Configure OpenVPN for iOS devices
A Virtual Private Network (VPN) allows users to connect to the corporate network from a remote location, ensuring secure access to company resources.
OpenVPN is one such open-source SSL VPN built on the market-proven OpenVPN protocol. By combining advanced network security, remote access, and content filtering into a virtualized secure network, OpenVPN provides the best of VPN, SD-WAN, SASE, and ZTNA security.
Hexnode UEM assists enterprises in establishing data security strategies to prevent accidental data loss. As part of one such strategy, IT administrators can channel sensitive data through configured VPNs minimizing threats due to data interceptions. By setting up robust VPN configurations using the Hexnode portal, you can ensure that your organization’s sensitive data is bound to the safety of your corporate devices.
Hexnode UEM with OpenVPN provides flexible solutions to secure data communications and access to cloud data centers by deploying VPN configurations to iOS and macOS devices. Once the VPN policies are associated successfully with the device, users can connect to them when required.
Set up OpenVPN for iOS devices with Hexnode
To setup OpenVPN for iOS devices, login to your Hexnode portal and follow the below steps:
- Create a new policy by navigating to Policies > New Policy or continue with an existing policy.
- Go to iOS > Network > VPN and select Configure.
- Select the Connection Type as Open VPN and provide a Connection Name to be shown on the devices.
- In the Server field (Required), fill in the IP address or fully qualified domain name (FQDN) of the VPN server to connect with the devices.
- In the Accounts field, provide the username for authenticating to the VPN server. Here, you may use %name% and %email% to automatically collect username and email data respectively.
- Next, select one among the two methods of authentication:
- Password (Default) – Provide the password to connect to the VPN server.
- Certificate – Select a credential certificate from the ones added in iOS > Security > Certificates.
- If you have chosen the authentication type as Certificate, VPN on Demand option appears. Once you enable the option, you can click on +Add VPN On Demand Rule to set up further configurations.
- Additionally, you can set up a Proxy automatically or manually or select None (fault) to skip the process.
VPN On Demand
After a VPN profile is configured, the user needs to activate it on the device manually. (Although once the device loses network connectivity, the VPN will be turned off automatically.) On the other hand, VPN On Demand eliminates this manual intervention by automatically establishing VPN connections for particular domains. From Hexnode UEM console, you can set up multiple rules to customize on-demand VPN connectivity.
If the authentication type is chosen as Certificate for OpenVPN in iOS devices, you can set up VPN on Demand by enabling the checkbox. Click on +Add VPN On Demand Rule and configure the settings suiting your needs:
- Select the Action defining the devices’ VPN connectivity based on the configured rules. Once the configured on-demand VPN rules is satisfied, the mentioned action will be executed on the device.
- Connect: Automatically initiates an on-demand VPN connection if the system tries to connect to a network.
- Disconnect: Disables current VPN connection and will disable future on-demand VPN connection on the device.
- Ignore: Stops making new on-demand VPN connections. Although current VPN status will be left unchanged on the device.
- Next, select the Network Type to be configured for the VPN On Demand. Ethernet, Wi-Fi (default), Cellular and None are the available options.
Depending on the chosen Network Type, fill in the rest of the required details such as SSID, Domain, Server Address and Probe URL.
As an additional layer of security, you can set up a proxy server while configuring the VPN policy to hide the actual IP address of iOS devices. Within the Hexnode portal, you can select whether the proxy server must be setup manually, automatically or skip the process altogether.
- None – If you don’t want to set up a proxy server.
- Manual – To set up proxy manually by providing the details of Server, Port, Authentication and Password.
- Automatic – To set up proxy automatically by providing the proxy server URL.
How to deploy the OpenVPN policy to Devices/Groups?
After configuring the OpenVPN settings,
- Navigate to Policy Targets and click on +Add Devices.
- Select the desired targets (devices, device groups, users, user groups or domains) from the left pane and click OK.
- Save the policy by clicking Save.
What happens at the device end?
In iOS devices, once the policy is associated successfully, you can navigate to Settings > General > VPN on the device to view and connect to the saved VPN configuration.
For further details on configuring VPN for iOS devices via Hexnode UEM, refer to iOS VPN Settings.