Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Native iOS IKEv2 Client for Per-App VPN

I am planning on setting up a Per-App VPN , to connect to a Strongswan IKEv2 VPN gateway. Is it possible to set up a Per-App VPN with the built-in IKEv2 client?


I have seen some references around the internet that indicate that it is possible, but nothing substantial enough to show how to do it. I have used the SimpleTunnel as a test and have been successful in getting a Per-App VPN running.


As such, I understand that in the Configuration Profile Reference, I need to set the VPNType to 'VPN' as indicated in the Per-App VPN Payload. Subsequently, it would seem that I would need both the Bundle Identifier and VPNUUID of the built-in IKEv2 client in order to proceed? Alternatively, is there something else I'm missing from the Configuration Profile Reference that allows this to be set up without the Bundle Identifier and VPNUUID?


Or, is the reality that I would need to implement my own VPN Plugin using NEVPNProtocolIKEv2?, if I didn't want to utilise a 3rd party solution?


Kind regards,


Jordan

iPhone X, iOS 11.2.1

Posted on

Reply
Question marked as Solved
Answer:
Answer:

I now have an answer to this following an Apple Developer Technical Support request.


To use the built-in IKEv2 VPN as a Per-App VPN, you simple need to set the 'VPNType' to 'IKEv2'.


It seems that I was lead astray by the Configuration Profile Reference, which states the following for 'Per-App VPN Payload':


"The Per-APP VPN payload is used for configuring add-on VPN software, and it only works on VPN services of type 'VPN'"


As a result, I concluded that 'VPNType' had to be 'VPN', and couldn't possibly be 'IKEv2'.

Posted on

Page content loaded

Mar 15, 2018 9:40 PM in response to J0RD@N In response to J0RD@N

Correction - I wouldn't need the VPNUUID, as that is set as part of the Configuration Profile and then linked to an app via an MDM. As far as I understand however, I would still need the bundle identifier of the built-in VPN client?

Mar 15, 2018 9:40 PM

Reply Helpful
Question marked as Solved

Mar 26, 2018 2:38 PM in response to J0RD@N In response to J0RD@N

I now have an answer to this following an Apple Developer Technical Support request.


To use the built-in IKEv2 VPN as a Per-App VPN, you simple need to set the 'VPNType' to 'IKEv2'.


It seems that I was lead astray by the Configuration Profile Reference, which states the following for 'Per-App VPN Payload':


"The Per-APP VPN payload is used for configuring add-on VPN software, and it only works on VPN services of type 'VPN'"


As a result, I concluded that 'VPNType' had to be 'VPN', and couldn't possibly be 'IKEv2'.

Mar 26, 2018 2:38 PM

Reply Helpful (2)
User profile for user: J0RD@N

Question: Native iOS IKEv2 Client for Per-App VPN