Intro to VPN with Apple devices
Secure access to private corporate networks is available in iOS, iPadOS, and macOS using established industry-standard virtual private network (VPN) protocols. Out of the box, iOS, iPadOS, and macOS support the following protocols and authentication methods:
IKEv2: Support for both IPv4 and IPv6 and the following:
Authentication methods: Shared secret, certificates, EAP-TLS and EAP-MSCHAPv2
Suite B cryptography: ECDSA certificates, ESP encryption with GCM, and ECP Groups for the Diffie-Hellman Group
Additional features: MOBIKE, IKE fragmentation, server redirect, split tunnel
L2TP over IPSec: User authentication by MS-CHAP v2 password, two-factor token, certificate, machine authentication by shared secret or certificate
macOS can also use Kerberos machine authentication by shared secret or certificate with L2TP over IPSec.
SSL VPN: User authentication by password, two-factor token, and certificates using a third-party VPN client
Cisco IPSec: User authentication by password, two-factor token, and machine authentication by shared secret and certificates
If your organization supports one of these protocols, no additional network configuration or third-party apps are required in order to connect Apple devices to your virtual private network.
iOS, iPadOS, and macOS also support:
Technologies such as IPv6, proxy servers, and split tunneling, providing a flexible VPN experience when connecting to an organization’s networks. iOS, iPadOS, and macOS work with a variety of authentication methods including password, two-factor token, digital certificates, and Kerberos.
VPN On Demand, which streamlines the connection in environments where certificate-based authentication is used by initiating a VPN session when it’s needed to connect to specified domains.
Per App VPN, which can configure individual apps to use a VPN connection independent from other apps. This VPN connection ensures that corporate data always flows over a VPN connection, and that other data, such as an employee’s personal apps from the App Store, doesn’t.
Always-on VPN, which requires the device to connect to an approved VPN before connecting to any other network services. You can configure always-on VPN for cellular and Wi-Fi connections on supervised devices. Your VPN provider must support always-on VPN for you to implement it.
SSL VPN from popular VPN providers, which can be configured manually on an Apple device, or by using configuration profiles from your MDM solution.