Personal VPN

With the Personal VPN feature in macOS and iOS, your app can create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2). The user must explicitly authorize your app the first time it saves a VPN configuration.

Before starting with Personal VPN, verify that the client is compatible with your VPN server. Use Apple Configurator to create a configuration profile with a VPN payload for your server. If you can connect using the VPN configuration from your configuration profile, you should be able to connect using Personal VPN.

To get started, call the shared() class method to access the NEVPNManager singleton. Then load the VPN configuration by calling loadFromPreferences(completionHandler:); if you haven’t previously saved a configuration, this call returns an empty configuration. Modify this configuration as you see fit, and save it using saveToPreferences(completionHandler:).

Once you’ve set up a Personal VPN configuration, you can connect and disconnect the VPN using the NEVPNConnection class. Use the connection property of NEVPNManager to get the correct instance of that class.

Both iOS and macOS also support managed VPN, that is, VPN configurations installed via a configuration profile. Managed VPN configurations take precedence over Personal VPN configurations. If both a managed VPN configuration and Personal VPN configuration are connected simultaneously, and both VPN tunnels are configured to act as the default route, it’s the managed VPN tunnel that will be used as the default route.