iPhone
How to Enforce a VPN on an iPhone
Prevent bypass of VPNs that filter content on an iPhone by enforcing VPN profiles and preventing a user from overriding them.
If you're trying to filter websites using a filtered VPN connection, it's a good idea to enforce this VPN and prevent it from being deleted or disabled, both intentionally and unintentionally.
VPN settings on an iPhone can be restricted using a combination of supervised mode and Apple Config Files . Supervised mode is required for these restrictions to work, but once enabled, Config Files can set and enforce your restrictions, even for adults.
To fully enforce a VPN on your iPhone:
Using Supervised Mode for Advanced VPN Enforcement
Apple provides an alternative to Screen Time , called supervised mode, which can be used to effectively protect a VPN on iPhone even for adults who want to prevent themselves from disabling a VPN.
Once supervised mode is enabled, you can install VPN protection configs on your iPhone to reliably enforce your content filtering VPN connection.
Supervised mode manages settings on your iPhone in a way that can't be disabled.
Prevent the VPN App from Being Deleted
Unless you've set up the VPN you're trying to enforce manually on your device, chances are your content filter was set up using an app downloaded from the App Store. The first step you can take to enforce this VPN is to prevent its app from being deleted.
App removal can be controlled in one of two ways:
- Screen Time can hide the option to delete apps. However, this approach isn't ideal for adults who are self-restricting.
- Supervised mode can be used to protect apps from being deleted . This is the preferred approach for adults who cant rely on Screen Time restrictions.
In either case, the option to delete apps will be removed when pressing and holding on an app icon
After protecting apps from being deleted, the Delete App option isn't available:
Prevent your Filtered VPN Profile from Being Deleted in Your iPhone's Settings
On standard iPhones, VPN profiles can be inspected and deleted from the settings app:
Even if you're fully preventing the VPN app from being removed, it's still important to ensure that the VPN profile the app created can't be removed using Settings.
We instead want to install a version that can't be deleted in settings, like this one:
This requires device supervision to be enabled to work fully, but if device supervision is enabled, you can use an Apple Config Generator to control restrictions more effectively and install protected VPN configurations.
Prevent New VPNs From Being Added to Your iPhone
A common problem when enforcing a VPN is ensuring that competing or conflicting VPNs cannot be added to the iPhone. One common way to handle this problem is to completely block conflicting VPNs on iPhone to ensure your preferred VPN is always used.
Even if you've protected your VPN and blocked other VPN apps, it's still possible to use Settings to add a new VPN profile manually.
VPNs can be completely restricted on an iPhone. If done correctly, the option to add one via an app or manually through settings is no longer possible.
There are a few approaches that we recommend in our iPhone VPN blocking guide :
- Restrict adding new VPN configurations
- Block conflicting apps
Automatically Re-enable the Filtered VPN
There are cases where iPhone battery settings or a reboot could cause the filtered VPN to be disabled unintentionally. You can use Apple Shortcuts to automatically re-enable the filtered VPN based on a trigger, such as an app being opened or closed.
It's fairly difficult to reliably disable battery saver settings on an iPhone to prevent the filtered VPN from being unintentionally disabled, so you might need to consider additional methods. If your iPhone is supervised, we recommend combining a protected VPN with enforced DNS settings.
Enforce Filtered DNS Settings on your iPhone
Most iPhones can use DNS settings (in addition to a protected VPN) to point to a content filter and block websites. If you're trying to enforce a content filtering VPN that blocks websites and apps, then you may also be able to set up DNS on your iPhone.
If supervised mode is enabled, then it's very easy to completely enforce DNS Settings on iPhone so these settings can't be changed.
If you're combining a filtered VPN with DNS settings, keep in mind that your iPhone will prioritize your VPN's network settings over your iPhone's. DNS settings won't take effect until the VPN is disabled.