[walterbell]

Are those the same profiles generated by Apple Configurator 2? I was able to get per-site Safari VPNs added by manually editing XML in the profile, but no success with per-application VPNs.

Commercial MDM providers only whitelist a handful of VPN client apps for per-app VPN profiles. Why are those needed when there is already a native iOS VPN client for IPSEC?

[madjam002]

Funnily enough I have been trying to do that today - I don't think you can. You create the per app VPN with a UUID, but the only way to associate an app to a Per-App-VPN definition is through MDM - I think.

[walterbell]

The next question would be whether it requires DEP, or could be done with open-source MicroMDM or the $20 macOS Server app.

[zalmoxes]

they should be the same, yes. You can compare the .mobileconfig file with the spec from the PDF.

That's all commercial vendors do, push these XML files to your device.