Always-On VPN with iPhone and iPad

NOTE: This manual explains how to set up Always-On on your iPad or iPhone to get a permanent enforced VPN connection. To use this functionality, the device must be set to supervised mode. This process will reset the device to default settings. Before switching to supervised mode it is strongly recommended to make a backup of your iPad or iPhone.

Furthermore you will need a computer with macOS installed to run the Apple Configurator, which is necessary to switch the iPad/iPhone into supervised mode.

Always-ON VPN only works with iOS 8.0 or higher.

Tip: If you don’t want to set your device to supervised mode, you can also use On-Demand VPN which provides a similar functionality.

Important: Back Up creation | Always-On VPN with iPhone and iPad

Before continuing, backup your device first in case anything goes wrong or you want to revert the changes later. To do so, connect your device to your macOS computer, go into iTunes and choose Back up Now under the Summary of the device you want to back up.

Also check Encrypt local backup if you want to also backup account passwords etc.

Settings > iCloud: Deactivate Find my iPad | Always-On VPN with iPhone and iPad

Should you use iCloud, deactivate Find my iPad (or iPhone) in your device settings, because you cannot go into supervised mode when this option is activated.

To do so, go in your iPad or iPhone settings, tap on iCloud and Find my iPhone/iPad and disable it.

App Store: Choose Apple Configurator 2 and install | Always-On VPN with iPhone and iPad

Download and install the Apple Configurator 2 from the Apple App Store.

Apple Configurator 2: Choose Manual | Always-On VPN with iPhone and iPad

Once installed, open the Apple Configurator. Make sure your iPhone or iPad is connected, then double click the device in the Apple Configurator. Next click Prepare and choose Manual configuration in the popup, then click Next.

Apple Configurator 2: Activate Supervise devices and Allow devices to pair with other computers | Always-On VPN with iPhone and iPad

In the next window, choose Do not Enroll in MDM and click on Next. Make sure the checkbox for Supervise devices is checked and choose whether you want to Allow devices to pair with other computers. Continue by clicking Next.

Enter information about the organization | Always-On VPN with iPhone and iPad

In the next window, enter the information you want to use for your device.

iOS Setup Assistant: Set Setup Assistant to Show all Steps | Always-On VPN with iPhone and iPad

In the Create an Organization dialogue choose Generate a new supervision identity and click Next. Finally leave the Setup Assistant to Show all Steps and click on Prepare.Your iPad or iPhone is now being reset.

This process can take a while.

In the File menu, choose New Profile. The configuration window will pop up.

Enter the information for the VPN server you want to connect to | Always-On VPN with iPhone and iPad

Under General enter the information for the VPN server you want to connect to. The identifier can be any (unique) name, but we recommend using the server name for clarity. In our example we are using rotterdam.perfect-privacy.com.

Import the file perfect-privacy_ipsec_ca.crt from the downloaded zip archive | Always-On VPN with iPhone and iPad

Download the Perfect Privacy certificate as archive. Now choose Certificates on the left, click Configure and import the file perfect-privacy_ipsec_ca.crt from the downloaded zip archive.

Go to the VPN section on the left and click Configure.

Use the information shown in the screenshot on the left. For Account/Password enter your Perfect Privacy user credentials. If you leave Local Identifier empty, you will receive a warning that the profile is incomplete. However, you can safely ignore this warning. Alternatively you can copy the content from Remote Identifier into the Local Identifier field.

Then save the profile (File menu > Save). Now you can close the settings window.

Apple Configurator 2: In the Actions menu choose Add and then Profiles | Always-On VPN with iPhone and iPad

Finally, in the Apple Configurator, apply the profile you just created via the Actions Menu, go to Add > Profiles… and choose the file you created earlier.