Per-app VPN and Device level VPN coexist, which one can intercept traffic

By Per-App VPN and Device Level VPN do you mean two Enterprise VPNs running at the same time? If so, then only one Enterprise VPN can be running at one time, and it's usually the one that was start/triggered first.

More information on this can be found in the NETunnelProviderManager documentation here.

Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Thank you very much for your answer.

Suppose Per-App and Device level enterprise VPNs on device are form two different Vendors, currently device Level Enterprise VPN is conected, then user open the app managed by Per-App VPN, will Per-App VPN be started? if yes, does Per-App VPN take precedence to intercept traffic?

No problem. In this case I would expect that the Per-app VPN connection not be started because the Device Level Enterprise VPN is already connected and active.

Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Hi,

We are investigating a similar issue. We have a device wide enterpise VPN using Packet Tunnel Provider. If there is another third-party VPN provider providing per-app VPN facility our question is :

1. If per app VPN is via a packet tunnel provider, will the packets go through per-app VPN or go through device wide VPN?

As per our understanding, only one Packet Tunnel Provider can be active at a time and packets will go through the VPN which is currently active...Is this understanding correct?

2. If per app VPN is via a App Proxy Provider, will packets go through per app VPN or device wide VPN?