Hi,
We have a profile to set the VPN configuration of the device. It is a DEP device with per app vpn setting:
https://developer.apple.com/documentation/devicemanagement/applayervpn
We set the following fields:
"Safari Domains","Calendar Domains","Contacts Domains","Mail Domains"
We also add a couple of apps to the profile to restrict VPN usage.
The domains we use are internal domains, so the DNS of the system is set within "VPN" connection. When we access the sites via Safari VPN works fine and we can access them, when we try Mail apps or try adding account via Settings then it fails.
We tried both "packet-tunnel" and "app-proxy" in the AppLayerVPN.VPN settings but it still did not work. (https://developer.apple.com/documentation/devicemanagement/applayervpn/vpn)
When we set the VPN on the whole device then the mail app and accounts can be fetched, so we do not think that it is VPN server related.
What are we missing here?
Any help or advice is appreciated.
Thanks
Our example profile:
We have a profile to set the VPN configuration of the device. It is a DEP device with per app vpn setting:
https://developer.apple.com/documentation/devicemanagement/applayervpn
We set the following fields:
"Safari Domains","Calendar Domains","Contacts Domains","Mail Domains"
We also add a couple of apps to the profile to restrict VPN usage.
The domains we use are internal domains, so the DNS of the system is set within "VPN" connection. When we access the sites via Safari VPN works fine and we can access them, when we try Mail apps or try adding account via Settings then it fails.
We tried both "packet-tunnel" and "app-proxy" in the AppLayerVPN.VPN settings but it still did not work. (https://developer.apple.com/documentation/devicemanagement/applayervpn/vpn)
When we set the VPN on the whole device then the mail app and accounts can be fetched, so we do not think that it is VPN server related.
What are we missing here?
Any help or advice is appreciated.
Thanks
Our example profile:
Code Block xml <dict> <key>IKEv2</key> <dict> <key>AuthenticationMethod</key> <string>Certificate</string> <key>ChildSecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>14</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>DeadPeerDetectionRate</key> <string>Medium</string> <key>DisableMOBIKE</key> <integer>0</integer> <key>DisableRedirect</key> <integer>0</integer> <key>EnableCertificateRevocationCheck</key> <integer>0</integer> <key>EnablePFS</key> <integer>1</integer> <key>IKESecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>14</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>OnDemandEnabled</key> <integer>1</integer> <key>LocalIdentifier</key> <string>user@example.com</string> <key>PayloadCertificateUUID</key> <string>5c0c7855-a8d9-4c86-8a21-efec8335105a</string> <key>RemoteAddress</key> <string>vpn.example.com</string> <key>RemoteIdentifier</key> <string>vpn.example.com</string> <key>UseConfigurationAttributeInternalIPSubnet</key> <integer>0</integer> </dict> <key>IPv4</key> <dict> <key>OverridePrimary</key> <integer>1</integer> </dict> <key>VPNUUID</key> <string>4dfdca51-aea1-461b-9a76-d24e8a2f9c07</string> <key>OnDemandMatchAppEnabled</key> <true/> <key>SafariDomains</key> <array> <string>internal.lan</string> </array> <key>CalendarDomains</key> <array> <string>internal.lan</string> <string>outlook.internal.lan</string> </array> <key>ContactsDomains</key> <array> <string>internal.lan</string> <string>outlook.internal.lan</string> </array> <key>MailDomains</key> <array> <string>internal.lan</string> <string>outlook.internal.lan</string> </array> <key>PayloadDescription</key> <string>Configures VPN settings</string> <key>PayloadDisplayName</key> <string>VPN</string> <key>PayloadIdentifier</key> <string>com.apple.vpn.managed.applayer.ebec689e-6c37-4344-a590-09fe4a22f436</string> <key>PayloadType</key> <string>com.apple.vpn.managed.applayer</string> <key>PayloadUUID</key> <string>ebec689e-6c37-4344-a590-09fe4a22f436</string> <key>PayloadVersion</key> <integer>1</integer> <key>Proxies</key> <dict> <key>HTTPEnable</key> <integer>0</integer> <key>HTTPSEnable</key> <integer>0</integer> </dict> <key>UserDefinedName</key> <string>MDM VPN</string> <key>VPNType</key> <string>IKEv2</string> <key>VPN</key> <dict> <key>ProviderType</key> <string>packet-tunnel</string> </dict> </dict>