Skip to main content

WireGuard VPN Client

Your tunnel. Not their recurring revenue.

WireGuard clients that support MDM come with a subscription. Vylos doesn't — one purchase per device, self-hosted connections only, no VPN service attached.

Explore the PlatformView on App Store

App Lock

Face ID, Touch ID, Passcode, or 6-digit TOTP via authenticator app. Tunnel credentials stay protected on company devices — even if the device is left unattended.

MDM Support

Managed App Configuration for organizations. Push tunnels, enforce restriction keys, set jailbreak policies. App lock disables automatically — MDM handles security.

Configuration Profiles

Deploy tunnels via .mobileconfig. Profile-installed tunnels appear read-only in the app — users connect, but they cannot tamper.

Keychain Storage

Private keys live in your device’s secure storage — the same place that guards Face ID and Touch ID data. Nothing sensitive sits in less-protected system files.

On-Demand Activation

Connect automatically by network type or Wi-Fi SSID. The tunnel connects before anyone has to think about it.

Custom Config Format

The .vylos format — a zip containing your wireguard.conf untouched, plus an optional settings.conf for Split DNS and On-Demand Rules.

By the Numbers

3

Apple platforms

19

Languages supported

1

Purchase per device

0

Servers we touch

Deploy Tunnels with VPN Profiles

<!-- .mobileconfig VPN Payload -->
<dict>
    <key>PayloadType</key>
    <string>com.apple.vpn.managed</string>
    <key>UserDefinedName</key>
    <string>Corporate VPN</string>
    <key>VPNType</key>
    <string>VPN</string>
    <key>VPNSubType</key>
    <string>io.cbnventures.vylos</string>
    <key>VPN</key>
    <dict>
        <key>AuthenticationMethod</key>
        <string>Password</string>
        <key>RemoteAddress</key>
        <string>vpn.example.com:51820</string>
    </dict>
    <key>VendorConfig</key>
    <dict>
        <key>WgQuickConfig</key>
        <string><!-- WireGuard configuration --></string>
    </dict>
</dict>

Push WireGuard tunnels to every device via standard .mobileconfig profiles. Managed tunnels appear read-only in the app — users connect, but IT controls the configuration.

Available for iOS, macOS, and visionOS

Download on theApp Store

From the Blog

Product updates, VPN best practices, and managed deployment guides.

Reconnect Faster, Trust the Signals: Vylos 1.3.0

One-tap reconnect from notifications, cleaner copy and throttling on every alert, a bandwidth chart that now covers managed tunnels, and an app-lock rate limit that survives a force-quit.

Read more

On-Demand Rules and Split DNS: Automatic VPN Without the Overhead

How Vylos uses on-demand activation rules and split DNS to keep devices connected to VPN when they need to be — and off when they don't — without manual toggling or routing all traffic through the tunnel.

Read more

Deploying VPN to Supervised Devices with MDM

How to use Vylos with Apple MDM to push managed WireGuard tunnels, restrict user access, and enforce jailbreak policies across supervised iOS devices.

Read more