Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: 1Mobility
1Mobility Author
User level: Level 1
0 points

MDM - Per-App VPN for iOS7, Not connecting to VPN on App Launch

Hello,


We are a MDM Vendor. We are trying to implement the Per-App VPN functionality.


I am not able to get the VPN turned on automatically when the app targeted for a per-app vpn connection is launched.


I have the following flags and configuration set in my VPN payload:


<key>VPNType</key><string>IPSec</string>
<key>VPNUUID</key>
<string>7EF39436-BE7B-DBFE-53E8-2FEB0ECD7D56.vpn</string>
<key>OnDemandMatchAppEnabled</key>
<true/>


Also setting the PayloadType as:

<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>



and below is the Managed Setting command published to set the VPN for the target app:


<?xml version='1.0' encoding='UTF-8'?>
<plist version="1.0">
<dict>
    <key>Command</key>
    <dict>
        <key>RequestType</key>
        <string>Settings</string>
        <key>Settings</key>
        <array>
            <dict>
                <key>Item</key>
                <string>ApplicationAttributes</string>
                <key>Identifier</key>
                <string>com.vertex.iStocks</string>
                <key>Attributes</key>
                <dict>
                    <key>VPNUUID</key>
                    <string>7EF39436-BE7B-DBFE-53E8-2FEB0ECD7D56.vpn</string>
                </dict>
            </dict>
        </array>
    </dict>
    <key>CommandUUID</key>
    <string>4174923E-414D-8AB1-B5DD-2246647D895B</string>
</dict>


On installing the configuration profile, I get the below error:


Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: mdmd starting...

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Looking for managed app states to clean up

Jul 11 17:02:59 Manmays-iPad profiled[218] <Notice>: (Note ) profiled: Service starting...

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Network reachability has changed.

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Network reachability has changed.

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Push token received.

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Received push notification.

Jul 11 17:02:59 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Polling MDM server https://dc27.mymdm.net/dccontrollerc/processresponse for next command.

Jul 11 17:03:01 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Transaction completed. Status: 200

Jul 11 17:03:01 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Attempting to perform MDM request: InstallProfile

Jul 11 17:03:01 Manmays-iPad mdmd[217] <Notice>: (Note ) MC: Loaded VPNUtilities.framework

Jul 11 17:03:01 Manmays-iPad profiled[218] <Notice>: (Note ) MC: Checking for MDM installation...

Jul 11 17:03:01 Manmays-iPad profiled[218] <Notice>: (Note ) MC: ...finished checking for MDM installation.

Jul 11 17:03:01 Manmays-iPad profiled[218] <Notice>: (Note ) MC: Loaded VPNUtilities.framework

Jul 11 17:03:01 Manmays-iPad profiled[218] <Notice>: (Note ) MC: Beginning profile installation...

Jul 11 17:03:01 Manmays-iPad profiled[218] <Notice>: (Note ) MC: Profile “com.apple.mgmt.mymdm.mdmF3A9BD12-2E5E-A2D4-49D2-81F70C7571F9” is replacing an existing profile having the same identifier.

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: MKBDeviceLockAssertion: MKBDeviceLockAssertion (asserttype:3)

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: MKBDeviceGetGracePeriod: MKBDeviceGetGracePeriod() => (0,0,0)

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: get_longlongvalue_for_key: failed to get GracePeriod

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: get_longlongvalue_for_key: failed to get MaxLifetime

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod(-1,5,-1)

Jul 11 17:03:01 Manmays-iPad profiled[218] <Error>: MKBDeviceSetGracePeriod: MKBDeviceSetGracePeriod: from AKS 0

Jul 11 17:03:01 Manmays-iPad keybagd[46] <Error>: 0x295000 __update_system_keybag_block_invoke: Updating System Keybag

Jul 11 17:03:01 Manmays-iPad keybagd[46] <Error>: 0x295000 KBUpdateSystemKeyBag: Got opaqueStuff from ondisk keybag

Jul 11 17:03:01 Manmays-iPad configd[58] <Notice>: SCNC: stop, triggered by (58) configd, type IPSec, reason Service Disposed

Jul 11 17:03:01 Manmays-iPad configd[58] <Notice>: network changed.

Jul 11 17:03:01 Manmays-iPad keybagd[46] <Error>: 0x295000 KBUpdateSystemKeyBag: Saved new keybag with result 2707224

Jul 11 17:03:01 Manmays-iPad securityd[79] <Error>: CFPropertyListReadFromFile file file:///Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)

Jul 11 17:03:01 Manmays-iPad securityd[79] <Error>: CFPropertyListReadFromFile file file:///Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)

Jul 11 17:03:01 Manmays-iPad securityd[79] <Error>: CFPropertyListReadFromFile file file:///Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)

Jul 11 17:03:02 Manmays-iPad profiled[218] <Notice>: (Note ) MC: Profile “com.apple.mgmt.mymdm.mdmF3A9BD12-2E5E-A2D4-49D2-81F70C7571F9” installed.

