VPNs on an iPhone or iPad still have a big problem. You can’t easily enable an “Always-on VPN” mode that forces your applications to connect only through a VPN. With iOS 8, Apple added this feature — although it’s hidden and hard to access.
“Always-on VPN” is designed for businesses and other organizations, so it must be enabled with a configuration profile or a mobile device management server. After enabling it, the VPN will always be activated. If the VPN connection fails, apps on your device won’t be allowed to connect to the Internet until it comes back up.
This isn’t as simple as flipping a switch on your iPhone or iPad. You’ll need a specific type of VPN, your iOS device will have to be in supervised mode, and then the option can only be enabled via a configuration profile or mobile device management server. Here’s what you’ll need:
- An IKEv2 VPN: This requires you’re using an IKEv2 VPN on your iPhone or iPad. If you’re setting up your own VPN server, use server software that offers this type of VPN. For example, StrongSwan runs on Linux, Mac OS X, FreeBSD, and other operating systems, offering an open-source VPN server that supports the IKEv2 protocol.
- A Supervised iPhone or iPad: You can’t simply enable the “always-on” VPN option on a mobile device management server or with a configuration profile. This option requires your iPhone or iPad be “supervised,” which will require a complete reset of the iPhone or iPad.
- A Configuration Profile or Mobile Device Management Server: Once your device is supervised, you’ll need to enable this option via a configuration profile created with Apple Configurator, or on a mobile device management server. We’ll cover the configuration profile method, but know that you can remotely activate this option an an MDM server if you have your iPhone or iPad managed via one.
Supervise Your iPhone or iPad and Install the Profile
Assuming your iOS device isn’t supervised yet, you’ll need to supervise it first before continuing. Install the Apple Configurator application on your Mac — yes, you need a Mac for this process.
Be sure to disable the “Find My iPhone” or “Find My iPad” feature in the iCloud Settings pane before continuing. If you don’t, you won’t be able to supervise the device and will instead see an error message.