OnDemand VPN Connect Delay on Startup

App & System Services Networking
ocaballero-gg OP
Created 2w
Replies 1
Boosts 0
Views 163
Participants 2

We currently have a PacketTunnelProvider providing VPN to managed devices. Our profile locks this down with OnDemandEnabled and OnDemandUserOverrideDisabled set to true.

We've received some reports that on device startup, there is a time period after Wi-Fi connects but before the OnDemand VPN kicks in to enable our VPN, where users are able to navigate to IPs that are meant to be captured by the VPN tunnel. Instead, they are able to reach these IPs directly during this time period.

Is there an expectation in regards to when OnDemand VPN is allowed to kick in to enable the VPN? Is there anything that we can do to minimize this delay?

Replies  1
Boosts  0
Views  163
Participants  2
DTS Engineer OP
Apple
2w

Is there an expectation in regards to when OnDemand VPN is allowed to kick in to enable the VPN?

No. It sounds like you’re looking for Always-on VPN, where network connections fail if the VPN is not up. Last I checked that only works for IKEv2. There isn’t a way for an NE packet tunnel provider to get the same behaviour (r. 33804980).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
OnDemand VPN Connect Delay on Startup
First post date Last post date
 
 
Q