Product Documentation

iOS VPN Installation

Aug 04, 2017

On iOS 10 devices,  Worx Home VPN is used for secure local data sharing between Worx Home and MDX applications. Worx Home VPN runs on the iOS 10 device and provides the ideal user experience because Worx Home and MDX apps can communicate seamlessly through this VPN.

Worx Home VPN works for apps signed by Apple Enterprise developer account ("team id") certificates, Citrix certificates, Enterprise certificates, or third-party ISV certificates.

Worx Home VPN is used by default on iOS 10 devices. If Worx Home VPN is not running on the iOS 10 device, MDX uses is the iOS shared keychain for secure data sharing. The iOS shared keychain mechanism requires all participating apps to be signed with the same certificate in order to access the specific shared keychain for that iOS "team id" certificate. If the user opens an app that isn’t signed with the same certificate as the Citrix-signed Worx Home app, the app flips to Worx Home to get the required information.  

Worx Home VPN is available only for XenMobile Enterprise and MAM-only deployments. Worx Home VPN does not apply to XenMobile MDM-only environments, and the VPN will not be installed in MDM-only enrollments. On iOS9 and below, Worx Home does not use Worx Home VPN.

Worx Home VPN is used for communication between Worx Home and Worx or enterprise apps. It does not filter network traffic on the device and is independent of the MDX micro-VPN mechanism.


Disabling or Re-enabling Worx Home VPN in XenMobile

Worx Home VPN is enabled by default when users start using 10.3.10 Worx Home on iOS 10. 

To disable Worx Home VPN and set iOS devices in your deployment to use the shared keychain mechanism:

  1. In the XenMobile console, go to Settings > Client > Client Properties
  2. From the Client Properties page, create a custom client property called ENABLE_NETWORK_EXTENSION and set its value 0.
To re-enable Worx Home VPN, go to the Worx Home VPN and set the value of ENABLE_NETWORK_EXTENSION to 0.

Installing, Configuring, and Running Worx Home VPN on the Client Device

The Worx Home VPN is installed after Worx Home 10.3.10 is installed on a iOS 10 device or when a user upgrades a device running Worx Home 10.3.10 to iOS 10.

Users see this informational message.


Next, users see an iOS message asking for permission to add VPN configurations. This message is shown only once.


The message on this screen is not customizable. It is a standard iOS dialog used for all VPN installations.

If users select Don’t Allow on the screen asking for permission to add VPN configuration, they see another message telling them that they must install the VPN in order to access Worx Home.

Whenever the Worx Home VPN is running as designed, the text "Connecting..." appears in the General > VPN screen ofhe iOS Settings app.


This is expected and does not mean that the MDX sharing and communication mechanisms are not functioning. There is no action required from users if they see this message.