HomeiOS DevelopmentWireguard Per App VPN Configuration on iOS from MDM

Wireguard Per App VPN Configuration on iOS from MDM


I am not capable of configure wireguard per app vpn from MDM getting ‘[NET] Acquired packet with unknown IP model’.`
Attaching the MDM profile to configure per app vpn and wireguard iOS logs.

MDM per app VPN Profile:

<plist model="1.0">
    <dict>
        <key>PayloadUUID</key>
    <string>a27dec22-2d1d-49ca-a9c2-598a52341cfb</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadOrganization</key>
    <string>Organizationl</string>
    <key>PayloadIdentifier</key>
    <string>your.org.config.763f12a5-b72d-4a9f-a4a7-6899f1450d55</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadDisplayName</key>
    <string>WG Per App VPN</string>
    <key>PayloadDescription</key>
    <string>(Model 8) </string>
    <key>PayloadRemovalDisallowed</key>
    <true />
    <key>PayloadContent</key>
    <array>
            <dict>
            <key>VPN</key>
                <dict>
                    <key>AuthenticationMethod</key>
                <string>Password</string>
                <key>RemoteAddress</key>
                <string>demo.wireguard.com:12912</string>
                <key>ProviderType</key>
                <string>packet-tunnel</string>
                <key>OnDemandEnabled</key>
                <integer>1</integer>
                <key>OnDemandMatchDomainsAlways</key>
                <array />
                <key>OnDemandMatchDomainsOnRetry</key>
                <array>
                    <string>google.com</string>
                </array>
                <key>OnDemandMatchDomainsNever</key>
                <array />
                </dict>
                <key>VPNSubType</key>
                <string>wireguard.vpn.ios</string>
                <key>VPNType</key>
                <string>VPN</string>
                <key>VendorConfig</key>
                <dict>
                    <key>PerAppVpn</key>
                    <string>true</string>
                    <key>WgQuickConfig</key>
                    <string>
                        [Interface]
                        PrivateKey = yFgnusAJsbMFxGQ+k9zqCgnWxk7ApAU3JQwxosA2dH8=
                        Deal with = 10.10.1.0/24
                        DNS = 1.1.1.1, 1.0.0.1,8.8.8.8

                        [Peer]
                        PublicKey = JRI8Xc0zKP9kXk8qP84NdUQA04h6DLfFbwJn4g+/PFs=
                        Endpoint = 172.245.26.38:12912
                        AllowedIPs =0.0.0.0/0
                    </string>
                </dict>
                <key>Proxies</key>
                <dict>
                    <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
                <key>ProxyAutoConfigEnable</key>
                <integer>0</integer>
                <key>ProxyAutoDiscoveryEnable</key>
                <integer>0</integer>
                </dict>
                <key>UserDefinedName</key>
                <string>WG1</string>
                <key>VPNUUID</key>
                <string>5b522f1a-a80e-4ac9-99ce-1ffc04808c36</string>
                <key>OnDemandMatchAppEnabled</key>
                <true />
                <key>SafariDomains</key>
                <array>
                    <string>google.com</string>
                <string>yahoo.com</string>
                </array>
                <key>PayloadDescription</key>
                <string>Configures VPN settings, together with authentication.</string>
                <key>PayloadDisplayName</key>
                <string>VPN (WG1)</string>
                <key>PayloadIdentifier</key>
                <string>your.org.e7857e70-c681-4f0d-83e5-c14b88543970</string>
                <key>PayloadOrganization</key>
                <string>Group</string>
                <key>PayloadType</key>
                <string>com.apple.vpn.managed.applayer</string>
                <key>PayloadUUID</key>
                <string>a3334970-82b6-4042-94c6-cdc6072ea238</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
            </dict>
        </array>
    </dict>
</plist>
Logs on wireguard ios app:

