I want to let my users configure IKEv2 VPN with always-on. I know this is possible using Apple Configurator + the native system's IKEv2 VPN.
But I want to have a "wrapper" app - some values will be defined at the Apple Configurator, and other values will be defined at my app, which will trigger the system's IKEv2.
Is it possible to use VPN payload for a 'personal' VPN app (without Packet Tunnel Provider)?
Is it possible to do it with the VPN payload for 'Custom SSL'?
Can I create an app, that creates a 'Personal VPN' of type IKEv2, gets the payload from Apple Configurator, sets some values, and starts the VPN? If yes, is it possible to configure the always-on in this case?
Or is the 'Custom SSL' is meant only for 'Packet Tunnel Providers' (and then I can't have always-on)?
But I want to have a "wrapper" app - some values will be defined at the Apple Configurator, and other values will be defined at my app, which will trigger the system's IKEv2.
Is it possible to use VPN payload for a 'personal' VPN app (without Packet Tunnel Provider)?
Is it possible to do it with the VPN payload for 'Custom SSL'?
Can I create an app, that creates a 'Personal VPN' of type IKEv2, gets the payload from Apple Configurator, sets some values, and starts the VPN? If yes, is it possible to configure the always-on in this case?
Or is the 'Custom SSL' is meant only for 'Packet Tunnel Providers' (and then I can't have always-on)?
Currently, AlwaysON VPN is only supported on supervised iOS devices. It is configuration profile based only, and is limited to the built-in IKEv2 provider. There is no app-based customization support.
It sounds like you want to have your own app with your own custom SSL provider, but with the alwaysOn-VPN-like behavior (forcing all traffic onto tunnel to avoid traffic leakage).
On iOS 14, check out the new key, includeAllNetworks, in the NEVPNProtocol.h file. If VPN is enabled and this includeAllNetworks is set, VPN will make sure all traffic must be tunneled. If tunnel is not up yet, all traffic will be dropped. If tunnel is enabled manually, this key will continuously keep the tunnel up. If tunnel is onDemand, then tunnel will be brought up by onDemand.
https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
It sounds like you want to have your own app with your own custom SSL provider, but with the alwaysOn-VPN-like behavior (forcing all traffic onto tunnel to avoid traffic leakage).
On iOS 14, check out the new key, includeAllNetworks, in the NEVPNProtocol.h file. If VPN is enabled and this includeAllNetworks is set, VPN will make sure all traffic must be tunneled. If tunnel is not up yet, all traffic will be dropped. If tunnel is enabled manually, this key will continuously keep the tunnel up. If tunnel is onDemand, then tunnel will be brought up by onDemand.
https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks