Per App VPN | NEPacketTunnelProvider

More explanation of my question,

Per App VPN is implemented, I got the Device enrolment URL from Mobile Device Management, after enrolment a profile is downloaded to my iPhone. I opened it via editor, it doesn't contain required keys in Payload like VPN-UUID, ProviderType etc. what are the steps to get these keys in my Profile? after this, how will I get app id in my packet tunnel provider?

I can’t really help you with your MDM solution. If it’s not setting up per-app VPN correctly, you’ll have to raise that issue with its vendor.

However, you can test per-app VPN without an MDM solution. See Testing Per-App VPN on this page.

IMPORTANT As discussed on that page, this only works for development-signed code. For distribution-signed code you must use MDM. For more info about NE deployment scenarios, see TN3134 Network Extension provider deployment.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

implementing Testing Per App VPN. but packet.metadata?.sourceAppUniqueIdentifier is still nil. I've another confusion that how can I set NETunnelProviderRoutingMethod from NETunnelProviderRoutingMethod.destinationIP to NETunnelProviderRoutingMethod.sourceApplication

attached is my manual created VPN Profile

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
  <dict>
  <key>PayloadUUID</key>
  <string>C3179238-32FE-406E-A3E1-30700BF42977</string>
  <key>PayloadType</key>
  <string>com.apple.vpn.managed.applayer</string>
      <key>PayloadIdentifier</key>
  <string>com.apple.vpn.managed.applayer.C3179238-32FE-406E-A3E1-30700BF42977</string>
  <key>VPNSubType</key>
  <string>xx.xx.***.appBundleID</string>
  <key>VPNType</key>
  <string>VPN</string>
  <key>UserDefinedName</key>
  <string>VPN_CONFIG</string>
  <key>PayloadDescription</key>
  <string>Configure VPN settings</string>
  <key>PayloadDisplayName</key>
  <string>VPN</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>VPNUUID</key>
  <string>3D7A07D8-97D0-4E5A-BB04-1EB82DD12A35</string>
  <key>IPv4</key>
  <dict>
  <key>OverridePrimary</key>
  <integer>0</integer>
  </dict>
  <key>Proxies</key>
  <dict>
  <key>HTTPEnable</key>
  <integer>0</integer>
  <key>HTTPSEnable</key>
  <integer>0</integer>
  </dict>
  <key>VPN</key>
  <dict>
  <key>AuthName</key>
  <string>xxxx</string>
  <key>AuthPassword</key>
  <string>yyyy</string>
  <key>AuthenticationMethod</key>
  <string>Password</string>
  <key>ProviderBundleIdentifier</key>
  <string>zzzz</string>
  <key>RemoteAddress</key>
  <string>abc.co.jp</string>
  </dict>
  </dict>
  </array>
  <key>PayloadDisplayName</key>
  <string>Name not set</string>
  <key>PayloadIdentifier</key>
  <string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
  <key>PayloadRemovalDisallowed</key>
  <false/>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>88D93328-F0AE-4AC6-9AE5-FFA6A4B5BCBF</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>

I've another confusion that how can I set NETunnelProviderRoutingMethod from NETunnelProviderRoutingMethod.destinationIP to NETunnelProviderRoutingMethod.sourceApplication

That’s determined by the configuration profile payload type:

• Standard VPN configurations, with a payload type of com.apple.vpn.managed, yield destination IP routing.

• Per-app VPN configurations, with a payload type of com.apple.vpn.managed.applayer, yield source application routing.

Keep in mind that the former only supports packet tunnel providers, whereas the latter supports both packet tunnel and app proxy providers. In that second case the ProviderType property is important.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

thanks, I have added apps into my info.plist under the NETestAppMapping which I want to trigger the per app vpn) but it is not working as expected. my manual profile is attached in my upper post.

It’s hard to say what’s going on here with a much more in-depth investigation, something I don’t have time for here on DevForums. However, I can share my setup with you. Pasted in below is a snippet from the Info.plist and configuration profile of the app proxy I use to test this stuff.

