Cortado Support

My Tickets Visit www.cortado.com
Welcome
Login

How to set up Per-App VPN with an OpenVPN server and Cortado

In the How to set up an OpenVPN server and connect it to Cortado How To, we set up an OpenVPN server for Linux or Windows and made a preliminary function test with an iOS device. Now we want to go further. In this How To we will set up per-app VPN. With per-app VPN, you can set individual apps to run over a VPN connection.

Aim

In this How To we will create a per-app VPN profile, using our OpenVPN server and Cortado. This profile will let iOS devices automatically build a VPN tunnel when a managed app starts up, and also to independently close it down when the app in question is closed again. This can be especially useful for CRM apps, or apps that have to access intranet resources.

Implementation

Configuring the intranet resources

Because we opted for the TUN mode for our OpenVPN server, we need to set up static routing for our intranet resources to communicate with our clients over the OpenVPN server. (The basis for this is that TAP is not as well supported for mobile devices. You can read about the difference between TUN and TAP here.)

We will show you how to do this with Linux and Windows servers.

Setting up a static route with Linux

Open a Shell with administrator rights.

Sudo nano /etc/network/interfaces

Insert the following lines and modify the IP addresses to match with your environment.

route add -net 10.8.0.0/24 (the VPN server address, as specified in the OVPN Config) netmask 255.255.255.0 gw 192.168.192.99 (your VPN server IP) dev eth1 (your interface)
Static route for Windows

You can set up a static route for Windows as follows.

Start a CMDShell with administrator rights and modify the following command to match with your environment.

route add 10.8.0.0/24 (Ihre VLAN-Adresse des VPN-Servers) MASK 255.255.255.0 (Ihre VPN Server IP) -p

Profile and function test

After configuring our intranet resources, we can adapt the OpenVPN profile that we configured in the previous How-To, so that it no longer needs to be switched on and off by the user, but is automatically switched on when a user opens a certain application.

Do this by navigating, in the Cortado administration portal, to Administration→ Profiles. Select the OpenVPN profile here and configure it as you see in this screenshot:

configure VPN profile for iOS

Please replace the given VPN address with your own.

Now go to Administration → Apps and select an app for which a VPN tunnel should be built when it starts up. Configure the app as shown in the screenshot.

For VPN profile, select your OpenVPN profile (example in illus.).

configure your app

You can now assign the app to the users. You’ll find more information on this here.

It’s time now to test the functionality. If the app is started on a user device, you should see a VPN icon next to the mobile data/WiFi status display in the notification bar. The app should now also have access to your intranet resources.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.