2023-03-28 12:14:17.017817: [APP] App model: 1.0.16 (27)
2023-03-28 12:14:17.085310: [APP] Migrating tunnel configuration 'WG1'
2023-03-28 12:14:26.481210: [APP] Tunnel 'WG1' connection standing modified to 'connecting'
2023-03-28 12:14:26.568796: [NET] App model: 1.0.16 (27)
2023-03-28 12:14:26.569144: [NET] Beginning tunnel from the OS immediately, somewhat than the app
2023-03-28 12:14:26.611133: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.612067: [NET] Attaching to interface
2023-03-28 12:14:26.612441: [NET] UAPI: Updating personal key
2023-03-28 12:14:26.612633: [NET] UAPI: Updating hear port
2023-03-28 12:14:26.612672: [NET] UAPI: Eradicating all friends
2023-03-28 12:14:26.612798: [NET] Routine: decryption employee 3 - began
2023-03-28 12:14:26.612803: [NET] Routine: decryption employee 5 - began
2023-03-28 12:14:26.612826: [NET] Routine: handshake employee 3 - began
2023-03-28 12:14:26.612920: [NET] Routine: encryption employee 4 - began
2023-03-28 12:14:26.612934: [NET] Routine: decryption employee 6 - began
2023-03-28 12:14:26.612954: [NET] Routine: encryption employee 1 - began
2023-03-28 12:14:26.612955: [NET] Routine: decryption employee 4 - began
2023-03-28 12:14:26.612987: [NET] Routine: handshake employee 4 - began
2023-03-28 12:14:26.613000: [NET] Routine: occasion employee - began
2023-03-28 12:14:26.613006: [NET] Routine: handshake employee 5 - began
2023-03-28 12:14:26.613047: [NET] Routine: decryption employee 1 - began
2023-03-28 12:14:26.613079: [NET] Routine: handshake employee 1 - began
2023-03-28 12:14:26.613092: [NET] Routine: encryption employee 6 - began
2023-03-28 12:14:26.613119: [NET] Routine: handshake employee 6 - began
2023-03-28 12:14:26.613135: [NET] Routine: encryption employee 2 - began
2023-03-28 12:14:26.613167: [NET] Routine: encryption employee 5 - began
2023-03-28 12:14:26.613245: [NET] Routine: TUN reader - began
2023-03-28 12:14:26.613342: [NET] Routine: encryption employee 3 - began
2023-03-28 12:14:26.613478: [NET] Routine: handshake employee 2 - began
2023-03-28 12:14:26.613503: [NET] peer(JRI8…/PFs) - UAPI: Created
2023-03-28 12:14:26.613518: [NET] Routine: decryption employee 2 - began
2023-03-28 12:14:26.613570: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.613723: [NET] peer(JRI8…/PFs) - UAPI: Updating persistent keepalive interval
2023-03-28 12:14:26.613763: [NET] peer(JRI8…/PFs) - UAPI: Eradicating all allowedips
2023-03-28 12:14:26.613827: [NET] peer(JRI8…/PFs) - UAPI: Including allowedip
2023-03-28 12:14:26.614214: [NET] UDP bind has been up to date
2023-03-28 12:14:26.614274: [NET] peer(JRI8…/PFs) - Beginning
2023-03-28 12:14:26.614353: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.614411: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.614489: [NET] Interface state was Down, requested Up, now Up
2023-03-28 12:14:26.614548: [NET] Gadget began
2023-03-28 12:14:26.614689: [NET] Tunnel interface is utun16
2023-03-28 12:14:26.614751: [NET] peer(JRI8…/PFs) - Routine: sequential sender - began
2023-03-28 12:14:26.615035: [NET] peer(JRI8…/PFs) - Routine: sequential receiver - began
2023-03-28 12:14:26.615063: [NET] Community change detected with happy route and interface order [en0]
2023-03-28 12:14:26.615568: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.615713: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.615902: [NET] Routine: obtain incoming v4 - stopped
2023-03-28 12:14:26.616162: [NET] Routine: obtain incoming v6 - stopped
2023-03-28 12:14:26.616367: [NET] UDP bind has been up to date
2023-03-28 12:14:26.616398: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.616416: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.617042: [APP] Tunnel 'WG1' connection standing modified to 'linked'
2023-03-28 12:14:26.676109: [NET] Community change detected with happy route and interface order [en0, utun16]
2023-03-28 12:14:26.676765: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.676930: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.677195: [NET] Routine: obtain incoming v4 - stopped
2023-03-28 12:14:26.677317: [NET] Routine: obtain incoming v6 - stopped
2023-03-28 12:14:26.677596: [NET] UDP bind has been up to date
2023-03-28 12:14:26.677964: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.678078: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.682096: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682277: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682335: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682422: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682482: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682536: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:27.701238: [NET] Acquired packet with unknown IP model

Tried to configure Wireguard Per App VPN on iOS from MDM and getting ‘[NET] Acquired packet with unknown IP model’ on wireguard VPN app debug logs.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments