VMware Workspace ONE Community
GKD_Mueller
Contributor
Contributor

iOS Per-App-VPN "On Demand" to "Always On"

Hello everybody!

We are using VMware Workspace One with Unified Access Gateways and Per-App-VPN like a charm. But one App from us works only half, because after switching of the iOS-Device, the Per-App-VPN goes to sleep and a Server-Side sended Notification can't be send to the iOS-Device. VPN is down when Device is in sleep.

Is it possible to switch the per App VPN from "on demand" to "always on" ? Only for this app? 

Thanks! 🙂 

Labels (1)
Reply
0 Kudos
2 Replies
cloudmaster2017
Enthusiast
Enthusiast

The device turning off network is a function of the OS and not of the WS1 settings in my experience.  

 

You could test to see if turning autolock to never works, but then your device is not protected and would need to be in a protected area, depending on your security needs.

 

Reply
0 Kudos
sluzi1986
Enthusiast
Enthusiast

There is no means to force the current implementation of the UAG Per-APP VPN to be 'always on' on a per-app basis. 

However, you do have the possibility to manually edit the UAG configuration timeout settings to keep the VPN session alive for longer. We have ours configured for 8 hours for exactly this reason, because it going offline makes it unusable in multiple use-cases. The net impact here is that even if an app goes to sleep, the tunnel doesn't renegotiate constantly. 

Note that this was explicitly not recommended by VMware due to 'performance concerns', which turned out to be a non-issue.

The custom setting for your VPN is keepalive_timeout and the value is the length of your timeout in seconds. Depending on your UAG version, you may need to add it directly to the UAG configuration via SSH. Unsure. This won't apply until you cycle the UAG appliances.

 

Reply
0 Kudos