VPN Payload

Payload that configures VPN connections (IKEv2, IPsec, L2TP, Custom SSL). Supports Per-App VPN and On-Demand rules for automatic connection.

What to Know

VPN payloads enable secure remote access to corporate resources by encrypting network traffic and routing it through organizational infrastructure. Deploying VPN configurations via MDM eliminates manual setup, reduces configuration errors, and ensures consistent security policies across remote workers. Always-on VPN and per-app VPN capabilities provide granular control over which traffic flows through corporate networks versus public internet, balancing security with performance.

VPN configurations contain sensitive authentication credentials and server details that should never be manually shared with users. MDM-delivered VPN payloads protect these credentials, enable centralized configuration updates, and allow IT to remotely disable VPN access when devices are offboarded or compromised.

Common Scenarios

Enterprise IT: Deploying always-on VPN for remote workers accessing internal applications, file shares, and cloud resources. IT configures on-demand VPN rules that automatically connect when accessing corporate domains while allowing direct internet access for general browsing, optimizing both security and performance.

MSP: Managing VPN configurations for multiple client environments with different network architectures and security requirements. MSPs deploy per-app VPN for specific business applications while maintaining separate VPN profiles for different client sites or security zones.

Education: Providing secure remote access for faculty and admins accessing student information systems and administrative applications from home. Schools implement split-tunnel VPN configurations that protect sensitive traffic while allowing direct internet access for video streaming and general web usage.

In Addigy

Addigy’s VPN payload configuration supports all major VPN protocols and provides options for always-on connections, on-demand rules, and per-app VPN assignments. Addigy can bundle VPN configurations with SCEP payloads for certificate-based authentication and with DNS settings for split-tunnel configurations. Addigy validates VPN payload syntax before deployment and provides troubleshooting logs when connections fail.

When VPN credentials change or servers are migrated, Addigy enables centralized profile updates that automatically reconfigure all affected devices. Addigy displays VPN connection status in device inventory and can alert admins to devices experiencing persistent VPN connection failures.