ever wanted to use a secure and reliable vpn on your iphone to encrypt your online activities or access your streaming service from abroad? of course you want it, and you want it without the hassle to manually connect to your vpn provider. the answer is: vpn on demand. and here is how:

what you need

an iphone (4 or newer) with the most recent ios version
a mac with the free apple configurator installed

step by step

once you have all the required hardware on hand, please create an account with your favourite vpn provider. please find a vpn service provider suitable for your own needs.

create profile using apple configurator

open up apple configurator and click the button to create a new profile on page two.

apple configurator. create profile

choose a meaningful name for your profile.

apple configurator. name for profile

switch to vpn config and enter the corresponding vpn server and login credentials you received from your vpn provider.

apple configurator. configure vpn and enter details.

you just created a valid configuration profile for your ios device. you could install it onto your iphone, but: there is no vpn on demand yet enabled. to achieve this, we do have to tweak our profile. please export and save it (for example on your desktop for easy access) – uncheck „sign configuration profile“.

apple configurator. export profile

adding vpn on demand to profile

open your preferred text editor (i.e. textedit, shipped with every mac) and add the following lines:

			<key>OnDemandEnabled</key>
			<integer>1</integer>
            
			<key>OnDemandRules</key>
			<array>
				<dict>
					<key>Action</key>
					<string>Disconnect</string>
					<key>InterfaceTypeMatch</key>
					<string>WiFi</string>
					<key>SSIDMatch</key>
					<array>
						<string>Name of my Home Network</string>
						<string>Company WiFi</string>
					</array>
				</dict>
				
				<dict>
					<key>Action</key>
					<string>Connect</string>                  
					<key>InterfaceTypeMatch</key>
					<string>WiFi</string>
				</dict>
				
				<dict>
					<key>Action</key>
					<string>Connect</string>
					<key>InterfaceTypeMatch</key>
					<string>Cellular</string>
				</dict>
				
				<dict>
					<key>Action</key>
					<string>Ignore</string>
				</dict>
			</array>

textedit. add some lines

re-import profile

back in apple configurator please delete the existing profile and import our tweaked version. just drag and drop it from your finder.

apple configurator. remove profile

apple configurator. import profile

install profile

now you are ready to install the profile.

apple configurator. install profile. part one

after hitting the button to install profiles, connect und unlock your iphone. then select the vpn profile and continue.

apple configurator. install profile. part two

final part

grab your iphone and finish the installation.

iphone. install profile

once the profile has been installed, it automatically connects using your vpn login.

iphone. connecting to vpn

to save battery life the vpn connection will be disconnected, if not needed anymore. but, on the next network attempt, it re-connects. neat, huh!?

more on this

many thanks to willkommen bei arnaud for his post (german) on vpn on demand using a fritzbox.

if you want to do more with profiles, just read the configuration profile key reference, section vpn.

2015/04/02: updated on demand rules; added related articles
2015/04/19: updated on demand rules

vpn on demand on iphone (and ipad)