I am not capable of configure wireguard per app vpn from MDM getting ‘[NET] Acquired packet with unknown IP model’.`
Attaching the MDM profile to configure per app vpn and wireguard iOS logs.
MDM per app VPN Profile:
<plist model="1.0">
<dict>
<key>PayloadUUID</key>
<string>a27dec22-2d1d-49ca-a9c2-598a52341cfb</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadOrganization</key>
<string>Organizationl</string>
<key>PayloadIdentifier</key>
<string>your.org.config.763f12a5-b72d-4a9f-a4a7-6899f1450d55</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadDisplayName</key>
<string>WG Per App VPN</string>
<key>PayloadDescription</key>
<string>(Model 8) </string>
<key>PayloadRemovalDisallowed</key>
<true />
<key>PayloadContent</key>
<array>
<dict>
<key>VPN</key>
<dict>
<key>AuthenticationMethod</key>
<string>Password</string>
<key>RemoteAddress</key>
<string>demo.wireguard.com:12912</string>
<key>ProviderType</key>
<string>packet-tunnel</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array />
<key>OnDemandMatchDomainsOnRetry</key>
<array>
<string>google.com</string>
</array>
<key>OnDemandMatchDomainsNever</key>
<array />
</dict>
<key>VPNSubType</key>
<string>wireguard.vpn.ios</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>PerAppVpn</key>
<string>true</string>
<key>WgQuickConfig</key>
<string>
[Interface]
PrivateKey = yFgnusAJsbMFxGQ+k9zqCgnWxk7ApAU3JQwxosA2dH8=
Deal with = 10.10.1.0/24
DNS = 1.1.1.1, 1.0.0.1,8.8.8.8
[Peer]
PublicKey = JRI8Xc0zKP9kXk8qP84NdUQA04h6DLfFbwJn4g+/PFs=
Endpoint = 172.245.26.38:12912
AllowedIPs =0.0.0.0/0
</string>
</dict>
<key>Proxies</key>
<dict>
<key>HTTPEnable</key>
<integer>0</integer>
<key>HTTPSEnable</key>
<integer>0</integer>
<key>ProxyAutoConfigEnable</key>
<integer>0</integer>
<key>ProxyAutoDiscoveryEnable</key>
<integer>0</integer>
</dict>
<key>UserDefinedName</key>
<string>WG1</string>
<key>VPNUUID</key>
<string>5b522f1a-a80e-4ac9-99ce-1ffc04808c36</string>
<key>OnDemandMatchAppEnabled</key>
<true />
<key>SafariDomains</key>
<array>
<string>google.com</string>
<string>yahoo.com</string>
</array>
<key>PayloadDescription</key>
<string>Configures VPN settings, together with authentication.</string>
<key>PayloadDisplayName</key>
<string>VPN (WG1)</string>
<key>PayloadIdentifier</key>
<string>your.org.e7857e70-c681-4f0d-83e5-c14b88543970</string>
<key>PayloadOrganization</key>
<string>Group</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadUUID</key>
<string>a3334970-82b6-4042-94c6-cdc6072ea238</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</dict>
</plist>
Logs on wireguard ios app:
2023-03-28 12:14:17.017817: [APP] App model: 1.0.16 (27)
2023-03-28 12:14:17.085310: [APP] Migrating tunnel configuration 'WG1'
2023-03-28 12:14:26.481210: [APP] Tunnel 'WG1' connection standing modified to 'connecting'
2023-03-28 12:14:26.568796: [NET] App model: 1.0.16 (27)
2023-03-28 12:14:26.569144: [NET] Beginning tunnel from the OS immediately, somewhat than the app
2023-03-28 12:14:26.611133: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.612067: [NET] Attaching to interface
2023-03-28 12:14:26.612441: [NET] UAPI: Updating personal key
2023-03-28 12:14:26.612633: [NET] UAPI: Updating hear port
2023-03-28 12:14:26.612672: [NET] UAPI: Eradicating all friends
2023-03-28 12:14:26.612798: [NET] Routine: decryption employee 3 - began
2023-03-28 12:14:26.612803: [NET] Routine: decryption employee 5 - began
2023-03-28 12:14:26.612826: [NET] Routine: handshake employee 3 - began
2023-03-28 12:14:26.612920: [NET] Routine: encryption employee 4 - began
2023-03-28 12:14:26.612934: [NET] Routine: decryption employee 6 - began
2023-03-28 12:14:26.612954: [NET] Routine: encryption employee 1 - began
2023-03-28 12:14:26.612955: [NET] Routine: decryption employee 4 - began
