Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

0 votes
Is it possible to setup always-on VPN by Headwind MDM?

If yes, which VPNs do you support?
by (12.8k points)

1 Answer

0 votes

There is an OpenVPN plugin for Headwind MDM, which is remotely managed and can be setup as always-on.

Headwind's OpenVPN mobile agent is a fork of the open source OpenVPN application https://github.com/schwabe/ics-openvpn. We integrated this app with Headwind MDM mobile API so Headwind MDM can change the app settings. 

To download the OpenVPN mobile agent, use this link: https://h-mdm.com/files/openvpn-hmdm-1.7.22.apk

The source code is available here: https://github.com/h-mdm/hmdm-openvpn  (notice: you need to sign the OpenVPN agent by the same key as Headwind MDM launcher, so it will get access to Android VPN settings).

To start using OpenVPN plugin, add the OpenVPN mobile agent to your configuration. After that, specify the application settings.

Settings can be specified in the "Application settings" tab of the configuration details (package ID is de.blinkt.openvpn). The following settings are available:

vpn_name - VPN connection name

vpn_config - path to the OpenVPN (.ovpn) configuration file relative to the SD card path, for example, /config.ovpn

remove - VPN connections which should be removed from the device (comma-separated)

remove_all - set to 1 to remove all other VPN connections from the device

connect - set to 1 to connect VPN automatically after creation

always_on - set to 1 to mark VPN as always-on

To apply settings, the application must be restarted (or the device rebooted).

OpenVPN plugin Web UI

In Headwind MDM Enterprise, there's a web UI for this plugin. It is disabled by default and needs to be enabled in Settings - Plugins.

To open the web UI, use Settings - OpenVPN.

The plugin setups VPN settings for a specific configuration(s). To assign same VPN settings to multiple configurations, save settings as default.

To apply the OpenVPN settings, the mobile agent can be remotely restarted. Use "Run OpenVPN" button at the bottom of the screen to start the mobile agent and turn on VPN on all related devices.

by (12.8k points)
edited by
...