The new IVPN app for iOS

Releases By Ed Holden | Posted on March 15, 2017

After hundreds (if not thousands) of requests, we’re proud to release the IVPN app for mobile devices running iOS. If you’d like to download it immediately simply navigate to the iOS setup page. I’d like to take this opportunity to provide interested customers with more information about the security configuration and design goals of the app.

When we first started working on an iOS app we quickly discovered that implementing OpenVPN was not possible due to the app store terms of service being incompatible with the GPL, the license under which OpenVPN is released. Unless of course you are the holder of the copyright in which case you can relicense it under some proprietary license, which of course OpenVPN technologies has done so they can publish the OpenVPN connect app.

Before the launch of this app we offered customers who didn’t want to install the OpenVPN Connect app the possibility to configure L2TP/IPSec on their iOS device. Our configuration (like with all other VPN providers offering L2TP/IPSec) required that you use a public pre-shared key. This pre-shared key made an active MITM (Man in the middle attack) possible where the adversary impersonates our server and is then able to decrypt and eavesdrop on the connection. Even though the risk of this attack occurring is small, its bad security and we made it very clear on our website that L2TP/IPSec shouldn’t be used for anything other than bypassing geographic restrictions. For more info see is using L2TP/IPSec with a public pre-shared key secure?

The new IVPN iOS app uses IPSec with full certificate based authentication, eliminating the previous risks of a MITM attack. One of the advantages of using the native iOS VPN client and IPSec is ‘On demand’ VPN connections. As we have implemented it in our app, iOS will always establish a VPN connection before sending traffic to a particular domain (or all domains in our case). This ensures that the iOS app never leaks any data whilst you are connected to an IVPN server. Even when waking from sleep, the first packet of data will trigger the ‘On Demand’ rules to reestablish the VPN connection, queuing the packets until the connection is established.

One the most common complaints from mobile customers in the past was having to add/configure new servers as they were deployed on our network. The new app will always have the latest list of servers available on our network and will always connect to the least loaded server in a location. In addition when choosing a location to connect to, you can see which locations have the lowest latency from your current location, ensuring the best performance at all times from all locations.

We encourage all customers to install the app and test it out. Customers who don’t have an active IVPN account can signup for a free trial and even purchase a subscription using in-app purchase. All customers have access to all server locations from all clients regardless of where they signed up from. And if you have any feedback please send it! feedback@ivpn.net.

Apps Protocols
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

3 Comments

Question?

13.04.2017

Please say how you prevent IPv6 data leak on iOS? How you keep persistent connection and make sure no leak during delay switching between Wi-Fi and Cellular networks?

Anon

29.04.2017

Please answer iVPN?

Anonymous

01.05.2017

Unfortunately iVPN rarely update their blog or respond to comments. Open a support ticket.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Introducing split tunnelling to IVPN for Windows Releases

Introducing split tunnelling to IVPN for Windows

Posted on September 14, 2021 by Viktor Vecsei

Split tunnels enable you to remain connected to your VPN while simultaneously accessing specific apps and services directly, bypassing the VPN tunnel. With this solution you can protect your privacy and connect to services that restrict or block customers who use commercial VPNs.
Extending two-factor authentication to IVPN apps Releases

Extending two-factor authentication to IVPN apps

Posted on September 7, 2021 by Viktor Vecsei

Last year we added a two-factor authentication (2FA) option for web-based account logins. This week we are extending the time-based OTP (one-time password) support to IVPN apps. If you have 2FA enabled on your account you will need to use the previously set up authentication method when logging in to apps.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.