iOS 7 programatically per app VPN

Question

I'm developing a iOS 7 app and i would like to know if the feature "Per app VPN" is activated "by hand" (like location services, where you can choose which app can and can't) or I can set it up by code inside the app?

Looking around the web I found very little info about it, and apple announcement did not make it any clear also... I was hoping to prompt the user for the VPN configuration when he first open the app, and then, when he is "outside" the internal Wi-Fi, I would automatically activate it...

Answer 1

Information is still somewhat sketchy, but from what I can tell so far its something the VPN vendors will need to support, and it will be enabled using configuration profiles, e.g. via MDM. In the profile you'll define your VPN configuration like you can do today, and additionally you'll specify which apps use which VPN configs. Apps won't be need to be modified at all, nor (I assume) even aware they're being tunneled. I don't know yet if they'll allow users to configure this on their own, without a config profile. I don't see why not, other than maybe wanting to insulate common users from "enterprisey" features.

I expect Apple will release a new version of the iPhone Configuration Utility or Apple Configurator that will allow you to set all of this up. If you have access to their developer site there's information about the XML keys in the config profile that turn it on, so you could probably craft a profile on your own without the tool, but without VPN vendor support there's not much you'll be able to do. I don't know if any of the built-in VPNs currently support it.

Answer 2

*Note: This is an example custom payload. It needs to be modified to match your VPN configuration and is supported by some VPN providers. This example is using a Connection Type of L2TP. The new keys for Per-App VPN are the VPNUUID and OnDemandMatchAppEnabled.

<dict>
    <key>PayloadDescription</key>
    <string>Configures VPN settings, including authentication.</string>
    <key>PayloadDisplayName</key>
    <string>VPN (VPN Configuration)</string>
    <key>PayloadIdentifier</key>
    <string>126b636d-38ce-4bb1-a211-5239e60bd4ab</string>
    <key>PayloadOrganization</key>
    <string></string>
    <key>PayloadType</key>
    <string>com.apple.vpn.managed.applayer</string>
    <key>PayloadUUID</key>
    <string>63e3f54a-e8bd-45fd-af18-5aadfed9dc9d</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>UserDefinedName</key>
    <string>VPN Configuration #12345</string>
    <key>VPNUUID</key>
    <string>b78ee624-442d-4997-a77f-dc8245109716</string>
    <key>OnDemandMatchAppEnabled</key>
    <string>True</string>
    <key>VPNType</key>
    <string>L2TP</string>
    <key>EAP</key>
    <dict />
    <key>IPv4</key>
    <dict>
      <key>OverridePrimary</key>
      <integer>0</integer>
    </dict>
    <key>PPP</key>
    <dict>
      <key>CommRemoteAddress</key>
      <string>ExampleServerHostname</string>
      <key>CCPEnabled</key>
      <integer>1</integer>
    </dict>
    <key>Proxies</key>
    <dict />
  </dict>

More information is available at: https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html