How to Enforce a VPN on an iPhone

Prevent bypass of VPNs that filter content on an iPhone by enforcing VPN profiles and preventing a user from overriding them.

Tech Lockdown Team

Updated May 13, 2024

Effective content filtering apps on iOS will often use the VPN feature on an iPhone to route the internet traffic through a DNS filter. This approach allows restricting access to certain websites or apps. If you're using a filter to block addictive content, you have to prevent this VPN from being disabled in order for it to be an effective solution. Sometimes a person might unknowingly disable the VPN or it turns off on its own, but usually a content-blocking VPN is intentionally disabled to gain access to blocked content. Luckily, there are several effective ways to enforce a VPN and prevent a VPN from being disabled or bypassed on iOS.

There are a two areas to consider when enforcing a VPN on an iPhone:

Prevent VPN apps from being uninstalled.
Prevent a VPN from being toggled off using iOS settings.

This can be achieved in several ways, but there are a few unique approaches that most people don't know about:

Combining the Apple Shortcuts feature with an app blocker to enforce a VPN.
Using Supervised Mode to prevent a person from changing VPN settings. This can also be used to create app blocklists for apps that aren't already installed on the iPhone and limit the app store.

Use Shortcut Automations on your iPhone to Re-enable a VPN

The Shortcuts app was introduced to iOS 12, so chances are that your iPhone also supports this feature.

Shortcuts allow your device to perform a sequence of actions automatically, one after another. There are some pretty advanced things you can use Shortcuts for, like re-enabling VPNs automatically and restricting access to settings on iOS .

One strategy to enforce a VPN involves using shortcut Automations. Automations can be found in the Shortcuts app on your iPhone, and allow you to set instructions for your smartphone based off of a trigger, for example:

When an App is opened or closed (or both).
At certain times of the day.
When your smartphone connects to a Wi-Fi network.

In our case, we can use it to enforce a VPN profile on an iPhone.

Use Automations to Re-Enable a VPN when the Settings app is Closed

If you have connected your iPhone to a DNS Content Policy , chances are that this filter is made possible with the help of a VPN. Forcing this VPN profile to be enabled every time the Settings app is closed can prevent attempts to disable your Policy.

Note

These steps only work if your filtering app uses a VPN. Some apps have other ways that they enforce filter settings.

In order to do this, open the Shortcuts app.

Tap on the Automations tab and Create Personal Automation:

You will now be prompted to choose when this automation runs.

Select App so that you can trigger this automation with a specific app:

You can then choose the Settings app. Tap Choose:

Find or search for the Settings app:

Once you've selected Settings, tap Done near the top.

Next, select Is Closed (you might also want to unselect the Is Open option):

This triggers the automation when the settings app is closed.

Now we need to define the automation to run when the settings app is closed.

Tap Next near the top.

You might see a menu with a list of options that you can choose. If prompted, select New Blank Automation (don't worry if you don't see this option, some iPhones have slightly different menus).

You should see a screen that looks like this:

Now we can add an Action that Sets the VPN. Using the search bar, type in VPN.

Select a Device VPN (this will be based on VPNs that are available on your iPhone currently).

Tech Lockdown integrates with Cloudflare Zero Trust , so you would see Cloudflare Zero Trust as a Device VPN option if you've gone through our install process.

In my case, since I use Tech Lockdown to set a DNS Content Policy , I have the Cloudflare One app installed , which provides a Cloudflare Zero Trust VPN option.

Back on the Shortcuts app, tap on the grayed-out VPN option in the action you've added:

Tap next

On the Edit Automation screen, deselect Ask Before Running.

This ensures that this automation quickly runs after the trigger happens and doesn't require you to approve it each time.

Select Done then edit the automation from Is Opened to Is Closed

You're all set! Now when the settings app is closed, this automation will ensure that the Cloudflare Zero Trust VPN is toggled back on automatically (if it was turned off).

Get Powerful DNS Filtering

Create and enforce a Content Policy on all your devices.

