Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status No Plans to Implement
Workspace Nomad
Categories Nomad (iOS)
Created by Guest
Created on Sep 2, 2019

Add support for iOS on-demand VPN

Currently Domino Mobile Apps doesn't work with the on-demand VPN feature of iOS, which basically auto-connects VPN based on a list of configured domains. Most organizations will not expose their Domino servers via NRPC to the internet, so a VPN connection is often a requirement for DMA to work.

In iOS, features like on-demand VPN can only be used if the app  interacts with the networking APIs correctly: https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/CommonPitfalls/CommonPitfalls.html 

Specifically:

  • "In iOS, using sockets directly using POSIX functions or CFSocket does not automatically activate the device’s cellular modem or on-demand VPN."
  • "If the server is on the other side of an on-demand VPN that becomes available only when the user tries to access a whitelisted host, connecting by IP does not activate that VPN, which means that the host will never become reachable."
  • "In iOS, NSFileHandle does not automatically activate the device’s cellular modem or on-demand VPN."


According to HCL support, DMA currently uses these network APIs in a way that doesn't support on-demand VPN.

Desired situation:

  • user opens DMA 
  • VPN connects automatically (based on the Domino server FQDN), everything works
  • user stops using DMA
  • VPN disconnects automatically after 1 minute idle timeout

Current situation:

  • user opens DMA, gets a connection failure message
  • user opens VPN client, navigates to profiles, switches from "on-demand" (which is used for everything else) to "manual for DMA" and connects
  • user opens DMA again, now everything works
  • user stops using DMA
  • user opens VPN client again and terminates the VPN connection
  • user tries to work with other apps, gets connection failures
  • user remembers (with a hint from the help desk) that he/she forgot to switch the VPN profile back to "on-demand" after using DMA
  • user opens VPN client (again), navigates to profiles, switches from "manual for DMA" back to "on-demand"
  • user can continue working normally, until he/she wants to use DMA again
  • Attach files
  • Admin
    Timothy Clark
    Reply
    |
    Nov 7, 2023

    Please ask Apple to support on-demand VPN's when software is using POSIX for networking.

    We are unable to fix this as it's a limitation in iOS, not Nomad. As Nomad uses NRPC (Notes Remote Procedure Call) through a Web Secure Sockets layer (WSS) this is only available on iOS by using POSIX for networking.

    Apple's own documentation states that iOS does not support enacting an on-demnad VPN from a POSIX connection. Therefore we are unable to affect a change that would enable this function.

    The user will have to enable the VPN if outside a corporate connected network.


    https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/CommonPitfalls/CommonPitfalls.html#//apple_ref/doc/uid/TP40010220-CH4-SW2

    • In iOS, using sockets directly using POSIX functions or CFSocket does not automatically activate the device’s cellular modem or on-demand VPN.
  • Guest
    Reply
    |
    Dec 17, 2020

    I agree with this idea. In my company , we are using VM-Airwatch as MDM/MAM. I want to use Nomad Apps, but I cannot connect the domino server from mobile device.. Adding support for iOS on-demand VPN is very important for development of Domino and Nomad.

  • Guest
    Reply
    |
    Jun 22, 2020

    necessary implementation (don't work on vmware WS1)

  • Guest
    Reply
    |
    Dec 12, 2019

    I support the idea. Also keep in mind that you can solve that problem today by deploying a Domino passthru server in the DMZ and configure your Nomad clients via MarvelClient to use Domino passthru as the gateway to your "real" Domino servers.

  • Guest
    Reply
    |
    Sep 25, 2019
    I support the demand for an expansion of VPN support. Without on-demand vpn the app is useless.
  • Guest
    Reply
    |
    Sep 23, 2019

    For us these missing feature is a also a reason why we haven't rolled out the DMA/Nomad Client.

  • Guest
    Reply
    |
    Sep 20, 2019

    We have long worked with HCL and Mobile Iron on this Issue.
    Our Users want their data on the road and not to manually activate VPN each time.

    In our current situation that is an servere Issue, because our exectutives want to switch to Exchange based Services, because "they are better" 

    This should be up and working fast in the mobile App, so that we can score a point to stay at Domino.

  • Guest
    Reply
    |
    Sep 11, 2019

    That is the reason why we not yet deployed DMA to our 15.000 iOS Devices.

  • Guest
    Reply
    |
    Sep 10, 2019

    besides iOS On-Demand VPN - Per App VPN using MobileIron or Airwatch App tunnel should be supported too.

  • Guest
    Reply
    |
    Sep 10, 2019

    iOS On-Demand VPN is used by many customers I'm working with. They would expect, that VPN on demand can be used like any other app will do. Apple provides easy to use network APIs to support on-demand VPN.
    Why is it that complicated to add it to Nomad? 

  • Guest
    Reply
    |
    Sep 3, 2019

    Without this feature DMA is nearly useless for users on the road. They will find it to bothersome to do all the manual steps.