diff --git a/README.md b/README.md index b008ade..985560f 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ Recipe to build [`gaomd/ikev2-vpn-server`](https://registry.hub.docker.com/u/gao ### 2. Generate the .mobileconfig (for iOS / macOS) - docker run --privileged -i -t --rm --volumes-from ikev2-vpn-server -e "HOST=vpn1.example.com" gaomd/ikev2-vpn-server:0.3.0 generate-mobileconfig > ikev2-vpn.mobileconfig + docker run --privileged -i -t --rm --volumes-from ikev2-vpn-server -e "HOST=vpn1.example.com" -e "EXCLUDE_SSID=myHomeWifi" gaomd/ikev2-vpn-server:0.3.0 generate-mobileconfig > ikev2-vpn.mobileconfig -*Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address. Simply put an IP address is supported as well (and enjoy an even faster handshake speed).* +*Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address. Simply put an IP address is supported as well (and enjoy an even faster handshake speed). Also replace `myHomeWifi` with the SSID of your WiFi to disable VPN while connected to your local network. Or remove the EXCLUDE_SSID environment variable to disable this behavior.* Transfer the generated `ikev2-vpn.mobileconfig` file to your local computer via SSH tunnel (`scp`) or any other secure methods. diff --git a/bin/generate-mobileconfig b/bin/generate-mobileconfig index 4c59d19..1a9c364 100755 --- a/bin/generate-mobileconfig +++ b/bin/generate-mobileconfig @@ -40,6 +40,8 @@ : ${CONN_REMOTE_IDENTIFIER=${HOST}} CONN_SHARED_SECRET=$(cat /etc/ipsec.secrets | sed 's/.*"\(.*\)"/\1/g') +EXCLUDE_SSID=${EXCLUDE_SSID:-""} + cat < @@ -102,6 +104,14 @@ cat <1 OnDemandRules + + Action + Disconnect + SSIDMatch + + ${EXCLUDE_SSID} + + Action Connect