feat: Add DNS server support for VPN configuration in mobileconfig generation

generate-mobileconfig.py

@@ -67,6 +67,7 @@ def main():
 
     g_vpn = parser.add_argument_group("VPN (optional, requires client certificate)")
     g_vpn.add_argument("--remote-address", metavar="FQDN", help="VPN gateway FQDN")
+    g_vpn.add_argument("--dns",            metavar="IP", nargs="+", help="DNS server(s) for split DNS")
     g_vpn.add_argument("--match-domains",  metavar="DOMAIN", nargs="+", help="Split DNS domains")
 
     g_meta = parser.add_argument_group("Profile metadata")
@@ -91,7 +92,7 @@ def main():
     if args.client_key and not args.client_cert:
         parser.error("--client-cert is required when --client-key is specified")
 
-    vpn_args = [args.remote_address, args.match_domains]
+    vpn_args = [args.remote_address, args.dns, args.match_domains]
     if any(vpn_args) and not all(vpn_args):
         parser.error("--remote-address and --match-domains must be specified together")
     if args.remote_address and not args.client_cert:
@@ -164,9 +165,13 @@ def main():
                 "AuthenticationMethod":              "None",
                 "ExtendedAuthEnabled":               1,
                 "PayloadCertificateUUID":            uuid_cert,
-                "SupplementalMatchDomains":          args.match_domains,
                 "OnDemandEnabled":                   0,
             },
+            "DNS": {
+                "ServerAddresses":                  args.dns,
+                "SupplementalMatchDomains":         args.match_domains,
+                "SupplementalMatchDomainsNoSearch": 1,
+            },
         })
 
     profile = {