Posting this simply to comment that I appreciate how difficult it is for IVPN to balance their service with the need to make a profit while not compromising their privacy policy and promise to its clients. It's easy to sell of course who knows what might happen to any business down the line. But for now I hope IVPN remains an independent company that holds true to its original mission.
I know it's not something that you guys would want to probably talk about but curious as to how frequently you get approached by other companies who might have interest in acquiring a stake in IVPN to get access to your clientele. Surely some interesting stories there.
Data is nice, but I guess there would need to be some kind of logging/monitoring to support that.
I.e. IVPN would likely have to look for when a blocklist hostname was pinged, how many times, when etc and then show that data to provide stats to you etc.
I guess you could argue that this could be done in some anonymised way, but I guess it opens that up for potential issues.
Hi! Our VPN service is focused on protecting privacy. Product decisions that help this goal are prioritised over working on streaming support. For this reason we don’t advertise or promise that IVPN works for accessing Netflix USA and other services (sometimes customers report success, though). You can access local streaming options that block VPN with split tunnelling on Android and Windows. More about this here:
A bug with the latest IVPN App for iOS release has been reported that causes the erroneous payment prompt to appear - your subscription is unaffected. Our dev team has submitted a fixed release to Apple for review, as soon as Apple has approved the fixed release, it will be available via the App store. Sorry.
>I wanted to ask does IVPN has RAM-only servers or not.
We do not.
>Moreover does IVPN has rented servers or all-owned servers.
All servers are rented. These are dedicated, bear-metal, non-VPS servers.
We build each server according to strict CIS benchmarks. This includes full disk encryption, FIFO logs writing to tempfs, strict change control procedures, etc. We reinstall the system from scratch when we take delivery of it. We use LUKS encryption such that it requires a password to be entered as part of the boot process as well.
>Also please list all the softwares and hardwares you use on your servers; please it's a personal request.
Thanks. Using Cloudflare for the flags is a clear oversight (ie. was not meant to be this way) and we will change it soon.
CDN is not a straightforward thing: our "no third party tools" is concerned about enhancing privacy for you, but it's target is not to be 100% self-reliant on all aspects. We need some partners to run the website and run the service and can't cut out all non-IVPN entities completely. Cloudfront helps customers load the website faster and it helps us in DDOS situations to stay accessible.
We consider them to be a lot less risky than third party Analytics, CRM, email software, ad trackers etc. as they have no incentive to track anything [besides what is required to offer and improve the service] and we have seen no evidence for such behavior. Having said all this, you can still argue that technically this violates a no third-party promise and we will consider this feedback. We will do some tests and research and decide on whether to change this practice.
You > DNS > VPN > ISP > IVPN SEVER > WEBSITE
The VPN serves two functions
1: Privacy between YOU and ISP (VPN)
2: Privacy between ISP AND WEBSITE (IVPN SERVER)
I’m extremely over simplifying it here but basically
1: You contact DNS and say “Hey I want ” dns says “great I know where that is, it’s 123.123.123.123” (This is all encrypted and and your isp can see you’re talking to a dns server but not the messages. Every internet user uses a dns server so we don’t care if the isp knows, it’s not personal.
2: You contact your VPN client and say “hey I want to go to 123.123.123.123”. The vpn client says “okay I’ll take this request and encrypt it and send it to my server.” (The isp sees that you sent a request to a vpn server but doesn’t know the details because it’s encrypted)
3: The vpn server gets your request and then goes to 123.123.123.123 () and says “hey I’m VPN and I’d like all your website data” the website then sends all the data to VPN
4: Now the vpn encrypts that data and then sends it right back to you. The ISP knows you sent a secret message to a DNS and a VPN and the website knows that a VPN service asked for a websites data that’s it
Now the reason we care about VPN leaks is because, if you ask your VPN for 123.123.123.123 they know who that is, if you ask a DNS for they also know who that is. The DNS is owned by the same company as the VPN so who cares if they both know.
