Learn more about what Hexnode has to offer!
Technology is rapidly evolving around us, so is Hexnode! Check out the latest features offered by Hexnode.
A few years ago, remote work was an alien concept to many, but now 74% of professionals globally expect it to become the norm. Setting up a home workplace is simple yet challenging, especially for companies. Securing employee devices to the enterprise network is critical, with VPNs as the go-to solution. Issuing corporate devices to employees is a common practice, with Apple and Android devices standing out as popular choices. These devices are widely adopted in enterprises due to their optimization for professional workflows. To ensure a secure connection to the enterprise network, configuring a suitable VPN for Apple and Android devices is essential.
VPN protocols supported by Apple devices
VPN protocols determine how data is routed between a device and the VPN server. Apple supports several widely used protocols, though its offerings have evolved over time. For instance, PPTP (Point-to-Point Tunneling Protocol) was once supported but was discontinued in 2016 due to its weaker security, despite its speed advantage. While third-party VPN providers still offer PPTP, Apple encourages users to adopt more secure alternatives.
IPSec (Cisco)
A suite of cryptographic protocols, IPSec secures connections on Apple devices. It supports certificates, shared secrets, two-factor tokens, and machine authentication. Many other protocols also leverage IPSec for encryption.
IKEv2 – The popular speedster
Developed by Microsoft and Cisco, IKEv2 builds on IPSec. It uses a symmetric key for encryption and decryption of data between the client and server. It offers support for both IPv4 and IPv6, as well as shared secrets, certificates, MSCHAPv2, machine authentication, MOBIKE, and EAP-TLS.
L2TP over IPSec – Child of the old
Layer-2 Tunneling Protocol was born combining the two older tunneling protocols: Microsoft’s PPTP and Cisco’s L2F. L2TP exhibits all PPTP’s features while covering its security vulnerabilities by utilizing IPSec for encryption. L2TP also supports both IPv4, IPv6, certificates, shared secret, two factor token, MSCHAPv2 and machine authentication.
SSL VPN – The odd one
While most of the other protocols rely on IPSec for encryption, SSL VPNs do not. The main drawback of relying on IPSec is the additional software and hardware required to implement it. Now, this is a hassle. Who wants to set up hardware and software to get a little privacy? This is where SSL VPN comes in. Its software? Well, we all have browsers installed on our devices, and that’s all that it needs.
SSL and TLS protocols are used to encrypt the data routing between the browser and the SSL VPN device. The VPN automatically chooses the latest cryptographic protocol available for the browser, so its pretty easy to set up. SSL VPN can use certificates and two factor tokens for authentication.
VPN protocols supported by Android devices
Android devices also support a vast set of VPN protocols, catering to both enterprise and personal needs. While some overlap with Apple’s offerings, Android includes additional options tailored to its ecosystem. Here’s a rundown of the protocols supported by android:
PPTP – The fast horse
Though there exists a compromise on security, PPTP still remains supported on Android for its speed. It’s an older protocol, similar to its history on Apple, and is often available through third-party VPN providers.
L2TP/IPSec RSA – Safe and secure
Combining L2TP tunneling with IPSec encryption, this protocol uses RSA keys for authentication, supporting both IPv4 and IPv6. L2TP alone does not provide encryption; it only establishes the tunnel. However, IPsec is used to secure L2TP packets by providing confidentiality, authentication and integrity.
IPSec and the variants
IPSec variants leverage different keying mechanisms and authentication techniques, offering options for both simplicity and advanced security. Below are some key IPSec variants supported by Android.
- IPSec Xauth PSK and IPSec Xauth RSA: These IPSec variants use pre-shared keys (PSK) or RSA certificates with extended authentication (Xauth) for secure connections.
- IPSec IKEv2 PSK and IPSec IKEv2 RSA: Built on IKEv2, these options use pre-shared keys or RSA certificates, offering fast and secure connections with IPv4/IPv6 support.
- IPSec Hybrid RSA: A blend of IPSec with RSA authentication, this protocol enhances security for specific use cases.
The flexibility offered by these platforms allows third-party apps to extend support beyond native protocols, making them versatile and highly suitable for VPN deployment.
Hexnode options in VPN for Apple and Android
Hexnode provides precise VPN protocol support for Android and iOS, ensuring secure enterprise connectivity. These are the supported options:
Android Protocols
- PPTP: Lightweight, fast, but less secure; ideal for basic tunneling.
- SonicWall: Integrates with SonicWall firewalls for robust security.
- Check Point: Supports Check Point VPNs for enterprise-grade protection.
- F5 Access: Enables secure access via F5 networks.
- Palo Alto: Compatible with Palo Alto GlobalProtect VPNs.
- Always-On: Keeps VPN active continuously for uninterrupted security.
- IPSec Xauth PSK: Uses pre-shared keys for authenticated IPSec tunneling.
- IPSec IKEv2 PSK: Offers stronger encryption with IKEv2 and pre-shared keys.
- L2TP/IPSec RSA: Pairs L2TP tunneling with RSA-based IPSec encryption.
- IPSec Xauth RSA: Adds RSA authentication to IPSec for enhanced security.
- IPSec Hybrid RSA: Combines RSA and other methods for flexible authentication.
- IPSec IKEv2 RSA: Uses IKEv2 with RSA for top-tier security.
iOS Protocols
- IKEv2: Fast, secure, and ideal for mobile connectivity.
- Always-On: Ensures constant VPN protection.
- L2TP (default): Basic tunneling with IPSec encryption.
- PPTP: Quick but less secure; legacy support.
- IPSec (Cisco): Cisco-compatible IPSec for enterprise use.
- Cisco AnyConnect: Supports Cisco’s SSL VPN solution.
