L2TP MDM settings for Apple devices
You can configure an L2TP VPN connection for users of an iPhone, iPad, Mac, or Apple Vision Pro, and for an Apple TV enrolled in a mobile device management (MDM) solution. If you have this type of VPN server, choose Layer 2 Tunneling Protocol (L2TP) so your Apple devices can use this method for connecting to the VPN service.
You can use the L2TP settings in the table below with the VPN payload.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Connection name | The display name of the VPN connection. | Yes | |||||||||
Hostname | The IP address or fully qualified domain name (FQDN) of the VPN server. | Yes | |||||||||
Account | The user account for authenticating the VPN connection. | Yes | |||||||||
L2TP User Authentication | The method of user authentication. Available types for L2TP are:
| Yes | |||||||||
Shared secret | The shared secret for the VPN connection. | No | |||||||||
Send all traffic through the VPN connection | Specifies whether to send all traffic through the VPN connection. | No | |||||||||
VPN on Demand | Specifies whether to enable VPN on Demand. The action applies to all matching addresses. Addresses are compared using simple string matching, starting from the end and working backward. The address “.betterbag.com” matches “support.betterbag.com” and “sales.betterbag.com,” but doesn’t match “www.private-betterbag.com.” However, if you specify the match domain as “betterbag.com”—notice there isn’t a period at the beginning—it matches “www.private-betterbag.com” and all the others. | No | |||||||||
Match domain or hostname | Domain and hostnames that can establish a VPN connection. When domains or hostnames are added, VPN on Demand can be configured for each entry. These options are:
| No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how L2TP settings are applied to your devices and users, consult your MDM vendor’s documentation.