Download speed Issue with Per-App VPN Using WireGuard Protocol

DESCRIPTION OF PROBLEM We have developed an app and server based on the WireGuard protocol. While we have successfully implemented device-wide VPN, we are now working on enabling per-app VPN functionality.

The per-app VPN payload is successfully delivered, and the designated app can read the configuration and establish a connection to the VPN server. However, we are experiencing extremely slow download data rates, measuring only in bytes.

Steps Taken: Created an app-layer payload. Configured NETestAppMapping in the app’s Info.plist, using the VPNUUID defined in the payload for the Chrome app.

Despite these configurations, data transfer remains significantly slow. We would appreciate any insights into potential causes or recommendations to resolve this performance issue.

Thank you for your assistance.

Answered by DTS Engineer in 826034022

I’m not aware of any configuration options that might cause a packet tunnel provider in per-app VPN to run super slowly. You’ll need to investigate this within your packet tunnel provider.

I recommend that you start by creating a test app to see if that reproduces the problem. If it does, you can work the issue from ‘both sides’, using a packet trace to see what’s happening on the wire and then your own logging, in both your test app and your packet tunnel provider, to see what’s happening internally.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Apple platforms don’t have any built-in support for the WireGuard protocol. So, how are you implementing that? From scratch, using your own code? Or using a third-party library?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

We are implementing this using the open-source WireGuard library RepoLink I would like to understand if there’s anything missing from the iOS configuration that might be causing this issue. I have attached the mobileConfig file for reference. If everything in the configuration is correct and aligns with Apple's requirements for Per-App VPN, could you help identify potential reasons why the download speed is so slow?

This is the payload for App layer VPN

  
    PayloadUUID
    bde8a971-58f1-4393-ba88-18dcc5fbb721
    PayloadVersion
    1
    PayloadOrganization
    SOTI MobiControl
    PayloadIdentifier
    net.soti.config.d7eae01a-3d3a-42fd-a0b8-201b6c35a82c
    PayloadType
    Configuration
    PayloadDisplayName
    vdiu
    PayloadDescription
    (Version 3) 
    PayloadRemovalDisallowed
    
    PayloadContent
    
      
        VPN
        
          AuthenticationMethod
          Password
          OnDemandUserOverrideDisabled
          1
          RemoteAddress
          *****
          OnDemandEnabled
          1
          OnDemandMatchAppEnabled
          
          ProviderType
          packet-tunnel
          OnDemandRules
          
            
              Action
              Connect
            
          
        
        VPNSubType
        net.soti.vpn
        VPNType
        VPN
        VendorConfig
        
          SOTIVPNConfig
          
[Interface]
PrivateKey = *****
Address = 10.10.0.1
DNS = 8.8.8.8
DNSMatchDomains = *****

[Peer]
PublicKey = ****
Endpoint = ****:51820
AllowedIPs = ****

        
        UserDefinedName
        vdu12feb
        VPNUUID
        b33e2d59-fbf2-42f2-9c77-421b46a90c33
        PayloadType
        com.apple.vpn.managed.applayer
        OnDemandMatchAppEnabled
        
        PayloadVersion
        1
        PayloadIdentifier
        net.soti.sotivpn.bed9631d-5105-4a71-8883-2ea16be20002
        PayloadUUID
        a6fa3e14-e8e5-4eea-94ba-4e3ba406ac6a
        PayloadDisplayName
        SotiVpn
        PayloadDescription
        Configures Soti VPN settings, including authentication.
        PayloadOrganization
        SOTI MobiControl
      
    
  

I’m not aware of any configuration options that might cause a packet tunnel provider in per-app VPN to run super slowly. You’ll need to investigate this within your packet tunnel provider.

I recommend that you start by creating a test app to see if that reproduces the problem. If it does, you can work the issue from ‘both sides’, using a packet trace to see what’s happening on the wire and then your own logging, in both your test app and your packet tunnel provider, to see what’s happening internally.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Download speed Issue with Per-App VPN Using WireGuard Protocol
 
 
Q