Configuring SOTI VPN Clients for iOS/iPadOS

Configure SOTI VPN client settings for iOS/iPadOS devices using the VPN profile payload to assign servers, manage network access, and enable features such as split tunneling.

About this task

Use this task to configure the SOTI Virtual Private Network (VPN) client settings through the SOTI MobiControl SOTI VPN iOS profile payload. You can use the profile payload to assign VPN servers, disable VPN on corporate/ internal networks, enable split tunnel, and more.
Important: Selecting the wrong platform causes your devices to not get targeted when assigning the configuration.

Procedure

  1. Create an app policy to deploy the SOTI VPN client application to your devices from the App Store. See Creating App Policies and Apple iOS/iPadOS App Store Applications.
    Searching for the SOTI VPN application in App Policy
  2. After assigning the app policy, create or edit an iOS profile (see Creating a Profile ) and add the SOTI VPN payload.
    Selecting SOTI VPN in the configurations tab

VPN Server

The VPN Server section in the VPN profile payload.
  1. In the VPN profile configuration screen, enter the following fields:
    1. VPN Name: Enter a name to identify this VPN account.
    2. Address: Enter the external IP address or FQDN of the VPN server.
    3. Port: Enter the port number for VPN connections.
      Note: The default is 51820. Valid range: 1–65535.
    4. Select a VPN Server: Choose a server from the enrolled list.
      Note: See Using SOTI VPN for server setup details.
    5. DNS Server Address: Enter the IP address of the DNS server used to resolve internal resources.
      Note: If none is specified, you can use a public DNS like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare).
    6. Internal Domains: Specify the domains to be routed through the VPN tunnel.
      Note: Other domains use the device’s default DNS unless a split-tunnel rule applies.

Split Tunnel

The Split Tunnel section in the VPN profile payload.
  1. Enable Split-tunnel VPN if you want to restrict VPN traffic to specific resources.
    Note: Only the IP ranges specified in CIDR notation (e.g., 192.168.1.0/24) use the VPN connection.
    1. Add Tunneled Resources IP ranges to be routed through the split-tunnel VPN.

Wi-Fi SSID Matching

The Wi-Fi SSID Matching section in the VPN profile payload.
  1. Enable Disconnect when connected to Wi-Fi to automatically disable VPN on specified networks.
    Note: Use this option to turn off the VPN connection when the device joins trusted Wi-Fi networks, such as your corporate SSID. This helps conserve bandwidth and avoid network policy conflicts.
  2. Save the profile and assign it to the appropriate iOS device groups. See Assigning a Profile.

Results

Your devices receive the SOTI VPN application with the configuration applied from the profile.