Force a VPN Profile to Be Enabled When a Browser is Opened

If you want to ensure that a VPN is enabled when opening a web browser, it's pretty easy to use an automation to do this as well.

Open the Shortcuts app, and tap on the Automations tab:

Add an Automation

From the options, choose App:

Make sure that Is Open is selected.

Under the App, select Choose:

Next, find or search for browser apps on your iPhone. Some common ones are:

Chrome
Safari
Edge
Firefox

Note

You can select multiple Apps. You don't need to create a seperate Automation for each app.

Once you've selected each browser app, you can tap next:

Note

You might have the option to Run Immediately, make sure this is selected.

From here, tap the search bar at the bottom and search for VPN.

Now we can add an Action that Sets the VPN. Using the search bar, type in VPN.

Tap the grayed-out VPN option in the action. Select the VPN profile that you want to enable when your browsers are opened:

Lastly, you can tap on done near the top. That's it!

Now, every time that you open a browser on your iPhone, the automation will attempt to set your VPN.

Note

If you uninstall the VPN in the future, the automation will throw an error. You VPN profile needs to be installed in order for it to be set.

Prevent Modifying VPN Profiles on Your iPhone Completely

Another option is to disable the option for a user to manually configure VPN settings via iOS settings. The use case for this is that you want to install a filtering app that sets an always-on VPN and you want to prevent a person from changing these settings to bypass the filter.

Enable Supervised Mode on Your iPhone to Prevent VPN Settings from Being Removed

Unfortunately, you can't enforce VPN profiles with normal Settings or Screen Time, but you can use Apple's Alternative to Screen Time . This alternative is called supervised mode.

Supervised mode allows you to enforce a profile on your iPhone that configures settings not normally possible on standard iPhone devices.

There are many other settings that you can enforce on a supervised iPhone device:

Prevent Apps from being removed or installed.
Block apps on your iPhone.
Block the App Store without disabling app updates.

Enable Managed Mode to Unlock Full Control Over Your Device

You can also go a step further by enabling managed mode on your iPhone device. Managed mode (also known as device management) unlocks even more powerful features, including the ability to remotely install or remove apps.

Using managed mode, you can enable the kiosk feature to block access to the Settings app completely. You can use this feature to create a dumb iPhone, with all distracting features removed.

Manage iOS Devices at Home

Become a member to access step-by-step guides.

Prevent VPN Profiles from Being Modified on Your iPhone at All

Another option to consider is locking settings on your iPhone . This approach can prevent someone from bypassing a VPN using iOS settings.

There are a few good ways to do this:

Using supervised mode to enforce settings.
Using Apple Shortcuts and an App Blocker to restrict access to the settings app.

Learn more using the guide below.

iPhone

How to Lock Settings on an iPhone

Learn a few effective methods for enforcing settings on an iPhone and locking settings in place so they can't be bypassed or changed.

Block Apps that are used to bypass VPNs

Another area you have to consider is a user downloading another app that sets a VPN. In order to do this, you can try specify app blocklists to limit access to these types of apps.

Screen Time and App Blockers let you restrict access to apps that are already installed, but you have to use other methods if you want to restrict apps that haven't been downloaded yet. See the below guide for specific instructions.

Block Apps

How to Block Apps on Iphone

After hundreds of hours of research and testing, these are the best methods I've found for blocking apps on iOS devices.

Limit the App Store to Restrict Access to Apps used to bypass VPNs

Similar to the previous point about restricting other apps that set a VPN, you should also consider either disabling the App Store entirely or limiting what apps can be downloaded.

There are a few ways to do this outside of the typical Screen Time and App Blocker approach. For example, you can use supervised mode to allow automatic app updates from the App Store, but restrict downloading apps that aren't on an approved list. See the below guide for more information.

iPhone

How to Completely Disable and Block the App store on iPhone

There are several effective methods that can be used to disable or block the App Store on an iPhone / iOS device.