Per app VPN configuration (iOS user policy)
The Per app VPN configuration lets you configure VPN settings for individual apps.
Overview
You can configure apps to automatically connect to VPN when they start. So you can, for example, ensure that data transmitted by managed apps travels through VPN.
After you’ve created a Per app VPN configuration, you can select it on an app’s Edit package page. See Assign a VPN connection to an iPhone or iPad app.
Settings
Setting | Description |
---|---|
Connection name | The name of the connection shown on the device. |
Connection type | The type of VPN connection:
Select Custom SSL/TLS if your VPN vendor has an app in the App Store that provides the VPN connection. |
Identifier (reverse DNS format) | The identifier of the VPN app in reverse DNS format. The app must be installed on the device. Example: |
Server | The hostname or IP address of the server. |
Account | The user account for the authentication of the connection. |
Third-party settings | If your vendor has specified custom connection properties, you can enter them in this field. To enter a property, click Add and then enter Key and Value of the property in the dialog box. |
Send all traffic through VPN | All traffic is sent through VPN. |
Group | The group that may be required for the authentication of the connection. |
User authentication | The type of user authentication for the connection, either Password or Certificate. |
Password | The password for VPN authentication. |
Certificate | The certificate for VPN authentication. |
Proxy | The proxy settings for the connection:
|
Provider type | The VPN connection type.
|
Domains in Safari | Domains for which iOS uses a VPN connection when opened in Safari or another WebKit-based browser. |
Domains in Calendar | Domains for which iOS uses a VPN connection when opened in Calendar. |
Domains in Contacts | Domains for which iOS uses a VPN connection when opened in Contacts. |
Domains in Mail | Domains for which iOS uses a VPN connection when opened in Mail. |
How to enter domains
The following rules apply to the Domains in Safari, Domains in Calendar, Domains in Contacts, and Domains in Mail fields:
- Enter one domain, partial domain, or host name per line.
-
A partial domain matches a domain name when all components match, starting at the right.
For example,
example.com
matcheswww.example.com
andmail.example.com
, but notwww.myexample.com
orexample.com.net
. -
Leading and trailing dots are ignored.
For example,
.example.com
andexample.com
are equivalent. -
When you enter a string without dots, it matches a host with that name.
For example,
com
matchescom
, but notwww.example.com
.
For security reasons, an additional rule applies to the Domains in Calendar, Domains in Contacts, and Domains in Mail fields:
-
The second-level domain must match the second-level domain of your VPN server.
For example if your VPN server’s address is
vpn.example.com
, the domain can bemail.example.com
but notmail.acme.com
.