Create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2).
Framework
- Network
Extension
Overview
With the Personal VPN feature in macOS and iOS, your app can create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2). The user must explicitly authorize your app the first time it saves a VPN configuration.
Note
Personal VPN only supports recommended VPN protocols; it doesn’t support legacy VPN protocols, like PPTP and L2TP.
Before starting with Personal VPN, verify that the client is compatible with your VPN server. Use Apple Configurator to create a configuration profile with a VPN payload for your server. If you can connect using the VPN configuration from your configuration profile, you should be able to connect using Personal VPN.
To get started, call the shared()
class method to access the NEVPNManager
singleton. Then load the VPN configuration by calling load
; if you haven’t previously saved a configuration, this call returns an empty configuration. Modify this configuration as you see fit, and save it using save
.
Once you’ve set up a Personal VPN configuration, you can connect and disconnect the VPN using the NEVPNConnection
class. Use the connection
property of NEVPNManager
to get the correct instance of that class.
Both iOS and macOS also support managed VPN, that is, VPN configurations installed via a configuration profile. Managed VPN configurations take precedence over Personal VPN configurations. If both a managed VPN configuration and Personal VPN configuration are connected simultaneously, and both VPN tunnels are configured to act as the default route, it’s the managed VPN tunnel that will be used as the default route.