Personal VPN

Create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2).

Overview

With the Personal VPN feature in macOS and iOS, your app can create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2). The user must explicitly authorize your app the first time it saves a VPN configuration.

Before starting with Personal VPN, verify that the client is compatible with your VPN server. Use Apple Configurator to create a configuration profile with a VPN payload for your server. If you can connect using the VPN configuration from your configuration profile, you should be able to connect using Personal VPN.

To get started, call the sharedManager class method to access the NEVPNManager singleton. Then load the VPN configuration by calling loadFromPreferencesWithCompletionHandler:; if you haven’t previously saved a configuration, this call returns an empty configuration. Modify this configuration as you see fit, and save it using saveToPreferencesWithCompletionHandler:.

Once you’ve set up a Personal VPN configuration, you can connect and disconnect the VPN using the NEVPNConnection class. Use the connection property of NEVPNManager to get the correct instance of that class.

Both iOS and macOS also support managed VPN, that is, VPN configurations installed via a configuration profile. Managed VPN configurations take precedence over Personal VPN configurations. If both a managed VPN configuration and Personal VPN configuration are connected simultaneously, and both VPN tunnels are configured to act as the default route, it’s the managed VPN tunnel that will be used as the default route.

Topics

Essentials

Personal VPN Entitlement

The API an app can use to create and control a custom system VPN configuration.

Key: com.apple.developer.networking.vpn.api

VPN Configuration

NEVPNManager

An object to create and manage a Personal VPN configuration.

NEVPNProtocolIKEv2

Settings for an IKEv2 VPN configuration.

NEVPNProtocolIPSec

Settings for an IPsec VPN configuration.

NEVPNProtocol

Settings common to both IKEv2 and IPsec VPN configurations.

VPN Control

NEVPNConnection

An object to start and stop a Personal VPN connection and get its status.

See Also

Virtual Private Networks

Packet Tunnel Provider

Implement a VPN client for a packet-oriented, custom VPN protocol.

App Proxy Provider

Implement a VPN client for a flow-oriented, custom VPN protocol.