Hello,
I am trying to supervise my daughters iPad using Apple Configurator to enforce an always on VPN connection to firewalla. This way whether she is on any WiFi or cellular she is always routed through Firewalla for filtering and control.
The only options for the VPN are:
-IKEv2
-IPsec
-L2TP
-Cisco Anyconnect
-Custom SSL
Would any of these work or am I out of luck?
Thanks!!
Wireguard on iPhone has ability to force VPN for all wifi or wifi list etc.
I have my daughter’s iPhone set up with WireGuard. I then removed the app from the homes screen (so it’s just in the app folder on the last screen) there is still a way to turn it off in settings. What you are talking about is not available right out of the box. I had my FWG set up with IKEv2/L2TP for awhile but was a hassle to maintain without a UI. It’s possible, but everything is managed via SSH and custom IP Table rules.
Passpartout app for Wireguard config and set as always on. Seems stable and after reboot. Could you set the app to have restrictions on the device. Maybe use Screen Time and make the app unavailable always, as hidden and hope the function still works with the always on. Just means then that she cannot get into the app to turn off the VPN.
The VPN types you’ve provided are the built in ones for IOS, consider getting one like OpenVPN, or WireGuard’s clients from the app store. Then you’ll be able to use those VPN server types as well that are on the FW.
Wireguard’ll be the fastest/most efficient protocol btw.
This is how I use it. Always on - except when connected to my wireless network at home.
I am fine doing this route—but how can I prevent her from stopping vpn, editing WireGuard profile, etc? Is there a way to prevent VPN settings changes?
You can’t ! or you need to use MDM.