Configuring SOTI VPN Clients for Android

About this task

Use this task to deploy and configure the SOTI Virtual Private Network (VPN) Android client through the SOTI MobiControl SOTI VPN Android Enterprise Work Managed profile payload. You can use the profile payload to assign VPN servers, disable VPN on corporate/internal networks, configure DNS fallback, enable per-app VPN access, and more.

Procedure

Deploying the SOTI VPN application

Download the SOTI VPN for Android app from the SOTI Pulse downloads page.
Deploy the client app using a package (see Using Packages), or using an app policy (see Using App Policies).

Note: You can alternatively deploy the SOTI VPN application using a SOTI One apps app policy. See Deploying SOTI ONE Apps | Android Enterprise.

Configuring SOTI VPN Client Settings

Create or edit a SOTI Android Enterprise profile configuration (see Creating a Profile) and add the SOTI VPN payload.

Important: Selecting the wrong platform prevents device targeting during profile assignment. To proceed with modifying the payload, you must first define a SOTI VPN IP pool. See SOTI VPN | Configuring Service Settings.

Network Settings

In the VPN Servers section, select (Add) to add a VPN server.
1. Enter the external Address of the VPN server.
2. Specify the Port.
  
  Note: You may specify a different port number for traffic forwarding if necessary; however, make sure to use port 51820 for forwarding traffic to the SOTI VPN server.
3. Select the VPN server from the enrolled list.
  
  Remember: When selecting a VPN server, you see a list of all enrolled VPN servers that you have permissions to assign. If you do not see your VPN server listed, verify that the user has the Assign VPN Servers permissions. Also, make sure that the server itself is enabled. See Configuring SOTI VPN Server Settings.
Optional: Enter the Internal DNS Server Address used to resolve internal enterprise domains.

Note: If left blank, the device’s default DNS is used to resolve FQDNs.

Applications

Configure per-app VPN access under the Applications section.

Important: Per-app VPN is supported only for Android Work Managed, COPE, and Work Profile devices. Windows Modern devices do not support this feature.
1. Enable Per App VPN.
2. Select (Add) to search for and select specific applications.
  
  Note: Applications not part of this list are exempt from using the VPN.
3. Alternatively, select (Import) to upload a .csv or .txt file.

Split Tunnel

Enable Split-tunnel VPN to route only selected traffic through the VPN.
1. In the Tunneled Resources section, select (Add) to enter IP ranges using Classless Inter Domain Routing (CIDR) notation.

Corporate Networks

Toggle on the Exclude Networks option to prevent VPN routing on specified corporate Wi-Fi networks.

Note: This feature disables VPN tunneling when the device connects to defined SSIDs, reducing unnecessary traffic, lag, or conflicts with internal policies.
Save and assign the profile to the relevant Android Enterprise device groups. See Assigning a Profile.

Results

The SOTI VPN client application receives the server configuration and establishes an always-on connection.

The SOTI VPN client application.

Tip: In the SOTI VPN client application, select the three-dots menu > logs to review VPN client logs or select the VPN server to see data exchange information.

Note: If the SOTI VPN app gets uninstalled and then reinstalled, you must re-push the SOTI VPN profile for it to work.