Account per VPN

Hello,
I hope I am in the right place. I have a question about "account via VPN" for my mobileconfig. I found this link on the internet (https://support.apple.com/de-de/guide/mdm/mdm2e7ee35ec/web)

Account via VPN is advertised. However, I can not find anything in the VPN Payload Developer Guide. Also I can not find anything on the Internet. I find only App per VPN.

But what about "Account via VPN"? (https://developer.apple.com/documentation/devicemanagement/vpn) does anyone know where I can find the VPN Payload? or does anyone have a piece of code please?


Thanks a lot

Best Regards
Vetozzz

Replies

To set up per-account VPN you install (at least) two payloads. The first is an app layer VPN payload which is documented here. This payload sets up the VPN configuration and assigns is a VPNUUID. The second payload is any of the account payloads, such as an Exchange ActiveSync payload, Mail payload, or CalDAV payload. These account payloads also have a VPNUUID key. If the VPNUUID key of an account payload matches the VPNUUID of an app layer VPN payload, network traffic for that account is routed through that VPN.
  • Hi, I wonder if there is a similar functionality for macOS. I see that macOS account configurations (in this case, ExchangeWebServices) lack VPN UUID.

Add a Comment
Per-account-VPN follows the same concept as Per-App-VPN : you deploy an app-layer-vpn profile (which looks very similar to a VPN payload), and you use VPNUUID key to refer to it (in the profile payload for the service, in the Attributes section of the application - see https://developer.apple.com/documentation/devicemanagement/installapplicationcommand/command/attributes?changes=latest_minor&language=objc - for Apps).