LOGO

Enable Always-On VPN on iPhone & iPad - A Step-by-Step Guide

June 8, 2015
Topics:Apple iPhoneHardwareiPhone
Enable Always-On VPN on iPhone & iPad - A Step-by-Step Guide

The Challenge of Always-On VPN on iOS Devices

Utilizing VPNs on iPhones and iPads continues to present a significant hurdle for users. A straightforward method for activating a persistent "Always-on VPN" function, which would mandate all application traffic to route exclusively through a VPN connection, remains elusive.

Although introduced with iOS 8, this functionality isn't readily available through standard settings. Apple intentionally designed the "Always-on VPN" feature with a specific user base in mind.

Designed for Enterprise Use

The "Always-on VPN" capability is primarily intended for deployment within business environments and larger organizations. Consequently, its activation necessitates the use of a configuration profile or a mobile device management (MDM) server.

Once enabled through these methods, the VPN connection remains consistently active. This ensures a continuous secure tunnel for all network traffic originating from the device.

How Always-On VPN Functions

A crucial aspect of this feature is its fail-safe mechanism. Should the VPN connection experience an interruption or failure, applications on the iOS device are prevented from accessing the internet.

This restriction remains in effect until the VPN connection is successfully re-established, guaranteeing that data is never transmitted outside the protected VPN tunnel.

Essentially, it provides a robust security measure by enforcing VPN usage at all times, preventing accidental exposure of data.

Essential Requirements

Related: Guidance on Establishing a VPN Connection on iPhones and iPads

Activating this feature on your iPhone or iPad isn't a straightforward process. It necessitates a particular VPN type, the device must be operating in supervised mode, and the setting can only be activated through a configuration profile or a mobile device management (MDM) server. Here’s a breakdown of the prerequisites:

  • IKEv2 VPN Protocol: The use of an IKEv2 VPN is mandatory for this functionality on your iPhone or iPad. If you are deploying your own VPN server, ensure the server software supports this protocol. StrongSwan, for instance, is an open-source VPN server compatible with Linux, macOS, FreeBSD, and other systems, providing IKEv2 support.
  • Supervised iOS Device: The "always-on" VPN setting cannot be directly enabled on a device without supervision. Your iPhone or iPad must be placed into a supervised state, which typically involves a factory reset of the device.
  • Configuration Profile or MDM Server: Following device supervision, the feature must be enabled using either a configuration profile generated with Apple Configurator, or through a mobile device management server. We will focus on the configuration profile method, though remote activation is possible via an MDM server if your device is managed in this way.

Supervision and Profile Installation on iOS Devices

Prior to proceeding, ensure your iPhone or iPad is not already supervised. If it isn't, the initial step involves initiating the supervision process. The Apple Configurator application must be installed on a Mac computer, as this is a prerequisite for the procedure.

Before continuing, it’s crucial to deactivate the “Find My iPhone” or “Find My iPad” functionality within the iCloud Settings. Failure to do so will prevent successful supervision and result in an error message being displayed.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-1.jpg

Further Reading: Essential Information Regarding iPhone and iPad Backups

Connect your iPhone or iPad to your Mac and launch Apple Configurator. Assign a name to the device and then activate supervision by toggling the “Supervision” slider to the On position. Click the Organization Info button and input a name representing your organization. Finally, initiate the preparation process by clicking the Prepare button.

Important Note: The preparation of your iPhone or iPad will result in complete data erasure. Creating a backup using iTunes is highly recommended beforehand. Subsequently, you can restore from this backup, or alternatively, restore from a standard iCloud backup.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-2.jpg

Apple Configurator will then proceed to prepare and supervise the device. This entails downloading a fresh copy of iOS and configuring the device from its initial state. The duration of this process, dependent on your internet speed, may range from fifteen to twenty minutes.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-3.jpg

Upon completion, the standard iPhone or iPad setup process will be required. You will be presented with the option to restore from a pre-existing backup or configure the device as new.

Verification of the supervised status can be achieved by navigating to Settings > General > Profile. This section will confirm that the device is now under supervision.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-4.jpg

Establishing an Always-On VPN Profile

The implementation of an always-on VPN necessitates the application of a configuration profile. Instructions for generating profile files containing VPN settings have been previously detailed, and the current procedure closely mirrors that approach. However, the always-on VPN functionality mandates that the device be designated as "supervised," precluding simple profile creation and installation.

With your iPhone or iPad connected to the same Mac, locate and click the Supervise icon positioned at the top of the Apple Configurator window. Select the connected device, then click the + button at the bottom of the Profiles list. From the options presented, choose "Create New Profile."

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-5.jpg

Further Reading: Streamlining iPhone and iPad VPN Setup with Configuration Profiles

Within the profile creation process, select the VPN category and proceed to Configure. From the Connection Type options, select IKEv2. The "Always-on VPN (supervised only)" option will then become available for activation. Populate the remaining fields with the server and connection details required by your VPN service. Should the server necessitate certificates, navigate to the Certificates category and upload the necessary credentials.

Detailed guidance on configuring VPNs on iOS devices using a configuration profile can be found in our comprehensive guide.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-6.jpg

After the profile is created, ensure it is enabled within the list and click the Apply button. This action will deploy the profile to the supervised iPhone or iPad currently connected to your Mac.

how-to-enable-always-on-vpn-on-an-iphone-or-ipad-7.jpg

Currently, achieving an "always-on" mode is limited to specific VPN types, and the aforementioned process is essential for its implementation. While iOS 8 maintains VPN connections even with the screen deactivated, this differs from a true always-on VPN that actively prevents application data transmission over standard cellular or Wi-Fi networks.

Image Source: William Hook on Flickr

#always-on vpn#iphone#ipad#vpn configuration#ios vpn#secure vpn

Related Posts

Apple Watch Backup, Wipe & Restore: A Complete Guide

Apple Watch Backup, Wipe & Restore: A Complete Guide

How to Print Photos From Your iPhone - Easy Guide

How to Print Photos From Your iPhone - Easy Guide

Sync Photos to Apple Watch: A Simple Guide

Sync Photos to Apple Watch: A Simple Guide

Can't Delete Photos on iPhone? Troubleshooting & Fixes

Can't Delete Photos on iPhone? Troubleshooting & Fixes

Best One-Handed iPhone Games - Fun on the Go!

Best One-Handed iPhone Games - Fun on the Go!

iPhone/iPad Storage Full? What To Do - Tips & Tricks

iPhone/iPad Storage Full? What To Do - Tips & Tricks