AlgoVPN Setup Guide

# Configuring an Always-On VPN on an iPhone Using Apple Configurator

This guide walks you through setting up an iPhone to use an always-on VPN configuration using a profile created with Apple Configurator. This ensures all traffic from the iPhone — whether on Wi-Fi or cellular — is securely routed through your AlgoVPN instance and cannot be bypassed by the user.

---

## Prerequisites

- A **MacBook or Mac** with Apple Configurator installed (free from the Mac App Store)
- An AlgoVPN server already deployed and working
- The VPN configuration file (WireGuard `.conf` or `.mobileconfig` file)
- An iPhone that you are able to **erase and supervise**

> ⚠️ This process **requires wiping the iPhone** to enable supervision. Be sure to back up any important data before proceeding.

---

## Step 1: Wipe the iPhone and Enable Supervision Mode

1. On the iPhone, go to **Settings > General > Transfer or Reset iPhone > Erase All Content and Settings**.
2. Once the phone reboots to the setup screen, connect it to your Mac using a Lightning cable.
3. Open **Apple Configurator**.
4. In the Configurator window, your iPhone should appear. Select it.
5. Right-click and choose **Prepare**.
6. In the wizard:
    - Choose **Manual Configuration**.
    - Check the box for **Supervise devices**.
    - Leave MDM options unchecked unless you're using an MDM system.
7. Complete the steps to prepare and enroll the device in supervised mode.

---

## Step 2: Create a VPN Profile in Apple Configurator

1. In Apple Configurator, go to **File > New Profile**.
2. Fill in the **General** section with a name (e.g., "Always-On VPN Profile").
3. Add a new **VPN** payload:
    - **Connection Type**: IKEv2 (recommended for stability)
    - **Server Address**: Enter your AlgoVPN server's public IP address.
    - **Remote ID / Local ID**: Use your VPN server’s domain or IP.
    - **Authentication**: Use certificate, username/password, or shared secret depending on your AlgoVPN setup.
    - **Enable**: **Always-on VPN**
    - **Enable**: Connect on demand

> For WireGuard: you may need to convert your `.conf` to a `.mobileconfig` format using third-party tools, or push the file using an MDM solution.

---

## Step 3: Add Restrictions to Disable Hotspot and VPN Changes

1. In the same profile, add a **Restrictions** payload.
2. Under **Cellular**, disable **Personal Hotspot**.
3. Under **Network Settings**, restrict:
    - Modifying VPN settings
    - Installing new configuration profiles
    - Using unapproved VPNs

This ensures the user cannot circumvent the VPN settings or set up a new connection.

---

## Step 4: Apply the Profile to the iPhone

1. Save the profile.
2. Back in the Apple Configurator main window, drag and drop the profile onto the iPhone.
3. It will automatically be installed.
4. After installation, you can finish setting up the iPhone as usual.

---

## Step 5: Verify VPN Functionality

1. On the iPhone, connect to **Wi-Fi**.
2. Open Safari and go to [https://ipchicken.com](https://ipchicken.com).
3. Note the IP address — it should match your AlgoVPN server.
4. Turn off Wi-Fi and test the same check over **5G or LTE**.
5. The IP should remain the same, confirming that the VPN is active over all connections.

---

With these steps complete, the iPhone will be locked to an always-on VPN connection that routes all traffic through your private AlgoVPN server — offering strong privacy, parental control, and consistent filtering whether on cellular or home Wi-Fi.