#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add support for iOS on-demand VPN

Currently Domino Mobile Apps doesn't work with the on-demand VPN feature of iOS, which basically auto-connects VPN based on a list of configured domains. Most organizations will not expose their Domino servers via NRPC to the internet, so a VPN connection is often a requirement for DMA to work.

In iOS, features like on-demand VPN can only be used if the app  interacts with the networking APIs correctly: https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/CommonPitfalls/CommonPitfalls.html 


  • "In iOS, using sockets directly using POSIX functions or CFSocket does not automatically activate the device’s cellular modem or on-demand VPN."
  • "If the server is on the other side of an on-demand VPN that becomes available only when the user tries to access a whitelisted host, connecting by IP does not activate that VPN, which means that the host will never become reachable."
  • "In iOS, NSFileHandle does not automatically activate the device’s cellular modem or on-demand VPN."

According to HCL support, DMA currently uses these network APIs in a way that doesn't support on-demand VPN.

Desired situation:

  • user opens DMA 
  • VPN connects automatically (based on the Domino server FQDN), everything works
  • user stops using DMA
  • VPN disconnects automatically after 1 minute idle timeout

Current situation:

  • user opens DMA, gets a connection failure message
  • user opens VPN client, navigates to profiles, switches from "on-demand" (which is used for everything else) to "manual for DMA" and connects
  • user opens DMA again, now everything works
  • user stops using DMA
  • user opens VPN client again and terminates the VPN connection
  • user tries to work with other apps, gets connection failures
  • user remembers (with a hint from the help desk) that he/she forgot to switch the VPN profile back to "on-demand" after using DMA
  • user opens VPN client (again), navigates to profiles, switches from "manual for DMA" back to "on-demand"
  • user can continue working normally, until he/she wants to use DMA again
  • Guest
  • Sep 2 2019
  • Under Consideration
  • Attach files
  • Guest commented
    17 Dec, 2020 05:23am

    I agree with this idea. In my company , we are using VM-Airwatch as MDM/MAM. I want to use Nomad Apps, but I cannot connect the domino server from mobile device.. Adding support for iOS on-demand VPN is very important for development of Domino and Nomad.

  • Guest commented
    22 Jun, 2020 05:18am

    necessary implementation (don't work on vmware WS1)

  • Guest commented
    12 Dec, 2019 12:45pm

    I support the idea. Also keep in mind that you can solve that problem today by deploying a Domino passthru server in the DMZ and configure your Nomad clients via MarvelClient to use Domino passthru as the gateway to your "real" Domino servers.

  • Guest commented
    25 Sep, 2019 07:20am
    I support the demand for an expansion of VPN support. Without on-demand vpn the app is useless.
  • Guest commented
    23 Sep, 2019 01:17pm

    For us these missing feature is a also a reason why we haven't rolled out the DMA/Nomad Client.

  • Guest commented
    20 Sep, 2019 09:06am

    We have long worked with HCL and Mobile Iron on this Issue.
    Our Users want their data on the road and not to manually activate VPN each time.

    In our current situation that is an servere Issue, because our exectutives want to switch to Exchange based Services, because "they are better" 

    This should be up and working fast in the mobile App, so that we can score a point to stay at Domino.

  • Guest commented
    11 Sep, 2019 06:30am

    That is the reason why we not yet deployed DMA to our 15.000 iOS Devices.

  • Guest commented
    10 Sep, 2019 11:47am

    besides iOS On-Demand VPN - Per App VPN using MobileIron or Airwatch App tunnel should be supported too.

  • Guest commented
    10 Sep, 2019 11:42am

    iOS On-Demand VPN is used by many customers I'm working with. They would expect, that VPN on demand can be used like any other app will do. Apple provides easy to use network APIs to support on-demand VPN.
    Why is it that complicated to add it to Nomad? 

  • Guest commented
    3 Sep, 2019 06:28am

    Without this feature DMA is nearly useless for users on the road. They will find it to bothersome to do all the manual steps.