Hi guys!
OpenVPN Connect Version: 1.0.5 Build 1.77
OpenVPN Server: PFsense 2.24
IOS version: IOS 9.02 (running on Iphone 6 Plus)
Got a very frustrating problem, that i dont seem to resolve.
Im using an MDM solution to deploy OpenVPN configurations.
When i deploy the configurations to use OpenVPN as a regular VPN, "just On/Off functions" it works corretly, the tunnels come up and all the traffic are redirected via the tunnel correctly.
I run everything thru a Proxy aswell and the logs show the Connections correctly.
But when i deploy the configuration profile to use Per-App VPN, in my case i tested Google Chrome + Opera Mini it doesnt work.
The scenario is like this:
I deploy Google Chrome + Opera mini with Per-App VPN settings (to use my correct OpenVPN on-demand profile) that works in "regular" mode.
I start Google Chrome/Opera Mini, the Per-App VPN Connection starts (can see the VPN logo up in the left corner) If i open the OpenVPN connect app i even there see that the "profile" is connected
If i check my server i can see that my tunnel is upp with username/Ip and such.
But when i try to access any site in Google chrome/Opera mini (that are on the Per-App VPN session) nothing works, i cannot access sites via DNS or without it.
Nothing seems to go thru the tunnel.
If i check the OpenVPN connect app and look att my session i can see that send/recieve in data is only about 5-6kb, so again, nothing seems to even go thru the tunnel.
So my conclusion is that Per-app VPN is breaking the OpenVPN session.
since the same profile works flawlessly with "manuall On/Off function"
Ive googled like a maniac and tested multiple things on the OpenVPN server/client, but no change..
Hope someone got any advice/solution!
OpenVPN Conenct IOS 9.0.2 Per-App VPN
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Oct 15, 2015 7:29 am
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jan 10, 2017 2:58 pm
Re: OpenVPN Conenct IOS 9.0.2 Per-App VPN
Hi there!
This seems to be an older thread, but 'cause I was forced with the same problem ("how to use the Per-App VPN feature of iOS with an OpenVPN Server) and I finally got the solution (after a looong research ), I'd like to explain, how I got this to work:
Per-App VPN offers two "modes" (according to: https://developer.apple.com/library/con ... 06-CH1-SW1) for a VPN-tunnel (search the page for "vpn dictonary keys":
The whole "VPN Dictionray" within the .mobileconfig file may look something like this (among all the other stuff inside the file - I don't know how familiar you are with .mobileconfig files):
In my case (I use Sophos Mobile Control) the configuration GUI for "Per-App VPN" settings does not allow to select between the two modes - it useses the default option ("app-proxy") and therefore the deployed configuration does not work. I allways have to manually edit the configuration file and redeploy it to the phones. But I will raise this problem to Sophos and ask them to add possibility to select between the two options within the GUI.
Hope I could help you with my answer
Cheers!
Buscho
This seems to be an older thread, but 'cause I was forced with the same problem ("how to use the Per-App VPN feature of iOS with an OpenVPN Server) and I finally got the solution (after a looong research ), I'd like to explain, how I got this to work:
Per-App VPN offers two "modes" (according to: https://developer.apple.com/library/con ... 06-CH1-SW1) for a VPN-tunnel (search the page for "vpn dictonary keys":
- ProviderType: packet-tunnel
ProviderType: app-proxy
Code: Select all
<key>ProviderType</key>
<string>packet-tunnel</string>
Code: Select all
<key>VPN</key>
<dict>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>AuthName</key>
<string>The user name</string>
<key>RemoteAddress</key>
<string>The remoteadress (IP or url)</string>
<key>PayloadCertificateUUID</key>
<string>UUID of a certificate</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>ProviderType</key>
<string>packet-tunnel</string>
</dict>
Hope I could help you with my answer
Cheers!
Buscho
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Mar 25, 2020 1:26 am
Re: OpenVPN Conenct IOS 9.0.2 Per-App VPN
Hi Buscho,
Could you provide me the complete per-app vpn .mobileconfig sample file?
Thanks.
- Ahan
Could you provide me the complete per-app vpn .mobileconfig sample file?
Thanks.
- Ahan