What is VPN on demand, and how do I get it to work with iOS?

I know what a VPN is, and I've done a little reading about how to set up VPN on demand. However, I'm confused.

Is VPN on demand essentially a certificate instead of a password prompt on each connect? Do apps need to take care of this specifically, or does iOS handle it whenever it sees that an app wants VPN on demand? What is VPN on demand?


EDIT: This answer is outdated. Here are some newer links that may help you if you are trying to set up VPN On Demand:

  • https://support.apple.com/apple-configurator
  • https://support.apple.com/guide/mdm/vpn-overview-mdm2d2adb35d/1/web/1
  • https://developer.apple.com/documentation/devicemanagement/vpn
  • https://developer.apple.com/documentation/networkextension/personal_vpn/vpn_on_demand_rules

Yes, it does involve authentication by certificate. From this article from Apple:

iOS supports VPN On Demand for networks that use certificated-based authentication. You specify which domains require a VPN connection by using a configuration profile.

The VPN connection is made whenever the device tries to connect to certain domains. Specific apps don't need to do anything; as soon as they try to access such a server the VPN connection is initiated.

Visit this support page for information about how to use the Configuration Utility to create a configuration profile that sets up VPN On Demand.