iOS enterprise vpn connectivity

About

Asked 7/9, 2013 at 9:33 Answered 5/11, 2013 at 5:58

In an iOS application if you had to access corporate remote services, through VPN, what would be your pattern to ensure you have connectivity and inform the user if that's not the case:

check that your network and VPN are working (by checking if some host like google.com and some private enterprise host are reachable) and if that's the case then call the remote service?
or call directly the remote service, and if there is a network exception, then check if both a network host and an enterprise host are reachable? (to find-out what's going on and inform the user)
or you would do it differently?

Tapioca answered 7/9, 2013 at 9:33 Comment(1)

What's with the down vote? Care to comment? – Tapioca 7/9, 2013 at 16:14

Usual approach:

1)User opens VPN client enables VPN connectivity

2)User uses the app.

Alternative approach:

If you are developing an enterprise application then you could possibly start and stop VPN connection right from the app using apple's private api.

Advantages of the approach:

So that all the network connections from the app are routed through VPN and user doesn't have to enable VPN connection every time he uses the app.

Reference:

You could find some hot discussions on this topic in the following threads.

Thread 1

Thread 2

Thread 3

Pye answered 5/11, 2013 at 5:58 Comment(7)

For the 1st item in your usual approach list, is the user enabling VPN connectivity via 'Settings->General->VPN' or can the app do it? – Preternatural 11/2, 2014 at 21:52

There are VPN client apps available which opens up VPN connection so that every web request is routed through VPN.To name few VPN Client apps Cisco anyconnect and Junos Pulse – Pye 12/2, 2014 at 12:3

It sounds like even with iOS7 (as of 02/12/14) we are still not able to have an app enable the global VPN unless we are invited to use apple's private API? I just wanted to confirm. I am making an app tied to an MDM, and once the MDM pushes a VPN profile to the device I wanted to enable the VPN without having the user do it (or allow them to enable VPN from within my app). Thanks! – Preternatural 12/2, 2014 at 19:58

Yes you are right. But If you use MobileIron MDM then you can look into add on module called AppTunnel which lets you open VPN connection for your app alone not for other apps.To know more visit mobileiron.com/en/products/appswork/apptunnel or You can create VPN on demand Configuration profile through which you could easily open vpn connection from your app. – Pye 14/2, 2014 at 20:14

I am using AirWatch as my MDM, and after AirWatch pushes a profile to my device, I wanted to turn on the VPN for all apps (as if the user had turned it on through Settings->General->VPN->On). My related question is here: Programmatically verify an MDM profile configuration has been successfully pushed to an iOS device? I will check and see if AirWatch has anything similar, thanks! – Preternatural 17/2, 2014 at 20:23

Accessing one of the domain of VPN CONNECT ON DEMAND domain list will open the VPN connection for the whole iPad and I sucessfully tried by visiting one of the domain in my safari. – Pye 19/2, 2014 at 16:22

Do you know if using https interferes with that? I added mydomain.com as a domain to match VPN ON DEMAND, so VPN gets enabled when I go to www.mydomain.com or https://www.mydomain.com, but https://mydomain.com doesn't enable the VPN. And the first two addresses don't take me to the correct site for which I need VPN turned on. – Preternatural 21/2, 2014 at 19:41

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags