I created a VPN profile configuration and tested my VPN app, it worked successfully. I modified the same profile into per-app VPN profile with safariDomains and used NetTestAppMapping in app plist based on profile’s VPNUUID. This time VPN turned on but there is no internet connection when app opened. I checked more on this and found out that the gateway interface used in per-app VPN in pdp_ip0 and gateway description showing [25.41.121.239:0, fe80::1:264e:48b10x0dp_ip00x0dp_ip0.0] . This gateway is nil when VPN is connected with normal configuration profile. Also we are not using any IP address 25.41.121.239 and I clearly don’t know from where this is getting called in gateway, but this is only happening when PayloadType is com.apple.vpn.managed.applayer in profile. Below is the logs collected when per-app profile is used. 2022-02-16 10:49:56.428373+0530 VPNApp[17940:9421036] NetworkStatus: Available interface : pdp_ip0 2022-02-16 10:49:56.428443+0530 VPNApp[17940:9421036] NetworkStatus: Available interface : utun3 2022-02-16 10:49:56.432744+0530 VPNApp[17940:9421036] NetworkStatus: [25.41.121.239:0, fe80::1:264e:48b10x0dp_ip00x0dp_ip0.0] 2022-02-16 10:49:56.433010+0530 VPNApp[17940:9421036] NetworkStatus: Supports DNS : true 2022-02-16 10:49:56.433128+0530 VPNApp[17940:9421036] NetworkStatus: currentPath 2022-02-16 10:49:56.433265+0530 VPNApp[17940:9421036] NetworkStatus: Gateway: nil 2022-02-16 10:49:56.433336+0530 VPNApp[17940:9421036] NetworkStatus: Gateway: Optional("pdp_ip0") These are the logs collected when normal profile is used. 2022-02-16 10:53:21.320231+0530 VPNApp[17974:9423325] NetworkStatus: Available interface : utun3 2022-02-16 10:53:21.320372+0530 VPNApp[17974:9423325] NetworkStatus: Available interface : pdp_ip0 2022-02-16 10:53:21.320526+0530 VPNApp[17974:9423325] NetworkStatus: [] 2022-02-16 10:53:21.320735+0530 VPNApp[17974:9423325] NetworkStatus: Supports DNS : true Could someone please explain me why this gateway address is getting used is used for per-app VPN configuration profile? Also why internet is blocking even when when NetTestAppMapping in app plist ?

I'm developing a per-app VPN iOS app with Wireguard. For that, I created a configuration file with payload type "com.apple.vpn.managed.applayer". Using the MDM server I installed some apps which need to use the VPN connection. But when I open these apps, I could see the VPN getting enabled in the device. The VPN icon appears on the notification bar but no internet connection. The VPN and internet is working correctly if I change the payload type to "com.apple.vpn.managed" in configuration file.

I established an MDM server and created a per-app vpn configuration profile with safari domains. This profile is working correctly in iOS. I want to add some apps like chrome,firefox into configuration profile as part of per app vpn feature. I checked the configuration profile documentation and found this can be done use app mapping in macOS and that is not available in iOS. How to get this implemented with profiles in iOS ?

I am trying to enable the per-app VPN for my iOS sample app. For testing purposes I used NETestAppMapping with VPNUUID in my sample app. I created a configuration profile with applayer. plist version="1.0" dict keyPayloadContent/key array dict keyIPv4/key dict keyOverridePrimary/key integer0/integer /dict keyPayloadDescription/key stringConfigures VPN settings/string keyPayloadDisplayName/key stringVPN/string keyPayloadIdentifier/key stringcom.apple.vpn.managed.applayer.82B23976-8A80-4BE8-BFFF-29DA3CC548E7/string keyPayloadType/key stringcom.apple.vpn.managed.applayer/string keyPayloadUUID/key string82B23976-8A80-4BE8-BFFF-29DA3CC548E7/string keyPayloadVersion/key integer1/integer keyProxies/key dict keyHTTPEnable/key integer0/integer keyHTTPSEnable/key integer0/integer /dict keyUserDefinedName/key stringTestPassZR/string keyVPN/key dict keyAuthName/key stringtsn/string keyAuthenticationMethod/key stringPassword/string keyIncludeAllNetworks/key integer0/integer keyProviderBundleIdentifier/key stringcom.tsn.wireguard/string keyRemoteAddress/key string54.190.85.91:31194/string /dict keyVPNSubType/key stringcom.tsn.wireguard/string keyVPNType/key stringVPN/string keyVendorConfig/key dict keyOnDemandEnabled/key string1/string /dict keyVPNUUID/key string3D7A07D8-97D0-4E5A-BB04-1EB82DD12A35/string keyOnDemandMatchAppEnabled/key false/ keyProviderType/key string packet-tunnel/string /dict /array keyPayloadDisplayName/key stringSmartPassZR/string keyPayloadIdentifier/key stringiOSDev2s-MacBook-Air.C6786341-4095-474C-98EB-CD0F7B0BAD59/string keyPayloadRemovalDisallowed/key false/ keyPayloadType/key stringConfiguration/string keyPayloadUUID/key stringB2C3510E-7C65-4353-813D-76994C6398D4/string keyPayloadVersion/key integer1/integer /dict /plist I installed the above config profile and tried opening the app. All the network calls from the app are blocked when the profile is installed. Also, I wanted my wireguard VPN to enable when the sample app is opened. In Device console, I'm getting these messages during each URL calls. path: unsatisfied (Network Agent [domain: NetworkExtension, type: AppVPN, description: AppVPN: TestPassZR, uuid: 223A8371-2C9B-47F2-80A6-F4644C7A3026, flags: 1] is unsatisfied), interface: en0, ipv4, dns default 09:08:32.711523+0530 SampleTest [C1 Hostname#f9236824:443 waiting path (unsatisfied (Network Agent [domain: NetworkExtension, type: AppVPN, description: AppVPN: TestPassZR, uuid: 223A8371-2C9B-47F2-80A6-F4644C7A3026, flags: 1] is unsatisfied), interface: en0, ipv4, dns)] event: path:unsatisfied @0.000s, uuid: 73AEBA83-9444-464A-94CC-7B24A34E2493 default 09:08:32.711898+0530 SampleTest [C1 Hostname#f9236824:443 failed path (unsatisfied (Network Agent [domain: NetworkExtension, type: AppVPN, description: AppVPN: TestPassZR, uuid: 223A8371-2C9B-47F2-80A6-F4644C7A3026, flags: 1] is unsatisfied), interface: en0, ipv4, dns)] event: null:null @0.000s default 09:08:32.745687+0530 SampleTest [C2 Hostname#785f1e61:443 waiting path (unsatisfied (Network Agent [domain: NetworkExtension, type: AppVPN, description: AppVPN: TestPassZR, uuid: 223A8371-2C9B-47F2-80A6-F4644C7A3026, flags: 1] is unsatisfied), interface: en0, ipv4, dns)] event: path:unsatisfied @0.000s, uuid: A0A406EE-1C0C-4DD3-9A48-4C442DD94400 default 09:08:32.745910+0530 SampleTest [C2 Hostname#785f1e61:443 failed path (unsatisfied (Network Agent [domain: NetworkExtension, type: AppVPN, description: AppVPN: TestPassZR, uuid: 223A8371-2C9B-47F2-80A6-F4644C7A3026, flags: 1] is unsatisfied), interface: en0, ipv4, dns)] event: null:null @0.000s