2023-03-28 12:14:26.612987: [NET] Routine: handshake employee 4 - began
2023-03-28 12:14:26.613000: [NET] Routine: occasion employee - began
2023-03-28 12:14:26.613006: [NET] Routine: handshake employee 5 - began
2023-03-28 12:14:26.613047: [NET] Routine: decryption employee 1 - began
2023-03-28 12:14:26.613079: [NET] Routine: handshake employee 1 - began
2023-03-28 12:14:26.613092: [NET] Routine: encryption employee 6 - began
2023-03-28 12:14:26.613119: [NET] Routine: handshake employee 6 - began
2023-03-28 12:14:26.613135: [NET] Routine: encryption employee 2 - began
2023-03-28 12:14:26.613167: [NET] Routine: encryption employee 5 - began
2023-03-28 12:14:26.613245: [NET] Routine: TUN reader - began
2023-03-28 12:14:26.613342: [NET] Routine: encryption employee 3 - began
2023-03-28 12:14:26.613478: [NET] Routine: handshake employee 2 - began
2023-03-28 12:14:26.613503: [NET] peer(JRI8…/PFs) - UAPI: Created
2023-03-28 12:14:26.613518: [NET] Routine: decryption employee 2 - began
2023-03-28 12:14:26.613570: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.613723: [NET] peer(JRI8…/PFs) - UAPI: Updating persistent keepalive interval
2023-03-28 12:14:26.613763: [NET] peer(JRI8…/PFs) - UAPI: Eradicating all allowedips
2023-03-28 12:14:26.613827: [NET] peer(JRI8…/PFs) - UAPI: Including allowedip
2023-03-28 12:14:26.614214: [NET] UDP bind has been up to date
2023-03-28 12:14:26.614274: [NET] peer(JRI8…/PFs) - Beginning
2023-03-28 12:14:26.614353: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.614411: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.614489: [NET] Interface state was Down, requested Up, now Up
2023-03-28 12:14:26.614548: [NET] Gadget began
2023-03-28 12:14:26.614689: [NET] Tunnel interface is utun16
2023-03-28 12:14:26.614751: [NET] peer(JRI8…/PFs) - Routine: sequential sender - began
2023-03-28 12:14:26.615035: [NET] peer(JRI8…/PFs) - Routine: sequential receiver - began
2023-03-28 12:14:26.615063: [NET] Community change detected with happy route and interface order [en0]
2023-03-28 12:14:26.615568: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.615713: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.615902: [NET] Routine: obtain incoming v4 - stopped
2023-03-28 12:14:26.616162: [NET] Routine: obtain incoming v6 - stopped
2023-03-28 12:14:26.616367: [NET] UDP bind has been up to date
2023-03-28 12:14:26.616398: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.616416: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.617042: [APP] Tunnel 'WG1' connection standing modified to 'linked'
2023-03-28 12:14:26.676109: [NET] Community change detected with happy route and interface order [en0, utun16]
2023-03-28 12:14:26.676765: [NET] DNS64: mapped 172.245.26.38 to itself.
2023-03-28 12:14:26.676930: [NET] peer(JRI8…/PFs) - UAPI: Updating endpoint
2023-03-28 12:14:26.677195: [NET] Routine: obtain incoming v4 - stopped
2023-03-28 12:14:26.677317: [NET] Routine: obtain incoming v6 - stopped
2023-03-28 12:14:26.677596: [NET] UDP bind has been up to date
2023-03-28 12:14:26.677964: [NET] Routine: obtain incoming v6 - began
2023-03-28 12:14:26.678078: [NET] Routine: obtain incoming v4 - began
2023-03-28 12:14:26.682096: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682277: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682335: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682422: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682482: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:26.682536: [NET] Acquired packet with unknown IP model
2023-03-28 12:14:27.701238: [NET] Acquired packet with unknown IP model
Tried to configure Wireguard Per App VPN on iOS from MDM and getting ‘[NET] Acquired packet with unknown IP model’ on wireguard VPN app debug logs.