Virtual Private Networks (VPN) are often used within organizations to allow you to communicate private information securely over a public network. You may need to configure VPN, for example, to access your work email on an iOS device. VPN works over both Wi-Fi and cellular data network connections.
iOS devices work with VPN servers that support these protocols and authentication methods:
- L2TP/IPSec with user authentication by MS-CHAPV2 Password, RSA SecurID or CryptoCard, and machine authentication by shared secret.
- PPTP with user authentication by MS-CHAPV2 Password, RSA SecurID, or CRYPTOCard.
- Cisco IPSec with user authentication by Password, RSA SecurID, or CRYPTOCard, and machine authentication by shared secret and certificates. Cisco IPSec supports VPN On Demand for domains you specify during device configuration.1
- Juniper Junos Pulse and Cisco AnyConnect, using the appropriate VPN app from the App Store. VPN On Demand is supported for domains you specify during device configuration.2
iOS can use certificates in the following raw formats1:
- PKCS#1 (.cer, .crt, .der)
- PKCS#12 (.p12, .pfx)
For basic information on how to configure your iPhone, iPad, or iPod touch to use VPN, see the User Guide for your device.
Choose Settings > General > Network > VPN and then choose Add VPN Configuration. Ask your network administrator which settings to use. In most cases, if you’ve set up a similar VPN on your computer, you can use the same VPN settings for your device.
Turn VPN on or off
Once you’ve created a VPN configuration, the option to turn VPN on or off appears in the main Settings screen. When you are connected using VPN, the VPN icon appears in the status bar.
Note: If you use multiple VPN configurations, you can switch between configurations using Settings > General > Network > VPN.
If you are unable to connect to your VPN connection, or if you see an alert that says “Shared Secret is missing,” your VPN settings may be incorrect or incomplete. If you have questions about what your VPN settings are or what your Shared Secret key is, you should contact your network administrator or IT Department.