Jump to content
Welcome to our new Citrix community!
  • 1

iOS Per-App VPN does not work

Lars Pedersen1709159493


I have made an iOS app (using Xamarin) and deployed it with Citrix Endpoint Management.

I want to enable Per-App VPN for it.


By recommendation from Citrix support I have added the required policies to a Netscaler, following this guide:



Also, I have added the App Attributes Policy with details about my app and the iOS VPN Policy.


On the iPhone, I can see that this policy is visible under Settings->VPN->Per App VPN and it shows the name of my app.

It also shows the correct IP address next to "Server".

However, it says "Not connected" (Is this important?)


Also, the app does not work. It is unable to retrieve the results from the network.


If I connect to Pulse VPN the app works.


How can I troubleshoot this further?

Link to comment

8 answers to this question

Recommended Posts

  • 0

I have now installed the Citrix SSO app. The app looks similar to what I find under Settings->VPN.


On the Endpoint Management->VPN Policy page, there is a checkbox "On-demand match app enabled". I have set this to ON. 

(The docs say: "Turn the On-Demand Match App Enabled switch ON if Citrix SSO must be started automatically when the Match App is launched. This is recommended for most Per-App cases.")


However, the app still does not work.


Before I launch the app, 

Citrix SSO -> Per-App VPN says "Not connected."

Settings -> VPN -> Per App-VPN also says "Not connected."


After I launch the app,

Citrix SSO -> Per-App VPN says "Connecting..."

Settings -> VPN -> Per App-VPN also says "Connecting..."


Link to comment
  • 0
8 hours ago, Lars Pedersen1709159493 said:

Could the problem be that I am using Password for authentication instead of Certificate?


Correct, an auto creation of a per app vpn tunnel can only be established if you are using usercert as an auth method for your citrix sso sslvpn app at your adc.

Link to comment
  • 0
On 8/19/2020 at 11:19 AM, Lars Pedersen1709159493 said:

I changed it to Certificate (which?) but it made no difference.



you can use password authentication as well, but the user have to re-login after every session timeout. The UX is not very friendly, so that we recommend client certificate authentication for that use-case. That means, the NetScaler VPN VServer muss accept clientcert-authentication, which will be used for the user authentication (UPN).


Could you connect to your Citrix Gateway successful, if you configure the Citrix SSO app manually?


Can you please share your NetScaler session policy / NetScaler session profile for ssl vpn connection, thank you.





Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...