VPN Settings Panel on iOS: Explained

Why do some VPN apps have their configurations under “PERSONAL VPN”, and others under “VPN CONFIGURATIONS” sections? Let’s find out!

The way how Apple named VPN Settings panel’s sections in the Settings app on iOS, and designed the whole UX here might be a little bit confusing.

From a developer’s point of view, all VPN applications are built on top of Apple’s NetworkExtension.framework. Each app must store its VPN configuration file before making very first attempt to connect to a VPN server. The system requests user’s permissions to do so, and, if allowed, saves a configuration to Network Extension preferences. This is when a record to “VPN” screen in the Settings app is added.

Each application is allowed to create a single VPN configuration. That’s why, a record is added to either VPN CONFIGURATIONS or PERSONAL VPN section.

VPN applications can provide two kind of VPNs: Personal VPN and Non-Personal VPN. Based on this, iOS divides apps’ configurations in the VPN Settings panel in the Settings app.

Personal VPN (Section: “PERSONAL VPN”)

These apps utilize iOS built-in VPN tunneling protocol implementations (IPSec, IKEv2, etc..).

Developers of this type of apps, setup server-side infrastructure for particular VPN protocol, and design iOS app to provide a configuration required for connecting to the infrastructure. This configuration is then picked up by iOS and the system takes responsibility on connecting and managing VPN connectivity.

These apps’ configurations fall into PERSONAL VPN section of VPN Settings panel.

Non-Personal VPN (Section: “VPN CONFIGURATIONS”)

These apps provide their own (custom) VPN tunnel implementation. It can be either an implementation of well-known VPN protocol (e.g. OpenVPN), or a custom implementation of custom VPN protocol.

Developers of this type of apps, create a special application extension. The system launches the extension. After that, the extension picks up the configuration from Network Extension preferences, and takes responsibility on connecting and managing VPN connectivity.

These apps’ configurations fall into VPN CONFIGURATIONS section of VPN Settings panel.

Because these apps have their own application extension to tunnel user’s traffic, some cool features can be implemented here. For instance, an app can filter content, prevent malware resources to be loaded, or support a Kill Switch.

Non-Personal VPN is also called Enterprise VPN. Perhaps, this implies that only BTB segment needs these features. However, we, as users also want this! Fortunatelly, a lot of VPN apps available on the App Store provide “Enterprise VPN” functionlaity these days.

VPN without an app

All the above discusses configurations created by iOS apps from the App Store. However, this is not the only way to configure your device with VPN service. It is possible to either use iOS UI (Add VPN Configuration… button) or Apple Configurator 2 tool for this. These configurations, for some reason, are always added to VPN CONFIGURATIONS section, nevertheless they are for built-in VPN protocol implementations use.

References:

NEVPNManager documentation (link)

UPDATE Aug, 31, 2018: Add “VPN without an app” section.

Read More. If you’ve found this article interesting, there are mode on similar API vs. UX issues: Touch ID UX for iOS app and Changes to App Store Ratings. Check it out!