Per-app VPN (this includes app proxy providers and packet tunnel providers in per-app mode) can only be configured via a configuration profile (using both the
com.apple.vpn.managed.applayer
and
com.apple.vpn.managed.appmapping
payloads).
Note iOS does not support the
com.apple.vpn.managed.applayer
, so on iOS you can only set this up via MDM.
The above assumes you’re using Network Extension (NE) providers, which is what I recommend. If you ship outside of the Mac App Store (MAS), you can’t use NE providers for your VPN (NE providers are only supported in Mac App Store apps). There are, however, a bunch of other techniques that non-MAS apps can use to implement VPN. I recommend that you steer clear of these because I’m concerned about their long-term viability (DTS has stopped providing formal support for non-NE VPN for similar reasons).
I can’t comment on other developer’s products, but if I were in your shoes I’d first check their distribution channel.
The best long-term solution for this problem would be for Apple to support per-app VPN outside of managed environments. We already have a bug on file tracking this request (r. 22708173), but I think it’s worthwhile you filing your own enhancement request describing your own specific requirements.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"