6 Replies
      Latest reply on Sep 13, 2019 3:10 AM by eskimo
      abhimanyufrombangalore Level 1 Level 1 (0 points)

        Dear Eskimo,

         

        Greetings !!

         

        With my  folding hands  I am also here.

         

        PacketTunnelProvider PER - APP is Executed  with CUSTOM SSL vpn Server  in :-

        Created Fresh App with extenssion + Configuration Profile (loaded with CUSTOM SSL Server & provider type tunnel not proxy ) +  loaded on iPad + run the App with extenssion and it's connected as per-App vpn (app ttached with vpn configuration + connection established without disturbing other ipad traffic.)with UBANTU CUSTOM SSL Server .

         

         

         

        But now I want to connect it with IKEV2 vpn Server  information  rather than custom  SSL vpn server  where i am failed .

         

        Steps done :-

        Same App + Configuration Profile (updated with IKEV2 Server Info & provider type tunnel not proxy ) +  loaded on iPad + run the App with extenssion and it's not connected with IKEV2 Server.

         

        May you help me there what i need to do to connect with IKEV2 Server connection as per-App VPN.???

        • Re: per-App VPN with IKEv2 rather than custom ssl vpn Server.
          eskimo Apple Staff Apple Staff (11,795 points)

          Are you trying to use your own implement of IKEv2, embedded within your own NetworkExtension packet tunnel provider?  Or are you trying to use the system’s built-in IKEv2 client?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: per-App VPN with IKEv2 rather than custom ssl vpn Server.
              abhimanyufrombangalore Level 1 Level 1 (0 points)

              Eskimo , Built in IKEv2  client means connection through  NEVPNManager class right ? I done this in separate demo application and it’s connecting successfully but not as per- App VPN. That’s why  I went on packet tunneling with extension using NETunnelProviderManager. Created a proper configuration profile as well and loaded on iPad with app. I want to achieve per-App VPN in any way whether  it is built in or packer tunnel provider, may you guide me there ?

                • Re: per-App VPN with IKEv2 rather than custom ssl vpn Server.
                  abhimanyufrombangalore Level 1 Level 1 (0 points)

                  It is possible to achive per-App VPN configuration through Build-in IPSec clients (IKEv1 and KEv2) that WWDC video also saying

                   

                  https://developer.apple.com/videos/play/wwdc2015/717/

                   

                  Also I want to tell you  that please check  above video from  Time duration of :- 25:02 , where engineer clearly mentioned that  we support Build-in IPSec clients (IKEv1 and KEv2) for per-App VPN as well but I don’t have any information  regarding this.

                   

                  ScreenShot Attached :-

                   

                   

                   

                  So i want  to achive per-App VPN with Build-in IPSec clients (IKEv1 and KEv2) only , Please guide me there as soon as possible,it will be a big help from your side!!

                    • Re: per-App VPN with IKEv2 rather than custom ssl vpn Server.
                      eskimo Apple Staff Apple Staff (11,795 points)

                      Built in IKEv2 client means connection through NEVPNManager class right?

                      Right, but that doesn’t help you with per-app VPN because NEVPNManager will only let you set up Personal VPN, and per-app VPN is only supported on managed devices.  If you want to set up per-app VPN, you must:

                      • Create the VPN configuration using a configuration profile, specifically the Per-App VPN (com.apple.vpn.managed.applayer) payload [1]

                      • Configure the app-to-VPN mapping using MDM [2]

                      As there are no APIs involved, this is outside of DTS’s purview.  For help with this, you’ll need to talk to Apple Support.

                      Share and Enjoy

                      Quinn “The Eskimo!”
                      Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                      let myEmail = "eskimo" + "1" + "@apple.com"

                      [1] See the Configuration Profile Reference.

                      [2] On iOS.  On macOS you can use the App-to-Per-App VPN Mapping (com.apple.vpn.managed.appmapping) payload.