Per App VPN
In iOS, iPadOS, and macOS, VPN connections can be established on a per-app basis, which provides more granular control over which data goes through VPN. With device-wide VPN, any client process can potentially pass traffic across the routes the tunnel provides. This ability to segregate traffic at the app level allows the separation of personal data from organizational data. As a result, Per App VPN provides secure networking for internal-use apps, while preserving the privacy of personal device activity.
Using Per App VPN for internal-use apps
Per App VPN lets each app that’s managed by a mobile device management (MDM) solution communicate with the private network using a secure tunnel, while excluding nonmanaged apps from using the private network. Managed apps can be configured with different VPN connections to further safeguard data. For example, a sales quote app could use an entirely different data center than an accounts payable app.
To use Per App VPN, an app must be managed by MDM and use standard networking APIs. After enabling Per App VPN for any VPN connection, you need to associate that connection with the apps using it to secure the network traffic for those apps. You do this with the Per App VPN mapping payload in a configuration profile.
IKEv2 is supported by the IPsec client. For information about Per App VPN support, contact third-party SSL or VPN vendors. For more information about IKEv2, see:
Per App VPN can be configured to work with the built-in VPN client on iOS and iPadOS, which support IKEv2 VPN clients.