Per-App VPN bypass

Hey,

I am trying to configure per-app VPN based on OpenVPN using MDM and want to clarify what is the expected behavior in this case.

My goal is to force a specific app to use the tunnel for ALL connections. For my lab tests I use Google Chrome app. What I have achieved till now is that the per-app VPN profile is successfully deployed, the connection is being established on-demand and my local website (which is not available without VPN) opens in Chrome. However, even though I see VPN icon in status bar using Chrome, it looks like the browser bypasses the tunnel. My VPN network does not have Internet access, so my expectation was that with VPN turned-on I will be able to open only internal websites and all others public resources won't be available. But it looks like the VPN does not block any connection and only makes internal resources being available in addition to the resources available without VPN tunnel.

So the question is whether my understanding of the per-app VPN on iOS is wrong and the behavior I see is expected or my goal is achievable but I misconfigured something.

Thanks!

Up vote post of odemwingie Down vote post of odemwingie
596 views
Posted by
odemwingie
Reply
Add a Comment

Replies

To start, I recommend that you test your VPN setup with something other than a web browser. Create a small test app that fetches a few resources using NSURLSession and then apply per-app VPN to it. Does that behave as expected?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Unfortunately I am not a developer, so what you suggest is not really doable :) I am an admin who uses and configures existing tools and want to understand whether what I am trying to achieve is doable at all. So I just want to clarify how it should be. Let's simplify my question. If I configure per-app VPN, should I expect that connections not available in the tunnel will be blocked or this per-app VPN just adds the ability to connect to internal resources and allows to connect to other websites bypassing the VPN tunnel?

Posted by
odemwingie
Up vote reply of odemwingie Down vote reply of odemwingie
Add a Comment

Unfortunately I am not a developer

Oh, in that case you’re in the wrong place. You might have better luck asking this question over in Apple Support Communities, run by Apple Support, and specifically the in Business and Education topic areas, where you’re more likely to find folks with relevant experience.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Okay, thank you for forwarding me to the proper community! Will raise the question there.

Posted by
odemwingie
Up vote reply of odemwingie Down vote reply of odemwingie
Add a Comment