Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: RedRadioFlyer
RedRadioFlyer Author
User level: Level 1
0 points

Force all iPhone traffic through VPN using on demand settings?

Hi Everyone,


I am going to be sending some engineers to Asia and want to force ALL of their iPhone traffic to use our VPN. I understand this will probably have a negative effect the iPhone's battery life, but I would rather they have no connection if the alternative is unencrypted traffic coming from their devices.


From what I have read, I think I see two potential ways of accomplishing this, but I have questions about each method.


1. Use L2TP and select "send all traffic". I'm concerned about the connection timing out or getting dropped as their phones switch from wifi to cellular data. Does anyone know if the "send all traffic" button causes the phone to keep the VPN connection alive or reinitiate the VPN as needed for for 'all traffic'?


2. Use IPsec with VPN On Demand and set a rule to always use VPN for * address (via the iPhone Configuration Utility). Does anyone know if this will force all traffic to use the VPN, or does it only apply to some connections (i.e. web browsing and email)?


Last but not least, after the iPhones are configured is there an easy way to test/confirm that they are using the VPN for 100% of their outgoing communications?


Thanks in advance!

iPhone 5, iOS 6.0.2

Posted on Dec 28, 2012 9:50 AM

Reply
5 replies
User profile for user: RedRadioFlyer
RedRadioFlyer Author
User level: Level 1
0 points

Feb 5, 2013 5:34 PM in response to Nello Lucchesi

Hey Nello,


I know PPTP is easy to setup, but it is so fundamentally insecure that even Microsoft (its creator) has stated that all data sent via PPTP should be considered unencrypted.


I tried the PPTP "Send all Traffic" option to see how it will work with L2TP (PPTP is much easier to setup), but as I feared it only sends all traffic after the VPN has been manually turned on. Once the iphone goes to 'standby' mode it drops the VPN. All background activity (i.e. checking e-mail) occurs as normal traffic. In addition, every time someone starts using their iPhone they have to manually re-enable the VPN. So, "Send all Traffic" doesn't really do what it says because a lot of the the iPhone traffic continues to travel outside the VPN.


I am in the process of setting up a dedicated IPSec VPN, and I will post my results when I trying to use the 'on-demand' function.


Hopefully, IPSec will work better. However, an IPSec VPN is very hard to setup... the average user cannot setup an IPSec VPN and a Certificate Authority (certificate-authentication is required to use VPN on-demand) at home in their spare time.


Apple really should do something about this. I was very impressed with the hardware encryption they included on all iPhones from the 3GS onwards. I just wish they would apply the same security mentality to their VPN offerings. I would happily pay a couple hundred bucks for an 'Apple style' all in one device that would be easy to setup/use, and be highly secure. It would be a great solution, and an easy way to hook new small businesses into the 'apple eco-system'. Come-on Apple strategic planning team... this should be a no brain-er!!!

Reply

Force all iPhone traffic through VPN using on demand settings?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up