3 Replies
      Latest reply: Nov 17, 2016 1:33 AM by eskimo RSS
      tanfromhangzhou Level 1 Level 1 (0 points)

        I can't load the per-App-VPN config using method: loadAllFromPreferencesWithCompletionHandler, but I can load VPN config with this method.

        Does that mean  we can't develop per-app-vpn using NEPacketTunnelProvider? Thank you very much.

        • Re: per-App-VPN NEPacketTunnelProvider
          eskimo Apple Staff Apple Staff (7,960 points)

          Per-app VPN has to be configured via a configuration profile.  If you look at the Per-App VPN Payload section of the Configuration Profile Reference, you’ll see that there’s a ProviderType key that specifies whether the per-app VPN configuration expects a packet tunnel or app proxy provider.

          IMPORTANT This value must be inside the VPN dictionary.  The documentation says this, but it’s easy to misinterpret it.  To be celar, this ProviderType goes alongside the RemoteAddress key.

          Once you set this up correctly, the various routingMethod properties will start returning the right value (.sourceApplication).

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: per-App-VPN NEPacketTunnelProvider
              tanfromhangzhou Level 1 Level 1 (0 points)

              Thank you very much, you help me solved this problem.

              IMPORTANT This value must be inside the VPN dictionary.  The documentation says this, but it’s easy to misinterpret it.  To be celar, this ProviderType goes alongside the RemoteAddress key. --this is the key point.

               

              I have another problem: there is a mdm server for me, I can send the per-App-VPN config profile by MDM command, but I don't know the correct App config profile. When I send the config with payload type:com.apple.vpn.managed.appmapping, it can't be recognized by the iOS10.

              How to config the right config profile to specify the app that use the per-App-VPN(packet-tunnel)?

                • Re: per-App-VPN NEPacketTunnelProvider
                  eskimo Apple Staff Apple Staff (7,960 points)

                  When I send the config with payload type com.apple.vpn.managed.appmapping, it can't be recognized by the iOS10.

                  Right.  The docs for that payload make it very clear that this is an macOS-only feature.  On iOS-based platforms you set the VPNUUID for an app via MDM commands, specifically the Settings command with an ApplicationAttributes entry.  If you’re doing your own MDM server, you can look in the MDM docs for info on this.  If you’re using a pre-built MDM solution, you’ll have to look at the docs for that solution.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"