Now if you had your computer set to another DNS say Googles DNS then you’d basically be asking Google “hey what’s the ip for ” they’d give you 123.123.123.123 and they would know where you’re trying to go. You’d then put that ip into your VPN which would hide it but now google now knows your intentions
I can see IVPN is user base is growing significantly. When I first subscribed on last Feb, 3 servers (Aus/SG/HK) I used were well below 40% most of the time.
Now sometimes 100%, Australia/Singapore.
Please add more servers in that regions.
Must’ve been on a real old desktop version, it been at least 2 years since the new redesign was implemented. I prefer it over the old UI although the old one was also fine. plus IVPN has since added a ton of new features…foremost WireGuard support and ad blocking you can now enjoy.
3 audits:
1. no-logs audit in 2019
2. public VPN service infrastructure audit in 2020
3. apps security audit in 2021
details in the corresponding blog posts: https://www.ivpn.net/blog/tags/audit/
full audit reports are linked in the posts so you can dig deeper.
please note that audits are just snapshots in time and they are constrained by their scope. while we believe they are important tools to increase trust and transparency you should not assume a no-logs audit done in 2019 proves completely that a provider does not keep logs. (well, we don't, anyways, but we can't and won't say "it's proven!").
re: systems privacy, if you refer to systems transparency, there is nothing to report yet. that project is conceived by another provider and in the prep phase (afaik), no systems were deployed yet. we are following the developments and intend to participate.
I have tested installing the IVPN App's daemon/CLI and UI packages using the AUR helper/Pacman wrapper yay
and everything was installed correctly. I tested enabling and disabling the IVPN App's firewall using the CLI and GUI. No errors were reported.
I am not certain how you installed the IVPN App, though this may be all that is required:
yay -S ivpn yay -S ivpn-ui
At the Packages to cleanBuild?
prompt, I chose All
.
If the issue persists, provide details of your environment, like whether you are building the packages manually or using a helper (and which helper), which kernel you are using.
If you prefer to avoid providing details in a public forum, send an email message to support at ivpn dot net with your Account safe reference ID.
Yes, this has been an issue for me as well. Compared to other VPNs I have used, it seems like IVPN gets blocked by the most sites. The most annoying thing is all of those CAPTCHAs when on IVPN. I'm tired of proving that I'm not a robot lol
I’ve to say this since his handle is brought up…
People looking for a VPN be very careful of any of ‘Tom Sparks’ recommendations, he panders to and often misdirects those new to VPNs with half-truths using persuasion. His tier-scores aren’t really based on what a privacy type individual would look for. in additional, he filters YouTube comments and the visible ones are suspect - and we know what VPN affiliate butters his bread because of the countless videos made of this particular provider. last, the funny part is how he goes out of his way to say why people should trust him and why he isn’t a shill…an honest person shouldn’t have to try so hard to convince others on how honest and unbiased they is, that goes without saying and up to the individual to decide. Thank God IVPN has nothing to do with this clown.
IVPN is fine, never any leaks. Do not go by Braxman's video. He spreads FUD to try and get you to switch over to his sub-par service.
​
His logic for using BytzVPN is that you should not use a VPN based outside of the USA because FBI and CIA cannot hack into servers of an USA company without a warrant, but they can hack into the servers of a non-American company.
​
Like FBI and CIA are the ONLY adversaries to a VPN user. Safely ignore what he says.
That said, he is a LOT better than 99% of the brainless YouTube shills like VPNpro, The Tech Roost, Tom Spark Reviews - these reviewers are only motivated by affiliate commissions and will recommend products they have an under-the-counter arrangement with. These "reviewers" know absolutely nothing technical and are just parroting VPN providers' half baked claims like propaganda (cough NordVPN, ExpressVPN, Surfshark cough)
​
Braxman actually does seem to know a lot more technical stuff - it's just that he too has his motivation of pushing his product.
