iOS VPN settings

A Virtual Private Network (VPN) allows users to send data through a private network, which enhances security.

VPN for iOS devices can be configured from Policies tab.

  1. Head on to Policies tab in Hexnode MDM console.
  2. Continue with an existing policy, or create a new one by clicking on New Policy.
  3. From iOS SettingsNetwork, select VPN.
VPN Settings Description
Connection Name Any name for the VPN to show up on the user’s device.
Connection Type Select the connection type and the rest of the settings changes accordingly. The available connection types are L2TP (default), PPTP, IPSec (Cisco), Cisco AnyConnect, Juniper SSL, F5 SSL, SonicWALL Mobile Connect, Aruba VIA, Check Point Mobile VPN and Open VPN.
Server Provide the IP address or domain name of the server.
Account Username for authenticating to the VPN server.
Proxy Set up proxy automatically or manually, or select None (default) to skip setting up proxy on devices. Proceed to the proxy set up section below for more information.

Provided here are the options available based on the connection type you’ve selected.

Configuring L2TP Connection

L2TP Settings Description
User authentication Choose how the device needs to authenticate the VPN server. Two choices are available – Password and RSA SecurID (default).
Password
(If selected Password in user authentication field)
Enter the password which is used to authenticate with the server.
Shared secret A second password required to establish a connection. Also known as pre-shared key, the shared secret is previously known to the device and the VPN server, and no one else. This key is used just to establish a connection and not used for encryption.
Send all traffic Send all network traffic via VPN. Disabled by default.

Configuring PPTP Connection

PPTP Settings Description
User authentication The method which is used to authenticate with the VPN server. Available options are Password and RSA SecurID (default).
Password
(If selected Password in user authentication field)
The password which is required to connect to the VPN server.
Encryption level Select how secure your VPN connection should be. You can choose from None (default), Automatic and Maximum (128 bit).
Send all traffic Force all traffic through the VPN. Disabled by default.

Configuring IPSec (Cisco)

IPSec (Cisco) Settings Description
Password Provide the password for server authentication.
Machine authentication Select a machine authentication method – Certificate, Shared secret/Group name (default).
Certificate
(Select certificate machine authentication to modify)
Select a credential certificate for machine authentication. If no certificates are found, probably you haven’t uploaded any. Go to iOS SettingsCertificates to upload a new certificate.
Include user PIN
(Select certificate machine authentication to modify)
The device asks the user to provide PIN while attempting to make a connection. Disabled by default.
Group name
(Select shared secret/group name machine authentication to modify)
The group name of the connection.
Shared secret
(Select shared secret/group name machine authentication to modify)
A second password, previously known to the device and the VPN server (and no one else), required to establish a connection. This key is not used for encryption, it is used just to establish a connection.
Use hybrid authentication
(Select shared secret/group name machine authentication to modify)
If you need to use hybrid authentication, check this box. Hybrid authentication is a more secure way of authentication by using a server-side certificate for the process. Hybrid authentication is enabled by default.
Prompt for password
(Select shared secret/group name machine authentication to modify)
The device prompts the user to provide the password. By default, the device will not prompt for password.

Configuring Cisco AnyConnect

AnyConnect Settings Description
Group Enter group name of AnyConnect VPN.
User authentication Select how devices authenticate with the VPN server. Select from Password and Certificate. Password will be selected by default.
Password
(Enter password if password user authentication method is selected)
Provide the password which is required to authenticate with the VPN server.
Certificate
(Select the certificate if certificate user authentication method is selected)
Select the credential certificate from the list. To add a new certificate, go to iOS SettingsCertificates and upload a new one there.

Configuring Juniper SSL Connection

Juniper SSL Settings Description
Realm Provide the authentication realm. This is the server to which the device needs to be authenticated to.
Role Assign a role to the user, means specify the resources which the users can access.
User authentication Choose a user authentication method, Password (default) or Certificate, to connect to the VPN server.
Password
(If password is selected as the user authentication method)
Enter the password to authenticate to the VPN server.
Certificate
(If certificate is selected as the user authentication method)
Select a credential certificate from the list or add a new one at iOS Settings → Certificates.

Configuring F5 SSL

F5 SSL Settings Description
User authentication Select an authentication method, one which is used to authenticate to the VPN server. The available options are Password (default) and Certificate.
Password
(Can be modified if password is selected as the user authentication method)
Provide the password which is used to authenticate to the VPN server.
Certificate
(Can be modified if certificate is selected as the user authentication method)
To select a certificate, go to iOS SettingsCertificates and upload one there. After adding a certificate, it’ll be available to select from here.

Configuring SonicWALL Mobile Connect

Mobile Connect Settings Description
Login group or domain The login group name or the domain name.
User authentication Select how to authenticate with the VPN server, using a password (default) or a certificate.
Password
(If selected Password in user authentication field)
Specify a password which can provide you access to the VPN server.
Certificate
(If selected Certificate in user authentication field)
Add a certificate from iOS SettingsCertificates and it’ll be available to select from this field.

Configuring ArubaVIA, Check Point Mobile VPN and Open VPN

Settings Description
User authentication Select the method of authentication from two options – Password and Certificate (default).
Password
(Available if user authentication is set Password)
Provide the password to connect to the VPN server.
Certificate
(Available if user authentication is set Certificate)
Select an existing credential certificate from the list. To add one, proceed to iOS SettingsCertificates.

Proxy Settings

A proxy server is used to serve as an intermediary between the devices and the internet by hiding the actual IP address of the device thereby reducing the level of risk incurred by the device. You can either skip setting up a proxy server for VPN or you can set it up, manually or automatically.

  1. None – Select this option if you don’t want to set up a proxy server.
  2. Manual – To set up proxy manually, provide
    1. Server – The IP address or the domain name of the proxy server.
    2. Port – Port number of the proxy server.
    3. Authentication – Username required to connect to the proxy server.
    4. Password – Password which is required to authenticate to the proxy server.
  3. Automatic – If you’d like to set up proxy automatically, provide the proxy server URL and you’re good.

How to associate VPN to iOS Devices or Groups?

Wondering how to associate a VPN configuration with a user/device or a group? Here’s how.

  1. Before saving the policy, head on to Policy Targets.
  2. Select Devices, Device Groups, Users or User Groups from the left pane beneath.
  3. You can search for and add devices/users/groups from there and save the policy.

If you have the policy saved already,

  1. Check a policy from the policies list.
  2. Select Associate Targets from Manage.
  3. Select the devices to associate the policy.
  •  
  •  
  •  
  •  
  •  
Desktop or Mobile, Hexnode MDM Got You Covered!
FREE 30-DAY TRIAL