- Juniper SSL: Integrates with Juniper’s SSL VPNs.
- F5 SSL: Provides F5-specific SSL tunneling.
- SonicWALL Mobile Connect: Secure access via SonicWall.
- Aruba VIA: Works with Aruba’s VPN infrastructure.
- Check Point Mobile VPN: Tailored for Check Point systems.
- Open VPN: Flexible, open-source VPN option.
- iboss Cloud Connector 2020: Cloud-based security integration.
Hexnode’s configurations enforce encryption, authentication, and integrity, securing Apple and Android devices against threats like public Wi-Fi vulnerabilities. Admins can deploy these protocols to match specific enterprise needs efficiently.
Third-Party VPN for Apple and Android devices – The middle man
Why do people use third-party VPNs? Third-party VPNs are popular for their user-friendly interfaces and ease of set up. Using a third-party VPN for Apple and Android devices also gives access to different features based on the vendor. Available on both the App Store and Google Play Store, these services often require browser plugins or standalone apps. Examples include:
Cisco AnyConnect
Juniper SSL
Aruba VIA
The main drawback of using a third-party VPN is, well, the involvement of said third party. When using a VPN, all your data moves through the VPN server. Almost every VPN vendor claims that they are trustworthy, but it’s pretty hard to convince yourself to expose your data just like that entirely. Even if they are tight-lipped, their respective governments could use laws and policies to crack open the data on their server. So, it would be best to do some research before choosing a vendor, and there are tons of vendors to choose from .
VPN features for Apple and Android devices
Protocols and authentications are essential, but it is the base of VPN. Many technologies have come up to support and streamline its user experience. VPN for Apple and Android offers a variety of features to enhance its usability.
On-Demand VPN
Say you require your VPN only on an as-needed basis. Like needing a VPN when you connect to an unknown Wi-Fi network or deeming the VPN unnecessary when connecting to an internal network. This is possible by configuring VPN On Demand. This feature automates the establishment of a VPN connection based on the OnDemandRule key in the configuration profile for Apple devices. Android supports similar functionality through third-party apps or native settings, triggering VPN based on network conditions.
Since enabling the VPN is an automated process, it would be annoying to enter user credentials every time the switch gets flipped. Certificates are usually used to create a better and more seamless user experience.
Always On VPN
Security is a must for any enterprise, and to keep the network secure, some organizations may require a VPN to be enabled all the time. This is where Always On VPN comes in. Once the profile for this feature is installed on the device, the VPN will always stay enabled even after multiple reboot instances. Device supervision is required to activate Always On VPN.
This ensures that all the traffic passes through the organization’s VPN server. The data from the device can be optionally filtered and monitored before reaching its destination. Similar processes can be done to the data sent to the device. To disable Always On VPN, the profile installed on the device has to be removed. This makes it an ideal VPN to be set up on a corporate device.
Per-App VPN
So, imagine you use a couple of enterprise apps on your personal device. Using an Always-on VPN isn’t really an option since it’s your device. Using a Per-App VPN fits perfectly for your use case. By configuring which all apps require a secure connection, you can automate the activation of the VPN when a particular application is underuse. Some apps might need a more secure connection than others. It is possible to assign more secure connections to different managed apps in order to safeguard data further.
There are two criteria to use Per-App VPN on iOS devices: using standard networking APIs and being managed by an MDM (Mobile Device Management) solution. We can enable Per-App VPN by configuring it on the in-built VPN client supported by iOS devices. In Android it is available through MDM solutions or vendor apps (e.g., Palo Alto), restricting VPN use to designated apps.
VPN lockdown
VPN Lockdown ensures your device uses a VPN connection exclusively, limiting network traffic when the VPN isn’t active for heightened security. Unlike typical setups where the device connects to the internet as usual if the VPN is unavailable, VPN Lockdown blocks internet access entirely when the VPN is down. However, system apps can still access the network directly, even with this option enabled.
This feature is particularly useful for organizations that need strict control over data flow, ensuring devices don’t inadvertently bypass secure channels. It’s an efficient way to enforce VPN usage without exceptions—except for those built-in system apps.
Bypass lockdown
While VPN lockdown offers strict security, there’s flexibility with Bypass lockdown. This feature lets specific apps access the network directly when the VPN is in lockdown mode but isn’t connected. It’s a practical compromise, allowing essential apps to function while maintaining tight control over the rest of the device’s traffic.
Featured resource
The Cybersecurity Blueprint: How to adopt the right cybersecurity strategy for your business
Download the white paper to learn how you can adopt the right cybersecurity blueprint for your business.
Download white paperA Final Note
Setting up the right VPN for Apple and Android devices might seem daunting, but it’s a breeze for a device managed by a modern UEM solution like Hexnode. With a UEM solution, admins can deploy VPN profiles across managed devices effortlessly, ensuring compliance. It enables you to configure the entire VPN setup and push it onto the managed devices in your enterprise, without employee intervention. This is also an excellent method to prevent the employee from removing the configurations set up on the device. Apple’s native support for protocols like IKEv2 and Android’s broad compatibility helps reduce reliance on third-party VPNs—though they remain an option.
When it comes to tools to secure your connection, VPN is definitely the first option that comes to our mind for personal privacy or enterprise data. IKEv2 stands out as a favorite across both platforms, blending speed and security. With 26% of internet usersleveraging VPNs, alternatives exist—but VPNs aren’t going entirely out of the picture soon. For now, they’re your best bet for a secure connection on Apple or Android devices.
Discover Hexnode options for VPN in Apple and Android
Check out Hexnode UEM with our 14 day free trial to explore VPN for Apple and Android and so much more.
Try out now
