Multiple Simultaneous VPN Tunnels Connections in iOS

My Client has a requirement to develop VPN Client which capable of handling multiple tunnels simultaneously. Goal is to have different endpoints for different networks through multiple VPN Profiles.

In macOS, this can be done using multiple utunx virtual interfaces with routing.

Is it possible to achieve the same in iOS?
Up vote post of Sathindra_ Down vote post of Sathindra_
1.9k views
Posted by
Sathindra_
Reply
Add a Comment

Accepted Reply

Is it possible to achieve the same in iOS?

The short answer is no. The longer answer is in the Configuration Model explanation here. A summary of this is that only one NEPacketTunnelProvider can run on the system at one time because they are considered Enterprise VPNs. If a Personal VPN (NEVPNManager) is running on the system and a Enterprise VPN (NEPacketTunnelProvider) is started then the Enterprise VPN will take precedence over the traffic claimed by the Personal VPN. Only one Personal VPN can claim traffic at one time. If an Enterprise VPN (NEPacketTunnelProvider) is running and only claiming a small subset of traffic and a Personal VPN is enabled, a Personal VPN would have an opportunity to claim traffic not routed by the Enterprise VPN (this is a very rare case though).


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Replies

Is it possible to achieve the same in iOS?

The short answer is no. The longer answer is in the Configuration Model explanation here. A summary of this is that only one NEPacketTunnelProvider can run on the system at one time because they are considered Enterprise VPNs. If a Personal VPN (NEVPNManager) is running on the system and a Enterprise VPN (NEPacketTunnelProvider) is started then the Enterprise VPN will take precedence over the traffic claimed by the Personal VPN. Only one Personal VPN can claim traffic at one time. If an Enterprise VPN (NEPacketTunnelProvider) is running and only claiming a small subset of traffic and a Personal VPN is enabled, a Personal VPN would have an opportunity to claim traffic not routed by the Enterprise VPN (this is a very rare case though).


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment
Thanks for the response. I understood from https://developer.apple.com/videos/play/wwdc2015/717/ video that this requirement is not possible. But couldn't find a reference to backed up the claim. This is exactly what I was looking.
Posted by
Sathindra_
Up vote reply of Sathindra_ Down vote reply of Sathindra_
Add a Comment

I have same task: using simultaneously vpns for home, work, yggdrasil and onion resources from my iOS devices.

The only solutions for iOS are to use one vpn in the middle or per-app vpns at mdm enterprise devices.

My way is order cheap vps where I setup all vpns I need and iOS use one vpn tunnel that route to all my destinations. Then the solution will be: you can’t develop one-app vpn client but you can develop service with iOS client app. And btw this must have commercial success if clients will trust this service. Client don’t have ipv6 - your service give it, have ipv6 and don’t ipv4 - service fix, also access to *.meshname, *.onion, opennic dns, homes and office merging etc

Posted by
Kilrathi
Up vote reply of Kilrathi Down vote reply of Kilrathi
Add a Comment