Configure Per-App Tunnel DNS entries for Android and Windows 10 devices


You must create a DNS entry to resolve a connection to a website through the Per-App VMware AirWatch Tunnel from Android and Windows 10 devices. When using the Basic configuration, the VMware AirWatch Tunnel server hosting the Per-App Tunnel component must be able to resolve the requests. If you are using the Relay-Endpoint configuration, the relay server must be able to resolve the request. Configure the resolution by either:

  • Directly giving the host server or relay server access to the internal DNS.
  • Deploying the dnsmasq service. See the Workaround for more information.



  • Navigate to the /etc/hosts file on the AirWatch Tunnel server.
  • Edit the file to add any websites you want to access through the AirWatch Tunnel.
  • Verify the dnsmasq service is installed on the server.
    • For CentOS/RHEL systems, execute the following command as a root/sudo user. This service is preinstalled on the AirWatch Tunnel appliance.
      • yum install dnsmasq
  • By default, dnsmasq does not run automatically upon install or reboot of the system. Configure the service to run automatically.
    • For CentOS/RHEL 7 or AirWatch Tunnel appliance, run these commands as a root/sudo user:
      • systemctl enable dnsmasq.service
      • systemctl start dnsmasq.service
    • For CentOS/RHEL 6, run these commands as a root/sudo user:
      • service dnsmasq start
      • Check with your Linux administrator on how to set the service to initialize every time the server is rebooted.
  • Modify the parameters in the /opt/airwatch/tunnel/vpnd/server.conf file:
    • ;dns_server_address_1
      • Uncomment and enter the IP address of the Linux box that is hosting the Tunnel server.
    • ;dns_server_address_2
      • If applicable, uncomment and add secondary DNS server.
    • Note: Do not use or the localhost entry because it will cause the device to attempt to use itself to resolve the DNS entries.
  • Restart the vpnd service.
Have more questions? Submit a request


Article is closed for comments.