3 Replies
      Latest reply on Oct 4, 2019 2:07 PM by pling@mobileiron.com
      tanfromhangzhou Level 1 Level 1 (0 points)

        Routing Network Data to the VPN

        There are two ways or methods by which network data is routed to the VPN:

        • By destination IP address
        • By source application (Per-App VPN)

         

        My question is: Can use the two ways simultaneously?

        For instance: For A app, only the destination IP(192.168.1.10) use VPN, other destination IP use  Physical network

         


        • Re: Routing Network Data to the VPN
          tanfromhangzhou Level 1 Level 1 (0 points)

          By the way, per-app-VPN(by MDM) using private protocol  VPN gateway.

          • Re: Routing Network Data to the VPN
            eskimo Apple Staff Apple Staff (13,355 points)

            For A app, only the destination IP (192.168.1.10) use VPN, other destination IP use physical network

            You definitely can’t do this via IP address.  You may be able to do it via DNS name (consider the matchDomains property of the NEAppRule class) but I don’t see how you can actually configure that via the com.apple.vpn.managed.applayer payload in a configuration profile.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: Routing Network Data to the VPN
                pling@mobileiron.com Level 1 Level 1 (0 points)

                According to Configuration Profile Reference

                 

                Under Per-App VPN Payload section, "The Per-App VPN payload supports all of the keys described in VPN Payload plus the following additional keys:". That implys to the developer that per-app VPN does support on-demand VPN keys, which include DNS.

                 

                Under DNS Dictionary Keys of VPN payload section, "If VPNType is IKEv2, the following DNS keys may be provided:" it seems say DNS will not work for VPN type of VPN (Custom SSL VPN), but actually for device on-demand packet tunnel provider, this DNS configuration (via NETunnelNetworkSettings.DNSSettings in API) does work, include "matchdomains".

                 

                How should developer to understand iOS/MacOS DNS resolving for the app associated with per-app packet tunnel?