Per App VPN iOS

Question

I am developing an solution for enterprise which will provide Per App VPN solution. I read apple documentation about Per App VPN and what I understood is that, MDM server is must for Per App VPN and it will push a configuration profile to the manage device which may contains VPN configuration and a list of apps that mush go through this VPN.

But, I have also read about Profile Server and how profile server can send configuration files to the devices. It is relatively easy to configure profile server as compared to MDM.

https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/profile-service/profile-service.html#//apple_ref/doc/uid/TP40009505-CH2-SW2

So Does MDM is a must for implementing Per App VPN in iOS? I also wanted a way to disable the VPN through my app. How to do that?

Answer 1

An MDM is needed to link any apps to the Per-App VPN^. At the time when the MDM pushes the app to the device, it needs to set the app with attribute referencing the VPNUUID.

You should be able to disable the VPN in your app by toggling the On-Demand to off. This however will only stop the VPN connection being made, and won't route the app traffic back through your normal non-VPN network.

If you did want to do this, I'd say that it could be possible to have your app add/remove the Per-App VPN Profile to enable and disable the VPN, though I doubt this is possible.

^ It is possibly to link an app to a Per-App VPN using NETestAppMapping if you are developing your own VPN plugin and only during the development stage.