <string>{{ gateway }}</string>
    <key>PayloadDescription</key>
    <string>IPSec IKEv2 VPN connection via {{ gateway }}</string>
    <!-- This is a reverse-DNS style unique identifier used to detect duplicate profiles -->
    <key>PayloadIdentifier</key>
    <string>{{ gateway }}</string>
    <key>PayloadUUID</key>
    <string>{{ service_uuid }}</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadIdentifier</key>
            <string>{{ gateway }}.conf1</string>
            <key>PayloadUUID</key>
            <string>{{ conf_uuid }}</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>UserDefinedName</key>
            <string>{{ gateway }}</string>
            <key>VPNType</key>
            <string>IKEv2</string>
            <key>IKEv2</key>
            <dict>
                <key>RemoteAddress</key>
                <string>{{ gateway }}</string>
                <key>RemoteIdentifier</key>
                <string>{{ gateway }}</string>
                <key>LocalIdentifier</key>
                <string>{{ common_name }}</string>
                <key>ServerCertificateIssuerCommonName</key>
                <string>{{ authority.certificate.common_name }}</string>
                <key>ServerCertificateCommonName</key>
                <string>{{ gateway }}</string>
                <key>AuthenticationMethod</key>
                <string>Certificate</string>
                <key>IKESecurityAssociationParameters</key>
                <dict>
                    <key>EncryptionAlgorithm</key>
                    <string>AES-256</string>
                    <key>IntegrityAlgorithm</key>
                    <string>SHA2-384</string>
                    <key>DiffieHellmanGroup</key>
                    <integer>14</integer>
                </dict>
                <key>ChildSecurityAssociationParameters</key>
                <dict>
                    <key>EncryptionAlgorithm</key>
                    <string>AES-128-GCM</string>
                    <key>IntegrityAlgorithm</key>
                    <string>SHA2-256</string>
                    <key>DiffieHellmanGroup</key>
                    <integer>14</integer>
                </dict>
                <key>EnablePFS</key>
                <integer>1</integer>
                <key>PayloadCertificateUUID</key>
                <string>{{ p12_uuid }}</string>
            </dict>
        </dict>
        <dict>
            <key>PayloadIdentifier</key>
            <string>{{ common_name }}</string>
            <key>PayloadUUID</key>
            <string>{{ p12_uuid }}</string>
            <key>PayloadType</key>
            <string>com.apple.security.pkcs12</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadContent</key>
            <data>{{ p12 }}</data>
        </dict>
        <dict>
            <key>PayloadIdentifier</key>
            <string>{{ authority.certificate.common_name }}</string>
            <key>PayloadUUID</key>
            <string>{{ ca_uuid }}</string>
            <key>PayloadType</key>
            <string>com.apple.security.root</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadContent</key>
            <data>{{ ca }}</data>
        </dict>
    </array>
</dict>
</plist>