Securepoint VPN Client App for iOS

Status reports and function of the iOS app Securepoint VPN Client for Securepoint Mobile Security

Last adaptation to the version: 3.2

New:

Logging is now a seperate section under More
Adjustment to the new design

Authentication methods at app start
Update button at Edit profile

notempty

This article refers to a Resellerpreview

Introduction

The iOS VPN app for Securepoint Mobile Security can be downloaded from the Apple App Store or automatically installed on the device via the portal in the Apps section.
The function and status displays are explained here.

Compatibilities iOS

The compatibility between iOS and Securepoint Mobile Security is always tested on current devices.

notempty

The device must not be rooted!

iOS / iPadOS Version	Mobile Security	Remark
up to 15.5		Technologically not compatible
15.5 up to 16	()	Version 15.5 is the technically lowest supported version Technologically compatible, but not all functions are supported by the operating system.
17 up to 18		Technologically compatible

The latest version is required to use all functions.

Compatibility of Android versions with Securepoint Mobile Security:

notempty

The device must not be rooted!

Android Version	Mobile Security	Remark
until including 6		Technologically not compatible
7 up to 13	()	Version 7 is the technically lowest supported version Technologically compatible, but not all functions are supported by the operating system.
14		All devices from Android 7.0 with access to the Google Play Api are supported This excludes, for example, newer devices from Huawei that do not have access to Google Play! Mobile Security and MDM is compatible with the devices recommended by Google. The current list of compatible devices can be found at https://androidenterprisepartners.withgoogle.com/devices/# Due to the large number of different manufacturers and operating system versions we can not guarantee 100% compatibility. Devices that are not explicitly recommended by Google can work. We cannot guarantee a solution for problems with unlisted devices.

Caption	Value	Description
Overview Overview
The overview displays various information about the connection status.
Symbol	Status	Description	Internet connection and VPN tunnel active

		VPN-Tunnel active
		VPN-Tunnel inactive
		Network connection via WLAN or cellular network active
		Network connection via WLAN or cellular network inactive
Pause VPN	The VPN tunnel is interrupted for a specified period of time (1, 2, 4, 8 hours / Until tomorrow morning at 6 am).
Start VPN	Immediate re-establishment of the VPN tunnel
Stop VPN	Aborting the VPN tunnel

Running connection Running connection
Current information about the running connection is displayed here.
Active profile:	Mobile Security	Displays the active profile
Status:	Disconnected Connected	Displays the current status of the connection
Received:	17.6 KB	The amount of data received
Sent:	176.0 KB	The amount of data sent
Received per second:	0.0 KBit/s	The amount of data received per second
Sent per second:	0.0 KBit/s	The amount of data sent per second
Connection time:	hh:mm:ss	The runtime of the connection in hours:minutes:seconds

Course of time Course of time
Shows the upload and download data volume of the current connection in two diagrams. The last 5 minutes are shown at the top and the last 100 minutes at the bottom. Each point in the 5 minute diagram corresponds to the average value over 5 seconds. Each point in the 100 minutes diagram corresponds to the average value over 1 minute. As long as no connection is active, no new values are generated and the past data is displayed. As soon as a new connection is started, the new data is included in the calculation of the average values. The display therefore refers to the last 5 or 100 minutes with an active connection. Regardless of whether there were breaks during this time.

Profiles Profiles
Manage profiles
All existing profiles are displayed. The button can be used to add another profile. This opens the Files app. The profiles can only be edited when the Edit button is displayed. By clicking it can be changed to Finished. Then the profiles cannot be edited. The slider next to the profile activates it , or deactivates it . notempty At least one profile must always be active.			Profiles overview

Add profile
Add profile via portal
notempty VPN Configurations for Roadwarrior require a UTM v14.0 or higher. notempty New from app version: 3.0 Additional profiles can be added via the Securepoint Portal To do this, a new Roadwarrior is created under Unified Security Consoleconfig for an existing core UTM using the Satellit/Roadwarrior button. If a Roadwarrior connection already exists and only needs to be expanded, the desired profile can be selected via the button under the Profil option. Alternatively, if a suitable iOS profile is included in a Roadwarrior connection, the iOS device can be assigned to this profile. Once this VPN connection is published via Publish or the iOS profile is saved, the VPN profile is added to the VPN app. Further information can be found in the Wiki article under VPN Configuration
Add profile manually
To add another profile, click on the button. The corresponding file is selected in the Files app that opens. Two different formats are accepted: a zip file containing all required CAs, certs, keys and the ovpn file this can be created directly within the UTM. an unzipped zip file via the import of the .ovpn file If all required CAs, certs and keys are also included there. an inline-.ovpn-Config file, in which all required CAs, certs and keys are written into the .ovpn file via XML

