Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

iOS VPN On Demand: Only outside company

Tags:

ios

vpn

I was reading about the VPN On Demand feature built on the latest versions of iOS.

The problem here is: We run a VPN to access a WebApp hosted in-house on a subdomain like salexxx.company.net that has an A record to an internal IP of your network (eg. 172.20.1.100). In order for someone to access the WebApp he needs to be a) connected to our network directly, or b) connected to the VPN.

We've zero interest in having every request coming from user devices going through the VPN (way much traffic). iOS VPN On Demand seems to solve the issue, however when I'm at the company office and try to access the domain the phone also fires the VPN... Causing unnecessary redundancy on the network.

  • Is it possible to tell the devices to only connect to the VPN if they're outside of the company network?

Thank you.

like image 535
TCB13 Avatar asked Oct 25 '25 20:10

TCB13

1 Answers

You can add an On Demand rule to disconnect in case the SSID of the Wi-Fi you're connected to matches with the one used on your company network.

NEOnDemandRuleDisconnect *disconnectOnCompanyNetworkRule = [[NEOnDemandRuleDisconnect alloc] init];
disconnectOnCompanyNetworkRule.SSIDMatch = @[@"company_network_name"];

If you're using configuration profiles, you can also add that rule to your profile as specified on the documentation: https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW36

The Apple Configurator application doesn't have the ability to add these rules, you'll need to open the profile with some text editor to add these rules. And you want to add something like this to it:

<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
    <dict>
        <key>Action</key>
        <string>Disconnect</string>
        <key>InterfaceTypeMatch</key>
        <string>WiFi</string>
        <key>SSIDMatch</key>
        <array>
            <string>Company WiFi</string>
        </array>
    </dict>
    <dict>
        <key>Action</key>
        <string>Connect</string>                  
        <key>InterfaceTypeMatch</key>
        <string>WiFi</string>
    </dict>
    <dict>
        <key>Action</key>
        <string>Connect</string>
        <key>InterfaceTypeMatch</key>
        <string>Cellular</string>
    </dict>
</array>
like image 83
Jobert Avatar answered Oct 28 '25 11:10

Jobert
Sign in to Comment

Related questions

Xcode crashes when trying to run project due to LLDB

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!