Intro to VPN with Apple devices
Secure access to private corporate networks is available in iOS, iPadOS, and macOS using established industry-standard virtual private network (VPN) protocols. Out of the box, iOS, iPadOS, and macOS support the following protocols and authentication methods:
IKEv2: Support for both IPv4 and IPv6 and the following:
Authentication methods: Shared secret, certificates, EAP-TLS and EAP-MSCHAPv2
Suite B cryptography: ECDSA certificates, ESP encryption with GCM, and ECP Groups for the Diffie-Hellman Group
Additional features: MOBIKE, IKE fragmentation, server redirect, split tunnel
L2TP over IPsec: User authentication by MS-CHAP v2 password, two-factor token, certificate, machine authentication by shared secret or certificate
macOS can also use Kerberos machine authentication by shared secret or certificate with L2TP over IPsec.
SSL VPN: User authentication by password, two-factor token, and certificates using a third-party VPN client
Cisco IPsec: User authentication by password, two-factor token, and machine authentication by shared secret and certificates
If your organization supports one of these protocols, no additional network configuration or third-party apps are required in order to connect Apple devices to your virtual private network.
iOS, iPadOS, and macOS also support the following technologies:
Technologies such as IPv6, proxy servers, and split tunneling provides a flexible VPN experience when connecting to an organization’s networks. iOS, iPadOS, and macOS work with a variety of authentication methods including password, two-factor token, digital certificates, and Kerberos.
VPN On Demand streamlines the connection in environments where certificate-based authentication is used by initiating a VPN session when it’s needed to connect to specified domains.
Per App VPN can configure individual apps to use a VPN connection independent from other apps. This VPN connection ensures that corporate data always flows over a VPN connection, and that other data, such as an employee’s personal apps from the App Store, doesn’t.
SSL VPN from popular VPN providers can be configured manually on an Apple device, or by using configuration profiles from your MDM solution.
iOS and iPadOS support:
Always On VPN requires that the device be connected to an approved VPN before being connected to any other network services. You can configure Always On VPN for cellular and Wi-Fi connections on supervised devices. Your VPN provider must support Always On VPN for you to implement it.