Exclude VPN profile from iCloud Backup

Question

Created Mar ’19

Replies 2

Boosts 0

Views 2.4k

Participants 3

We have an app that creates a VPN profile on the device. As part of that VPN profile we supply a username and password to the NEVPNProtocolIKEv2 profile configuration and proxy server. The VPN is setup to connect on demand and everything works smoothly; however, if the user backs up their device to iCloud and then restores from their iCloud backup, the VPN profile is carried over, but the password does not get restored so (because it is setup as on demand) it constantly pops up a diaglogue to enter the password for the VPN.

Is it possible to either:

A) Get the password to restore properly on restore from iCloud backup

B) Instruct iOS to not restore the VPN profile on restore from iCloud backup

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’19

Two things:

What happens if you run this test with a configuration profile rather than creating the configuration programmatically?
Are you restoring the backup to the same device? This matters, as I explained in this post.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

kirill OP

Feb ’20

Hi, I just ran into this as well.

We have a VPN app that uses the IPSEC and IKEv2 protocols.

The credentials stored in keychain use `kSecAttrAccessibleAlwaysThisDeviceOnly` flag, but that doesn't matter as the credentials are already part of the VPN profile.

When the backup is restored to a different device, the VPN tunnel is activated immediately using that profile before you even finish the restoration process, adding the passcodes etc.

So is this how this is intended to work or is there some API in the `NEVPNProtocolIPSec` or `NEVPNProtocolIKEv2` that can tell them not to be backed up?

0