Supported authentication methods for VPN on demand

Question

Created Jun ’23

Replies 3

Boosts 0

Participants 2

From the docs:

In iOS, iPadOS, and macOS, VPN On Demand lets Apple devices automatically establish a connection on an as-needed basis. It requires an authentication method that doesn’t involve user interaction—for example, certificate-based authentication.

I wanted to confirm that authentication methods other than certificate-based authentication is supported for on demand rules. For example, would a token based authentication be supported? In general, it would not require user interaction. The exception would be when the token expires in which case we would temporarily disable on demand so that the user could login for a fresh token.

Answered by DTS Engineer in 757148022

That doc is mainly focused on Apple’s built-in VPN transports. If you’re building your own, you get to decide what configurations require user interaction and thus support VPN On Demand.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jun ’23

Is this for your own custom VPN transport? That is, you’re building an app that contain a Network Extension tunnel provider?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

boscpear OP

Jun ’23

Yes, we have a packet tunnel provider app extension.

0

Answer 3

DTS Engineer OP

Apple

Jun ’23

Accepted Answer

That doc is mainly focused on Apple’s built-in VPN transports. If you’re building your own, you get to decide what configurations require user interaction and thus support VPN On Demand.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0