Just went ahead and setup VPN On Demand (needed to set up my VPN again anyway since getting new iPhone X). It’s okay thus far. I configured the rules as follows:
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>MyWifi</string>
<string>MyWifi 2.4GHz</string>
</array>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>Domains</key>
<array>
<string>mydomainname.com</string>
<string>*.mydomainname.com</string>
</array>
<key>RequiredURLStringProbe</key>
<string>https://vpn.nerd.one/my.ip.address</string>
</dict>
</array>
</dict>
</array>
I figured out how to write the rules from here. I already had the rest of the profile created via Apple Configurator. I have pfSense and use IKEv2/IPSec so I just searched for “pfsense ios ikev2” and found a couple of good guides on how to initially set it up.
This setup will cause my VPN to automatically activate whenever Home Assistant tries to connect. Should work nicely for anyone that can run a VPN on their network.