iPhone
How to Enforce a VPN on an iPhone
Prevent bypass of VPNs that filter content on an iPhone by enforcing VPN profiles and preventing a user from overriding them.
Effective content filtering apps on iOS will often use the VPN feature on an iPhone to route the internet traffic through a DNS filter, allowing you to restrict access to certain websites. However, you'll need to ensure that this VPN is always turned on, especially since it's easy to accidentally disable. In this article, we'll look at several recommended ways to enforce a VPN for iPhones, so that content filtering is always enabled.
There are a two areas to consider when enforcing a VPN on an iPhone:
- Prevent VPN apps from being uninstalled.
- Prevent a VPN from being toggled off using iOS settings.
This can be achieved in several ways, but there are a few unique approaches that most people don't know about:
- Combining the Apple Shortcuts feature with an app blocker to enforce a VPN.
- Using Supervised Mode to prevent a person from changing VPN settings. Supervised mode let's you enforce an Supervised App Blocker and limit the App Store more effectively.
Use Shortcut Automations on your iPhone to Re-enable a Content Filtering VPN
The Shortcuts app was introduced to iOS 12, so chances are that your iPhone also supports this feature.
Shortcuts allow your device to perform a sequence of actions automatically, one after another. There are some pretty advanced things you can use Shortcuts for, like re-enabling VPNs automatically and locking settings on iPhone .
One strategy to enforce a VPN involves using shortcut Automations. Automations can be found in the Shortcuts app on your iPhone, and allow you to set instructions for your smartphone based off of a trigger, for example:
- When an App is opened or closed (or both).
- At certain times of the day.
- When your smartphone connects to a Wi-Fi network.
In our case, we can use it to enforce a VPN profile on an iPhone.
Use Automations to Re-Enable a VPN when the Settings app is Closed
If you have connected your iPhone to a DNS Content Policy , chances are that this filter is made possible with the help of a VPN. Forcing this VPN profile to be enabled every time the Settings app is closed can prevent attempts to disable your Policy.
Note
In order to do this, open the Shortcuts app.
You will now be prompted to choose when this automation runs.
This triggers the automation when the settings app is closed.
Now we need to define the automation to run when the settings app is closed.
You might see a menu with a list of options that you can choose. If prompted, select New Blank Automation (don't worry if you don't see this option, some iPhones have slightly different menus).
You should see a screen that looks like this:
You might need to check on your iPhone's setting app to find the name of the correct VPN configuration (if you have multiple installed).
This ensures that this automation quickly runs after the trigger happens and doesn't require you to approve it each time.
You're all set! This automation will ensure that the chosen VPN configuration is toggled on automatically if the settings app is closed.
There are more ways more ways to further customize how a content filtering VPN is enforced by adding more Automations.
Force a Content Filtering VPN to Be Enabled When a Browser is Opened
If you want to ensure that a VPN is enabled when opening a web browser, it's pretty easy to use an automation to do this as well.
In the previous example, you created an Automation that would trigger if the Settings app is closed. You can create a new Automation with a couple of differences:
- When creating the Automation, choose it to trigger when an app is opened instead of closed.
- Instead of choosing the Settings app as the trigger, choose your installed web browsers (you can add more than one entry to the list).
- Similar to the previous section, you add a new action that enables your content filtering VPN.
- Make sure that you have "Run Immediately" enabled, and the Automation shouldn't prompt you each time you open a web browser.
Prevent Modifying VPN Profiles on Your iPhone Completely
Another option is to disable the option for a user to manually configure VPN settings via iOS settings. The use case for this is that you want to install a filtering app that sets an always-on VPN and you want to prevent a person from changing these settings to bypass the filter.
Enable Supervised Mode on Your iPhone to Prevent VPN Settings from Being Removed
Unfortunately, you can't enforce VPN profiles with normal Settings or Screen Time, but you can use Apple's Alternative to Screen Time . This alternative is called supervised mode.
Install a Config File that disables the ability to Add New VPN Configurations
This requires a supervised device , so this won't work on your average iPhone. Tech Lockdown members get access to our premium guides that explain how to do this.
There are many other settings that you can enforce on a supervised iPhone device that can help prevent common methods of bypass:
- Prevent Apps from being removed or installed.
- Block apps on your iPhone.
- Block the App Store without disabling app updates.
Prevent VPN Profiles from Being Modified on Your iPhone at All
In order to fully prevent VPN Profiles from being added to your iPhone, you'll need to limit several different features:
- Prevent new apps from creating a new VPN Configuration.
- Disallow the ability to create new VPN Configurations in settings.
- Protect a filtered VPN connection so that it can't be removed.
The commonly accepted way to do all of these settings at once is to try to block the Settings app. Unfortunately, this is not as easy to do on iOS devices, but you can enforce specific features without needing to block settings entirely.
The ability to control what settings are allowed on your iPhone is only possible with device supervision. There isn't an app available on the App Store that can fully restrict these changes.
Remove the ability to create new VPN Configurations (either by installing an app or manually adding it through settings):
Disable the ability to install new apps from the App Store (while keeping current apps up-to-date):
Optionally, if there are apps that you don't want removed, disable the ability to delete apps:
Block Apps that are used to bypass VPNs
Another area you have to consider is a user downloading another app that sets a VPN. In order prevent this, you can try specifying app blocklists to limit access to these types of apps.
Screen Time and App Blockers let you restrict access to apps that are already installed. If you need to restrict apps that haven't been downloaded yet, you can use the Supervised App Blocking approach instead.
Supervised mode let's you install Config Files that manage settings on your device, in our case, you can add a custom Config that blocks specific VPN app Bundle IDs:
If you need a much more restrictive setup, create an App Allowlist instead.
App Allowlists let you choose apps that are allowed while blocking all others.