#dominoforever Product Ideas Forum


Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add support for iOS on-demand VPN

Currently Domino Mobile Apps doesn't work with the on-demand VPN feature of iOS, which basically auto-connects VPN based on a list of configured domains. Most organizations will not expose their Domino servers via NRPC to the internet, so a VPN connection is often a requirement for DMA to work.

In iOS, features like on-demand VPN can only be used if the app  interacts with the networking APIs correctly: https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/CommonPitfalls/CommonPitfalls.html 


  • "In iOS, using sockets directly using POSIX functions or CFSocket does not automatically activate the device’s cellular modem or on-demand VPN."
  • "If the server is on the other side of an on-demand VPN that becomes available only when the user tries to access a whitelisted host, connecting by IP does not activate that VPN, which means that the host will never become reachable."
  • "In iOS, NSFileHandle does not automatically activate the device’s cellular modem or on-demand VPN."

According to HCL support, DMA currently uses these network APIs in a way that doesn't support on-demand VPN.

Desired situation:

  • user opens DMA 
  • VPN connects automatically (based on the Domino server FQDN), everything works
  • user stops using DMA
  • VPN disconnects automatically after 1 minute idle timeout

Current situation:

  • user opens DMA, gets a connection failure message
  • user opens VPN client, navigates to profiles, switches from "on-demand" (which is used for everything else) to "manual for DMA" and connects
  • user opens DMA again, now everything works
  • user stops using DMA
  • user opens VPN client again and terminates the VPN connection
  • user tries to work with other apps, gets connection failures
  • user remembers (with a hint from the help desk) that he/she forgot to switch the VPN profile back to "on-demand" after using DMA
  • user opens VPN client (again), navigates to profiles, switches from "manual for DMA" back to "on-demand"
  • user can continue working normally, until he/she wants to use DMA again
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 2 2019
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    03 Sep 06:28

    Without this feature DMA is nearly useless for users on the road. They will find it to bothersome to do all the manual steps.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    10 Sep 11:42

    iOS On-Demand VPN is used by many customers I'm working with. They would expect, that VPN on demand can be used like any other app will do. Apple provides easy to use network APIs to support on-demand VPN.
    Why is it that complicated to add it to Nomad? 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    10 Sep 11:47

    besides iOS On-Demand VPN - Per App VPN using MobileIron or Airwatch App tunnel should be supported too.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    11 Sep 06:30

    That is the reason why we not yet deployed DMA to our 15.000 iOS Devices.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    20 Sep 09:06

    We have long worked with HCL and Mobile Iron on this Issue.
    Our Users want their data on the road and not to manually activate VPN each time.

    In our current situation that is an servere Issue, because our exectutives want to switch to Exchange based Services, because "they are better" 

    This should be up and working fast in the mobile App, so that we can score a point to stay at Domino.