diff --git a/README.md b/README.md
index 5be47a4..f3706e0 100644
--- a/README.md
+++ b/README.md
@@ -6,11 +6,21 @@ Recipe to build [`amdavidson/vpn-server`](https://registry.hub.docker.com/u/amda
 
 ### 1. Start the IKEv2 VPN Server
 
-    docker run --privileged -d --name vpn-server --restart=always -p 500:500/udp -p 4500:4500/udp amdavidson/vpn-server:latest
+    docker run --privileged -d \
+    --name vpn-server \
+    --restart=always \
+    -p 500:500/udp -p 4500:4500/udp \
+    -e "DNS=9.9.9.9" \
+    -e "SAFE_SSID=my home ssid" \
+    amdavidson/vpn-server:latest
 
 ### 2. Generate the .mobileconfig (for iOS / macOS)
 
-    docker run --privileged -i -t --rm --volumes-from vpn-server -e "HOST=vpn1.example.com" amdavidson/vpn-server:latest generate-mobileconfig > ikev2-vpn.mobileconfig
+    docker run -it --rm \
+    --volumes-from vpn-server \
+    -e "HOST=vpn1.example.com" \
+    amdavidson/vpn-server:latest \
+    generate-mobileconfig > ikev2-vpn.mobileconfig
 
 *Be sure to replace `vpn1.example.com` with your own domain name and resolve it to you server's IP address. 
 
diff --git a/bin/generate-mobileconfig b/bin/generate-mobileconfig
index 4c59d19..20e0515 100755
--- a/bin/generate-mobileconfig
+++ b/bin/generate-mobileconfig
@@ -22,18 +22,16 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-# TODO: add regenerate shared secret option
-
 # In normal cases, you will only need to pass the HOST of your server.
 [ "no${HOST}" = "no" ] && echo "\$HOST environment variable required." && exit 1
 
-: ${PROFILE_NAME="My IKEv2 VPN Profile"}
+: ${PROFILE_NAME="IKEv2 VPN Profile"}
 : ${PROFILE_IDENTIFIER=$(echo -n "${HOST}." | tac -s. | sed 's/\.$//g')}
 : ${PROFILE_UUID=$(hostname)}
 
 # These variable, especially CONN_UUID, are bind to per username,
 # which currently, all users share the same secrets and configurations.
-: ${CONN_NAME="My IKEv2 VPN"}
+: ${CONN_NAME="IKEv2 VPN"}
 : ${CONN_IDENTIFIER="${PROFILE_IDENTIFIER}.shared-configuration"}
 : ${CONN_UUID=$(uuidgen)}
 : ${CONN_HOST=${HOST}}
@@ -105,6 +103,19 @@ cat <<EOF
                         <dict>
                             <key>Action</key>
                             <string>Connect</string>
+                            <key>InterfaceTypeMatch</key>
+                            <string>WiFi</string>
+                        </dict>
+                        <dict>
+                            <key>Action</key>
+                            <string>Disconnect</string>
+                            <key>InterfaceTypeMatch</key>
+                            <string>WiFi</string>
+                            <key>SSIDMatch</key>
+                            <array>
+                                <!-- List one or more WiFi networks -->
+                                <string>${SAFE_SSID}</string>
+                            </array>
                         </dict>
                     </array>
                     <!-- The server is authenticated using a certificate -->