iOS 7 does not support Connect On Demand in Always On mode

Under the pressure of the patent troll VirneX in iOS7 changed the logic of the mode Connect On Demand (Always On). Now the VPN connection is established only if the DNS server cannot find the requested domain. This is suitable for connecting to the “internal” resources of the corporate network, but completely eliminates comfortable work in the VPN proxy mode, when all traffic from a mobile device passes through the VPN server.

Of course, they will look for some solutions to this problem. For ruVPN.net users , I recommend not updating to iOS7 , since the main advantage of the service will be lost - a guaranteed connection to the VPN if there is traffic.

Finally, I want to send rays of contempt to all patent trolls who consciously limit the convenience of users for the sake of personal interests (Apple is no exception). It is especially sad that the restriction is directly related to information security, which is extremely important in the light of recent revelations and scandals.
')
UPD: Restriction concerns Cisco IPSec VPN. The good news is that OpenVPN works fine in Connect On Demand mode (Always On). The settings for connecting to the OpenVPN server can be included in the standard configuration profile, however, to use OpenVPN, you need to download the OpenVPN Connect application from the AppStore.

UPD2: With OpenVPN, not everything is so smooth, alas. Connect On Demand works only when connected to WiFi, when changing networks or switching to 3G, a secure connection is not restored.

UPD3: With a high probability, the principle of Connect On Demand is implemented through the “On Demand Rules Dictionary Keys”. While on hand only the latest documentation Configuration Profile Key Reference . No examples, the iPhone Configuration Utility application does not yet know about the new parameters. Now I start modeling on a test bench. Keep for updates :)

UPD4: The solution was found, although I still had to suffer, as the documentation is scarce, there are no examples. Everything is written in the section OnDemandRules .