Edit profile
To edit a profile, click on the corresponding profile. The dialog for editing the profile opens.
notempty New from app version: 3.0 notempty Only manually added profiles can be fully edited. For the Securepoint Mobile Security profile, editing is highly restricted. The only editable options are: Redirect Gateway, Verbosity, Connection Monitoring, and Widget
Caption	Value	Description
Profile name:	Securepoint Mobile Security	The name of the profile
Username:	Alice	The name of the user to the VPN connection
Password:	***********	The password of the user to the VPN connection
Enable OTP		When activated OTP is used
VPN-Server	Opens the dialog VPN Server Shows the used servers with port and if TCP or UDP is used.
DNS-Server	Opens the dialog DNS Server Shows the used servers with port and if TCP or UDP is used.
Redirect Gateway	IPv4 only	If enabled, the selected redirect gateway will be used
	IPv4 and IPv6
	IPv6 only
Excluded routes	Opens the Excluded routes dialog Displays the IP addresses and networks where no VPN connection is established
Excluded domains	Opens the Excluded domains dialog Displays the domains which are not in use
Excluded SSIDs	Opens the Excluded SSIDs dialog Displays the SSIDs that do not establish a VPN connection
MTU	1500	The size of the MTU can be set
Encryption	AES-128-CBC	Shows the set encryption
Authentication	SHA256	Shows the set authentication
Reconnection time	5	The time after a connection is lost during which the connection is re-established
Maximum connection attempts	12	The maximum number of attempts to re-establish the connection after a termination.
Certification authority	CN: Securepoint Mobile Security EMail:support@securepoint.de	Displays the content of the certificate used
Certificate	CN=********	The certificate used
Key	*******	The key used
Verbosity	No selection 0 to 5	Setting the log level
Connect if required		Connect if required
Save	The changes made are saved
Back	The program returns to the previous dialog. A warning window appears if changes have not yet been saved.
Edit Portal Profile
notempty New from app version: 3.0 Profiles created via the VPN configuration in the portal can only be edited to a limited extent in the VPN app
Interface
Profile name:	RW-Smartphones	The name of the profile
Private Key	***************************	The private key for the VPN connection
Public key	***************************	The public key for the VPN connection
Addresses	10.0.2.1/32	The IPv4 or IPv6 address of the device based on the transfer network used
DNS Server	(optional)	The DNS-Server, if available
MTU	(optional)	The size of the MTU, if available
'
Public key	***************************	The public key of the Core UTM
Pre-shared key	(optional)	The pre-shared key, if available
Endpoint	203.113.0.113:51280	The public IP address, hostname, and port of the Core UTM
Allowed IP Addresses	10.2.0.0/24	These IP addresses are routed through the VPN This is configured via the Destination in the set Rule. More information can be found here.
Persistent Connection	25	Duration for which the connection remains active despite UTM inactivity
Connect if required		Connect if required
Save	The changes made are saved
Back	The program returns to the previous dialog. A warning window appears if changes have not yet been saved.

Notifications Notifications
Notifications Notifications
Notifications about the VPN connection are displayed here.
Symbol	Description
	No error present. The VPN connection is established and the device uses it.
	An error has occurred or the VPN connection is disconnected. A corresponding message appears.

More More
Settings Settings
Exclude connected WLAN from VPN	Default	When activated, the currently connected WLAN is excluded from the VPN
Enables automatic reconnection after the device wakes up from sleep mode	Default	When activated , the VPN connection is resumed, after the device wakes up from sleep mode.
notempty New as of 3.1 Enable Authentication before app start		Indicates whether authentication for the Securepoint VPN app is enabled Authentication is required every time the app starts This function can be enabled via the portal Securepoint Portal de-/activate Depending on the iPhone/ iPad settings, different authentication methods are available, such as Biometrics (TouchID or FaceID) or Credentials (PIN, Pattern, Password) If both Biometrics and Credentials are enabled, Biometrics will be requested first, with Credentials offered as an alternative Authentication Method via Biometrics (FaceID) Authentication Methods via Credential (PIN)

Logging Logging notempty New as of: 3.2
Activate logging		When activated logging is enabled
Devices Info	Opens a dialog with information about the device
Full log	Opens the dialog with all log messages
	Opens a window for a support ticket
	Opens a window with a security question whether all entries should be deleted

Diagnosis Diagnosis
Diagnostic report	The chevron right button opens the Logging dialog ( see above).
Active profile:	Displays the active profile
Internet connection:	Displays the connection to the Internet
Server reachability	The Test button is used to test the reachability of the VPN Server in use. The VPN connection is briefly interrupted for this purpose.
Server name resolution	Displays the test result. Not tested No test has been performed yet. Successful test. The name resolution of the server works without errors. Failed test. An error occurred during the name resolution of the server.
Server reachability	Displays the test result. Not Tested No test has been performed yet. Successful test. The server is reachable. Failed test. The server is not reachable.
Virtual Private Network	The Test button tests the VPN connection.
Connection	Displays the test result. Not Tested No test has been performed yet. Successful test. The VPN connection works without errors. Failed test. There is an error with the VPN connection.
Information and action instructions based on the last connection test:	Displays a log message about the last VPN connection test. If an error occurred, a corresponding instruction is displayed to solve this problem.
Check public IP	The Test button displays the public IP address of the device.
Your IP is:	**********	The public IPv4/IPv6 address of the device

Privacy policy
Privacy policy	Displays the privacy policy.
Imprint
Imprint	Displays the imprint with contact details.
EULA
EULA	Displays the end user agreement.
Licenses
Licenses	Displays the licenses of the opensource programs used.
Help
Help	Displays the FAQs.