Probably the most non-obvious thing here is that I have NETestAppMapping target a test app that I control (that’s what com.example.apple-samplecode.QNEAppProxyTestApp-iOS points to). That way I can ‘see’ both ends of the equation.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

<key>NETestAppMapping</key>
<dict>
    <key>825886EA-BB00-4805-ADD6-1674C531669E</key>
    <array>
        <string>com.example.apple-samplecode.QNEAppProxyTestApp-iOS</string>
    </array>
</dict>

<key>PayloadContent</key>
<array>
    <dict>
        <key>PayloadUUID</key>
        <string>E6671FFB-66C2-49F7-AB1B-CD5A0AB4EE26</string>
        <key>PayloadType</key>
        <string>com.apple.vpn.managed.applayer</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.vpn.managed.applayer.388257C2-7902-42B5-BDAE-6E69A441C3A2</string>
        <key>VPNType</key>
        <string>VPN</string>
        <key>VPNSubType</key>
        <string>com.example.apple-samplecode.QNEAppProxy-iOS</string>
        <key>UserDefinedName</key>
        <string>QNEAppProxy</string>
        <key>PayloadDescription</key>
        <string>Configures VPN settings</string>
        <key>PayloadDisplayName</key>
        <string>VPN</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>VPNUUID</key>
        <string>825886EA-BB00-4805-ADD6-1674C531669E</string>
        <key>VPN</key>
        <dict>
            <key>RemoteAddress</key>
            <string>example.com</string>
            <key>AuthenticationMethod</key>
            <string>Password</string>
            <key>AuthName</key>
            <string>mrgumby</string>
            <key>AuthPassword</key>
            <string>opendoor</string>
        </dict>
        <key>Proxies</key>
        <dict>
            <key>HTTPEnable</key>
            <integer>0</integer>
            <key>HTTPSEnable</key>
            <integer>0</integer>
        </dict>
        <key>VendorConfig</key>
        <dict>
            <key>dummy</key>
            <integer>1</integer>
        </dict>
    </dict>
</array>

Thanks for being so kind. under your guidance I adjusted my configuration profile but still my packet.metadata?.sourceAppUniqueIdentifier is nil . attaching my updated profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
  <dict>
  <key>PayloadUUID</key>
  <string>C3179238-32FE-406E-A3E1-30700BF42977</string>
  <key>PayloadType</key>
  <string>com.apple.vpn.managed.applayer</string>
  <key>PayloadIdentifier</key>
  <string>com.apple.vpn.managed.applayer.C3179238-32FE-406E-A3E1-30700BF42977</string>
  <key>VPNSubType</key>
  <string>bundle id of my source app</string>
  <key>VPNType</key>
  <string>VPN</string>
  <key>UserDefinedName</key>
  <string>VPN_CONFIG</string>
  <key>PayloadDescription</key>
  <string>Configure VPN settings</string>
  <key>PayloadDisplayName</key>
  <string>VPN</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>VPNUUID</key>
  <string>3D7A07D8-97D0-4E5A-BB04-1EB82DD12A35</string>
  <key>IPv4</key>
  <dict>
  <key>OverridePrimary</key>
  <integer>0</integer>
  </dict>
  <key>Proxies</key>
  <dict>
  <key>HTTPEnable</key>
  <integer>0</integer>
  <key>HTTPSEnable</key>
  <integer>0</integer>
  </dict>
  <key>VPN</key>
    <dict>
  <key>AuthName</key>
  <string>xxxx</string>
  <key>AuthPassword</key>
  <string>yyyy</string>
  <key>AuthenticationMethod</key>
  <string>Password</string>
  <key>ProviderBundleIdentifier</key>
  <string>zzzz</string>
  <key>RemoteAddress</key>
  <string>abc.co.jp</string>
  </dict>
  </dict>
  </array>
  <key>PayloadDisplayName</key>
  <string>Testing Name</string>
  <key>PayloadIdentifier</key>
  <string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
  <key>PayloadRemovalDisallowed</key>
  <false/>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>88D93328-F0AE-4AC6-9AE5-FFA6A4B5BCBF</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>

How do i get the VPNUUID for a application ?