Apps removed from PerAppVPN configuration after App Update

We are an MDM Solution . We are offering Per-App-VPN Configurations to Users.

Currently we are experiencing an issue with it. While Applying per-app vpn configuration to the Device, It works fine and the Respective App is in VPN Network. Till now everything works as expected.

Also I can see my device name in the Device Settings (Settings -> VPN Management -> Per App VPN Configurations)

When a New App Update for that app is Pushed to the device. App Starts update and also the App is not anymore configured to the Vpn Configurations .

I can reproduce this locally everytime i try.

Have Attached a Payload for reference

Payload Sent:

> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>PayloadUUID</key>
	<string>33885c2b-7d69-405d-9e5f-94d579357647</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadOrganization</key>
	<string>MDM</string>
	<key>PayloadIdentifier</key>
	<string>com.mdm.54119da4-ed12-46d2-bc8c-bfc73c945bde.perapppvpn</string>
	<key>PayloadDisplayName</key>
	<string>perapppvpn</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PayloadUUID</key>
			<string>4b806a39-dd71-4a81-a08f-5cb78f07352c</string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed.applayer</string>
			<key>PayloadOrganization</key>
			<string>MDM</string>
			<key>PayloadIdentifier</key>
			<string>4b806a39-dd71-4a81-a08f-5cb78f07352c</string>
			<key>PayloadDisplayName</key>
			<string>Per-App VPN Profile Configuration</string>
			<key>UserDefinedName</key>
			<string>Per-App VPN Configuration</string>
			<key>Proxies</key>
			<dict>
			</dict>
			<key>VPN</key>
			<dict>
				<key>RemoteAddress</key>
				<string>**********</string>
				<key>AuthenticationMethod</key>
				<string>Password</string>
				<key>ProviderType</key>
				<string>packet-tunnel</string>
				<key>OnDemandMatchAppEnabled</key>
				<true/>
			</dict>
			<key>VendorConfig</key>
			<dict>
			</dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>1</integer>
			</dict>
			<key>VPNSubType</key>
			<string>*********</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VPNUUID</key>
			<string>8dc013a1-a525-4b45-8913-bbc40cd60985</string>
		</dict>
	</array>
</dict>
</plist>|
Up vote post of MohamedJaffer24 Down vote post of MohamedJaffer24
401 views
Posted by
MohamedJaffer24
Reply
Add a Comment

Accepted Reply

Please confirm that the subsequent InstallApplicationCommand being issued to update the application also contains the VPNUUID key in the Attributes dictionary, as described here: https://developer.apple.com/documentation/devicemanagement/installapplicationcommand/command/attributes

Posted by
Systems Engineer
Up vote reply of Systems Engineer Down vote reply of Systems Engineer
Post marked as solved

  • We have not added VPNUUID in Attributes Dictionary in InstallApplication command. Instead we have added ApplicationAttributes Item value in InstallManagedSettings. Will this enough or we need to add in installApplication Attributes?

    `

    MohamedJaffer24

  • Are you resending the InstallManagedSettings command after the second InstallApplicationCommand used to update the application? When possible, it is recommended to send the app attributes as part of the InstallApplicationCommand. If later on, only the app attributes needs to be updated, use the InstallManagedSettings command.

    nhussein

  • @nhussein Thank you and Will Try this and update the result here

    MohamedJaffer24
Add a Comment

Replies

Please confirm that the subsequent InstallApplicationCommand being issued to update the application also contains the VPNUUID key in the Attributes dictionary, as described here: https://developer.apple.com/documentation/devicemanagement/installapplicationcommand/command/attributes

Posted by
Systems Engineer
Up vote reply of Systems Engineer Down vote reply of Systems Engineer
Post marked as solved

  • We have not added VPNUUID in Attributes Dictionary in InstallApplication command. Instead we have added ApplicationAttributes Item value in InstallManagedSettings. Will this enough or we need to add in installApplication Attributes?

    `

    MohamedJaffer24

  • Are you resending the InstallManagedSettings command after the second InstallApplicationCommand used to update the application? When possible, it is recommended to send the app attributes as part of the InstallApplicationCommand. If later on, only the app attributes needs to be updated, use the InstallManagedSettings command.

    nhussein

  • @nhussein Thank you and Will Try this and update the result here

    MohamedJaffer24
Add a Comment