Is it possible to connect from an IOS device to an Azure Point to Site VPN? (Yes, I know it is unsupported). However, I have seen it suggested that SSTP could be used, but cant find a concrete example.
Can anyone shed some light on if this is actually possible - or suggest alternatives?
Updated Answer
Now, Azure P2S VPN can be configured on iOS.
How to:
iOS VPN clients are supported for the Resource Manager deployment model only. They are not supported for the classic deployment model.
Note IKEv2 is currently in Preview.
When installing a client certificate, you need the password that was created when the client certificate was exported.
Locate the .pfx certificate file and copy it to your iOS. You can get the certificate to the iOS in several ways, for example, you can email the certificate file or copy it to your Onedrive and open it through Safari. Click Allow
Install the certificate on your iOS:
Adding VPN configuration on iOS (Choose to use certificate to authentication,details information is in the VpnSettings.xml, which downloaded from Azure portal > Point-to-site configuration> Download VPN client> Open the folder > Generic ):
4.Connect the VPN and try browse the IIS behind the Azure VNet via a private IP:
Currently, this is not supported. You can leave your feedback and upvote for the same in this feedback link - https://feedback.azure.com/forums/217313-networking/suggestions/4233968-either-add-point-to-site-sstp-vpn-clients-for-mac
Related
I am looking to block the developer's machines to communicate with Apple servers.
Some places we need to communicate:
Adding an account
Validating certificate and auto signing
Validating Profiles
Uploading an .ipa to AppStore Connect
Anything else(legacy services?)...
Can anyone list the url's for the above services?
I used Charles to check the urls, this is what I found:
https://devimages-cdn.apple.com
http://ocsp.apple.com
https://developerservices2.apple.com
https://contentdelivery.itunes.apple.com
http://ocsp.digicert.com
https://gs-loc.apple.com
I'm developing a VPN application, which installs personal VPN profile into system configuration. If my application is only one VPN application on device - all works as expected. If I install one more VPN app with another personal VPN certificate, I have problems.
As you can see on screenshot, there are two personal certificates installed in system. One of them (not my app's certificate) is in selected state. When I try to connect to VPN from my app, my certificate does not go to selected state and VPN is not working. It works only when I select my app's certificate manually in settings.
But, when I try to connect to VPN from another app, this app automatically selects proper certificate in system settings and all is working correctly.
So, my question is: is there any API to select proper certificate before connecting to VPN?
I tried to use NEVpnManager.isEnabled with no luck. I also use NEVPNManager.saveToPreferences() before trying to connect to VPN.
I solved my problem. The reason is NEVPNManager.isEnabled flag. It must be set to TRUE before method saveToPreferences() is called.
I have setup the WSO2 Iot Server 3.1.0 on my local environment in Mac operating system. Server is correctly setup and working fine. Now I am trying to connect the out of box iOS agent provided by the WSO2 with my locally setup wso2 Iot server.
I am getting following error at the last step , when I am enrolling my device using ios agent app.
Note:
I am running this application in Simulator not the actual device.
Other key points to consider:
The other key point that is different in my setup, is the following that I didn't generated my organization registration certificate from Apple, since I was setting up on my local machine for personal use only. But maybe that is mandatory and that is why it is giving me error.
Any insight would be helpful . Thanks.
In order to proceed, we have to follow the following steps.
In ios device go to General -> About -> Certificate Trust Setting And enable to trust the certificate.
Please note that device enrollment and device management capabilities will not be 100% working on simulations.
Please reverify and change your IP from 127.0.0.1 to the real ID given by your routers DNS server.
You can use an iOS device which is connected to the same network in order to complete the enrollment and evaluate MDM capabilities of IoT Server.
Thanks.
I'm using the NEVPNManager to create a personal VPN for my iOS app which is working. Now I'm trying to install a root CA certificate that can be used by all apps. I understand the user will need to trust this certificate under General -> About - Certificate Trust Settings. I'm trying to automate as much of this process as possible. The two ways I've found to attempt to do this are either:
1) Open Safari with a URL to the root certificate hosted on a website and iOS will prompt the user to install the certificate as a profile.
2) Install the certificate pragmatically within the app.
Option #1 works, but after the user installs the certificate they are not take back to the app and still have to manually go in and trust the certificate in the Certificate Trust Settings.
With option #2 if SecItemAdd is used it is only added to the keychain for the sandbox for my app and not available to other apps. The only option I have seen to make if available to other apps it to increase it's trust level as shown here, but this seems to require an old open source library from Apple that I was not able to get to build.
So, what is the best option to accomplish installing the root certificate and prompting the user to make it trusted? If it is possible through #2, any ideas how I build and then incorporate that library into my app? If I'm left with #1, what is the best way to simplify the process for the user?
SecTrustSettingsSetTrustSettings and related symbols are private API and your app will be rejected by Apple on submission. Even if you manage to compile this open source, it will still export the private symbols, and your app will be rejected.
Instead, you should use the openURL: API and point to a .p12 file, either locally hosted (by using an in-app web server) or remote. The .p12 file should include the certificate chain.
This will open the Settings app and ask the user to install the certificate. Once the user installs, all applications on the device will trust it.
I have gone through dozens of articles, stackoverflow questions and sites, my only requirement is to send .ipa file through url where client could check it in safari and install.
does not want third party installation, I've got my own server
my server is not having ssl that means it can be sent only http not https. please dont ask me to have ssl.
could able to install in any ios device, udid is not added to enterprise certificate.
My problem is when I am keeping these 3 file that are a) index.html. b)manifest.plist. and c).ipa file in server and trying to install in device, I am getting an pop up message saying that "certificate is not valid." Please help.
Hope the link below helps you out.
http://readwrite.com/2010/12/16/apple-best-kept-secret-how-to-do-ad-hoc-installs
But i dont think Apple allows you to distribute using http. Https is a mandatory for the URL that the user uses to download. So until you get a https i dont see that issue being solved
Your own server should be fine. As long as your .plist and .ipa are both accessible on the network to which the iPhone is connected.
Unfortunately, starting with iOS 7.1, app installs must be accessible over SSL (https).
The only way to do this is with an enterprise distribution profile. You will need to have an enterprise account to do this, which will require a company's EIN. So you can't do this as an individual developer. (https://developer.apple.com/programs/enterprise/)
You are seeing the error because of the lack of a valid SSL certificate on your server. iOS is swapping your http:// link in your plist with https:// (see this post: https://stackoverflow.com/a/20276908/3708242), which as you said does not have ssl enabled.
Bottom line, you'll need to get a server with SSL to host the files. Also, if you don't want / can't manage the UDIDs for the devices, you will need to get yourself an enterprise account so you can create an enterprise distribution profile to use to build your app.
There are online tools that simplify this process of sharing, for example https://abbashare.com or https://diawi.com
Create an ipa file from xcode with adhoc or inhouse profile, and upload this file on these site.
I prefer abbashare because save file on your dropbox and you can delete it whenever you want