app-policy/vpn-profile
A Secure Microtunnel profile.
POST
Creates a new Secure Microtunnel profile or edits an existing one.
Whether you’re creating a new profile or editing an existing one, any parameters that you don’t specify are set to their default values. Thus, to keep parameter settings when editing an existing profile, pass all parameters previously provided in addition to any new settings. In other words, you can overwrite the existing profile, not merge with it.
See Secure Microtunnel profiles (API) for details about parameters that can be set with POST app-policy/vpn-profile.
Example: Create a new profile using certificate authentication
Request
curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com/mocana-app-control/rest/app-policy/vpn-profile \
-F profileId="" \
-F profileName="TestProfile cert" \
-F profileDesc="" \
-F vpnServerAddr="172.16.31.2" \
-F vpnCaCert=@Cert1.pem \
-F vpnAuthMethod="cert" \
-F vpnAuthGroup="authGroup" \
-F vpnDhGroup="14" \
-F vpnOfflineMode="continuousReconnect" \
-F vpnCertProvType="0"The new profile ID appears in the response.
Response
{
"app_policy": {"profile_id": "3ec56f2e-2fc3-4bb2-a6de-3165429d8ba5"},
"message": "",
"status": "OK"
}Example: Edit an existing profile
This example modifies the profile created above, using the profileId. The only setting changed is the vpnCaCert file, but all settings must be specified.
Request
curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com/mocana-app-control/rest/app-policy/vpn-profile \
-F profileId="3ec56f2e-2fc3-4bb2-a6de-3165429d8ba5" \
-F profileName="TestProfile cert" \
-F profileDesc="" \
-F vpnServerAddr="172.16.31.2" \
-F vpnCaCert=@Cert2.pem \
-F vpnAuthMethod="cert" \
-F vpnAuthGroup="authGroup" \
-F vpnDhGroup="14" \
-F vpnOfflineMode="continuousReconnect" \
-F vpnCertProvType="0"Example: Configure a Secure Microtunnel profile using PSK authentication
When embedding a pre-shared key (PSK) in a secured app, there are a minimum set of parameters to enable the embedding of the PSK into the secured app. These are the required parameters:
- profileName (such as "Embedded PSK for secured app")
- profileDesc (such as "VPN configuration settings for a PSK that is injected in a secured app")
- vpnPsk (such as "asd0e9rj03jik34j3pjd")
- vpnServerAddr (such as"192.168.3.17")
The following curl command configures the Secure Microtunnel profile for an IPSec VPN server, embeds the PSK in the app, and points the injectable at the server address for the gateway:
Request
curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com/mocana-app-control/rest/app-policy/vpn-profile \
-F profileId="" \
-F profileName="TestProfile psk" \
-F profileDesc="" \
-F vpnServerAddr="bcgateway.qwe.com" \
-F vpnPsk="psk" \
-F vpnAuthMethod="key" \
-F vpnProtocol="map" \
-F vpnAuthGroup="authGroup" \
-F vpnDhGroup="14" \
-F vpnOfflineMode="continuousReconnect"Example: Set up automatic certificate enrollment and provisioning for the gateway
To set up automatic certificate enrollment and provisioning feature for the gateway, create a Secure Microtunnel profile . The gateway automatically provisions the client certificates from the mobile devices without any intervention from the IT administrator. This request configures the Secure Microtunnel profile for the gateway with a CA-certified anchor certificate (vpnCaCert) and points the injectable at the server address for the gateway:
Request
curl -b c.txt -c c.txt -X POST https://bc.qwe.com/mocana-app-control/rest/app-policy/vpn-profile \
-F profileName="BC Gateway" \
-F profileDesc="Secure Microtunnel configuration settings for the Blue Cedar Gateway" \
-F vpnCaCert="@bc_ca_cert.der" \
-F vpnServerAddr="192.168.3.16"