Blocking VPN's on iOS

jared_f
Valued Contributor

Hello All!

We have successfully blocked VPN's on our mobile iOS devices by checking for restricted apps and then locking down the device. It obviously does not see a VPN if a user manually sets one up? Is there any criteria I could use to find if they manually setup a vpn (not with an app)? I may try to do this more at network level if I have to.

Thanks
Jared

5 REPLIES 5

WhippsT
Contributor

Did you ever find a solution at the device level? We have a need to block VPN as well, but not for all devices.

WhippsT
Contributor

Nevermind. I found the function in the restrictions on the JSS.

thejenbot
Contributor III

There is a restriction so that new VPNs can't be configured, but is there a way to check to see if some script kiddie has already done it and is using it? Or does pushing that config profile out disable any currently configured as well?

jared_f
Valued Contributor

@WhippsT @thejenbot We have found that the restriction you are speaking of does not allow users to configure manual VPNs, but it still allows apps to function. I saw this criterion a few months back and I am searching based on this. Seems to be working great!

anonymous
betternet
private
proxy
tunnel
unblocker
vpn

I don't remember the topic I found these in, but whoever listed them - it has worked wonders.

taramcbride
New Contributor

Hi @jared_f @WhippsT @thejenbot

Please consider upvoting this feature request: https://www.jamf.com/jamf-nation/feature-requests/2880/show-current-vpn-status

Reporting on applications with the word "vpn, betternet" etc. only reports that the VPN app was installed, but doesn't report on whether a VPN is actually configured. Users can manually configure the VPN via settings, VPN - without an application - and these VPN users are now invisible to your report. It's quite a major loophole for our student safeguarding.

I've already tried blocking manual creation of VPNs via a configuration profile - it stops creation of new, but if they were already in place, it leaves them alone! Given the report was only looking at app installs, not VPNs configured, the report was essentially useless - we were targeting some students who didn't have a VPN but did have an app, and missing some students who did have a VPN but no app!