Jul 11 17:03:02 Manmays-iPad corecaptured[212] <Warning>: CCXPCService::setStreamEventHandler Woken up by notifyd.

Jul 11 17:03:02 Manmays-iPad configd[58] <Notice>: network changed.

Jul 11 17:03:02 Manmays-iPad corecaptured[212] <Warning>: CCProfileMonitor::profileCallback Entered token:4

Jul 11 17:03:02 Manmays-iPad profiled[218] <Error>: __MKBAssertionFinalize: __MKBAssertionFinalize(0x14562af0)

Jul 11 17:03:02 Manmays-iPad corecaptured[212] <Warning>: CCLogTap::profileRemoved

Jul 11 17:03:02 Manmays-iPad corecaptured[212] <Warning>: CCDataFile::profileRemoved

Jul 11 17:03:02 Manmays-iPad corecaptured[212] <Warning>: CCLogTap::profileRemoved

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Command Status: Acknowledged

Jul 11 17:03:02 Manmays-iPad afcd[90] <Error>: Checking for changed log settings

Jul 11 17:03:02 Manmays-iPad afcd[90] <Error>: valid 0 value 0

Jul 11 17:03:02 Manmays-iPad afcd[90] <Error>: Verbose logging disabled

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Polling MDM server https://dc27.mymdm.net/dccontrollerc/processresponse for next command.

Jul 11 17:03:02 Manmays-iPad mc_mobile_tunnel[221] <Notice>: (Note ) MC: mc_mobile_tunnel starting.

Jul 11 17:03:02 Manmays-iPad awdd[220] <Error>: CoreLocation: CLClient is deprecated. Will be obsolete soon.

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Transaction completed. Status: 200

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Attempting to perform MDM request: Settings

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Handling request type: Settings

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Command Status: Acknowledged

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Command Status: Acknowledged

Jul 11 17:03:02 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Polling MDM server https://dc27.mymdm.net/dccontrollerc/processresponse for next command.

Jul 11 17:03:03 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Transaction completed. Status: 200

Jul 11 17:03:03 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Attempting to perform MDM request: ProfileList

Jul 11 17:03:03 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Handling request type: ProfileList

Jul 11 17:03:03 Manmays-iPad mdmd[217] <Notice>: (Note ) MDM: Command Status: Acknowledged


And below is the log when I launch the app:

Jul 11 17:04:19 Manmays-iPad mdmd[217] <Error>: TASK-ASSERT: cfurlcache - ProcessCacheTask - FAILED to get task-assertion, going commando with 16 items to process.

Jul 11 17:04:20 Manmays-iPad kernel[0] <Debug>: launchd[223] Container: /private/var/mobile/Applications/D0C06305-AA03-4A32-A8D2-51C55722814C (sandbox)

Jul 11 17:04:20 Manmays-iPad backboardd[28] <Error>: HID: The 'Passive' connection 'iStocks' access to protected services is denied.

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Warning>: Enabling Crittercism v4.3.1...

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Error>: Could not successfully update network info during initialization.

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Error>: Could not successfully update network info during initialization.

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Warning>: Crittercism - Using cached delegate list.

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Warning>: Crittercism successfully initialized.

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Warning>: Crittercism network monitoring: enabled

Jul 11 17:04:21 Manmays-iPad iStocks[223] <Warning>: Reachability Flag Status: -R ------- networkStatusForFlags

Jul 11 17:04:22 Manmays-iPad backboardd[28] <Warning>: |GuidedAccess|warning| SpringBoard server could not disconnect from frontmost app message service gracefully: (null)

Jul 11 17:04:23 Manmays-iPad iStocks[223] <Warning>: Crittercism - net data collection enabled, frequency: 10s



If I try to connect with the VPN manually by accessing settings app, then I am able to successfully connect and all the traffic is routed through the VPN.

But then I turn off my VPN connection and launch the targeted Per-App VPN application, then I don't see the VPN icon on top status bar also no traces found on VPN Traffic.



I am using the below VPN Device:

Cyberoam :

Model No. : CR25i

Firmware Version :10.04.3 build 543

Mode OF configuration : Gateway Mode



Please let me know if there are any specific changes to be done on VPN device for supporting Per-App VPN or I am missing anything on configuration Profile part.


Thanks,

Posted on Jul 12, 2014 3:50 AM

Reply
2 replies

MDM - Per-App VPN for iOS7, Not connecting to VPN on App Launch

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up