Does F5 support the per app VPN available now on iOS 7? If so, can each app authenticate as different "users"? Apple Documentation: Profile Configurations

I would say YES. A VPN SSL tunnel is a VPN SSL tunnel. All the job is done by iOS. The rest is a normal tunnel. http://apple.stackexchange.com/questions/99988/how-to-configure-vpn-per-app-in-ios-7

There is a forthcoming update to the F5 iOS EDGE client that will support per-app VPN. It should be available on the App Store within 2-3 weeks.

Will this "support" multiple connections of different authenticated users from one device as my example in the comments below asks?

iOS 7 - Per App VPN | DevCentral

Michael_Koyfma1
Cirrus
Dec 09, 2013
MDM vendors need to specify the proper configuration in their software to enable F5 EDGE client Per-App VPN functionality.

Specifically, to specify that Per-App VPN is going to be used, they should specify the PerAppVpn key PerAppVpntrue in the configuration profile's VendorConfig section of the Per-app VPN profile.

If you are having difficulties with Per-App VPN functionality, please open a case with your MDM vendor and ask them to verify that they are sending this key as part of the F5 EDGE client per-App VPN configuration.
- Michael_Koyfma1
  Cirrus
  Dec 16, 2013
  Oops, sorry, it should be: PerAppVpntrue
- Dan_Kieta_11582
  Nimbostratus
  Dec 16, 2013
  Michael, What is the syntax for this key in the VendorConfig section. I tried adding: VendorConfig PerAppVpntrue This did not work. Can you provide the correct syntax?
pm_01_139138
Nimbostratus
Dec 04, 2013
Is this thread monitored ? I have the same problem. keep on getting App-Layer VPN required. Any solutions ?
Alex_Zaytsev_13
Nimbostratus
Nov 25, 2013
@Michael Koyfman,

I tried adding the key you've speicifed to the payload, it didn't seem to have any effect - i can see in the console that the App VPN rule matched, but when i dont connect to VPn manually, i get the 'Requires app layer VPN' error and if i do connect manually, i get the same pair of 'no local address specified' - 'no remote address specified' errors.

I am using the latest EDGE client from App Store.
- Corey_12957
  Historic F5 Account
  Dec 03, 2013
  Alex - Can you send me the .mobileconfig file you are using?
Alex_Zaytsev_13
Nimbostratus
Nov 25, 2013
@Michael Koyfman, Our own MDM solution :)
Michael_Koyfma1
Cirrus
Nov 25, 2013
Which MDM are you using, Alex?
Alex_Zaytsev_13
Nimbostratus
Nov 25, 2013
@Michael Koyfman,

Yes i am using the MDM. I configure the payload as per the Apple MDM reference, and then specify the UUID of the connection for the apps in the settings payload. Once i start the app, i get a 'App layer vpn required' error in console logs; if i start the connection BEFORE i start the app, i get the 'no local address specified' and 'no remote address specified' errors when the app tries to access the internet.
Michael_Koyfma1
Cirrus
Nov 25, 2013
Yes, it certainly works, but provisioning/configuring it requires an MDM device that is updated to the version that is compatible with Per-App VPN settings specifically for iOS7. If you are not using MDM product, you won't be able to provision this - this limitation is from Apple and not F5.

If you are using MDM and having issues provisioning Per-App VPN, please post more details here.
- Dan_Kieta_11582
  Nimbostratus
  Dec 03, 2013
  I am seeing similar issues. We are using Airwatch as our MDM solution and have configured a single app as "managed" with Per-App VPN support. When I launch this app (Google Chrome), it does not appear to attempt to launch the VPN connection, but appears to have no connectivity. Any help would be appreciated.
- Ralf_Schubert_1
  Nimbostratus
  Dec 02, 2013
  We have the same problem as Alex. We are using: F5 BIG-IP 11.4.0 MobileIron 5.8.3 as MDM and the latest iOS version and Edge Client The Edge Client is able to connect when initiating manually, but Per-App-VPN doesn't work. Console says 'App layer vpn required', when tunnel is not established manually. When we start the tunnel manually and try to use the app again, console says 'no local address specified' and 'no remote address specified'. Does the specific app need to support this or what could be the problem here? Thanks in advance
Michael_Koyfman
Cirrocumulus
Nov 25, 2013
Yes, it certainly works, but provisioning/configuring it requires an MDM device that is updated to the version that is compatible with Per-App VPN settings specifically for iOS7. If you are not using MDM product, you won't be able to provision this - this limitation is from Apple and not F5.

If you are using MDM and having issues provisioning Per-App VPN, please post more details here.
- Dan_Kieta_11582
  Nimbostratus
  Dec 03, 2013
  I am seeing similar issues. We are using Airwatch as our MDM solution and have configured a single app as "managed" with Per-App VPN support. When I launch this app (Google Chrome), it does not appear to attempt to launch the VPN connection, but appears to have no connectivity. Any help would be appreciated.
- Ralf_Schubert_1
  Nimbostratus
  Dec 02, 2013
  We have the same problem as Alex. We are using: F5 BIG-IP 11.4.0 MobileIron 5.8.3 as MDM and the latest iOS version and Edge Client The Edge Client is able to connect when initiating manually, but Per-App-VPN doesn't work. Console says 'App layer vpn required', when tunnel is not established manually. When we start the tunnel manually and try to use the app again, console says 'no local address specified' and 'no remote address specified'. Does the specific app need to support this or what could be the problem here? Thanks in advance
Alex_Zaytsev_13
Nimbostratus
Nov 21, 2013
With the updated 2.0 client, did you manage to get this working?
Michael_Koyfman
Cirrocumulus
Oct 23, 2013
No, the user credentials would have to be the same for all tunnels.
- James_124437
  Nimbostratus
  Oct 23, 2013
  So really it is still a device/single user context VPN just on-demand by app.