I would recommend not going by these YouTubers at all, and testing for leaks yourself. Remember that IVPN is basically the gold standard privacy and security, you will most likely never encounter an issue with leaks. (At least I never have personally)
Hello u/tinylittleroar,
I agree with your assessment - we could do a lot more with this feature. Frankly, we have not focused on this as most of our resources are allocated to improving the core VPN service, which will be our main focus for the foreseeable future. As others mentioned in this thread there are specialised solutions for this problem that work well in tandem with IVPN through custom DNS.
It would only make sense for us to build a customisable AntiTracker if we can get something out that's as good or better than competing solutions, and right now we don't think that's an efficient use of our time. For us, this feature is a nice addon, and the current one-button / host list solution is a good tradeoff in terms of simplicity (both customer and dev point of view) and privacy gains it offers. Having said that, taking on a project like this is not off the table for next year.
What would you like to see improved in the AntiTracker? Anything else besides choosing a host list?
It's good that companies like IVPN donate their profits to these causes. In fact, a lot of pro privacy companies (VPN or otherwise) do. So, why is this?
In short, to influence. Money talks, and what do you think would happen if most of a projects funding is comprised of one company, or Government? It starts to shift focus, and go in that one company/Government desires. Whether that's a backdoor, some kind of payment model, or something else. By splitting funding, from quality pro privacy sources, and less... trustworthy ones, that project is less reliant on those big funders. It gives breathing room, and helps maintain their pro privacy models. Why do you think Tor is so respected? Its certainly not because of Governments, its respected because of companies like IVPN keeping its morals in check.
Highly "technical" solutions such as alternative email and VPN - have a very different audience than standard consumer-based products. Non-traditional marketing has a better chance of succeeding with those products than if I were attempting to market consumer goods. The market size is also self-limiting.
I came across Protonmail and iVPN (and also NextDNS) through hours of research to find what I felt were the most private and safest technologies. But then - I'm a privacy and digital minimalism advocate and spend waaay too much time and effort in those forays.
The VPN market itself is strewn with mis-directions and false statements. There are terrible products out there with marketing messages that are just plain lies. For some reason VPN products seem to be worse than most which I attribute to an eager but uneducated audience.
I very much admire IVPN's manifest and whole-heartedly agree with all that was said.
But if I'm running a company where I need to reach a mass of consumers I just don't know that it would be possible to survive without doing at least some of the marketing methods that are derided in your post.
This is a very unfortunate outcome of where we are at right now.
Generally, it takes 1-2 weeks for the cash payment to reach us, but sometimes this may take slightly more time, depending on the location the envelope was sent from & postal service.
As soon as our Billing department collects the payment, it is credited to an IVPN account.
If your account is not activated for longer than 4 weeks, you might as well consider it to be lost or stolen in transit.
Now you know they’ve been audited thoroughly and they passed all the tests require (which are extensive) in which only 2 other VPN companies in the entire market have passed.
Why do you think you’ve uncovered something these companies and experts haven’t? You just insulted IVPN, Privacytoolsio, and the auditing companies.
Maybe do more digging before you make a rage post?
I just checked your post history and I don’t know why you’re on a crusade to try and prove companies wrong but you act like you’ve “cracked the code” or discovered holes in all these different companies privacy claims but yet you always turn up with nothing.
You aren’t an expert bro. Just stop.
Hi. The AntiTracker makes use of specially configured internal DNS servers and will not work if you are not connected to the VPN.
It can be enabled on many other devices, including routers by applying the following DNS IP addresses:
Again, your router has to be connected to the IVPN server for AntiTracker to work.
The behaviour you have described is expected.
I have noted your request about preserving settings when logging out from the IVPN App. A future update may include the option to save settings or remember them for the next login.
A new version of the IVPN App for iOS (2.4.4) is available via the App Store to correct the connection issue:
Apologies for the inconvenience.
"They log which device you are on and probably what you are doing (they say their are no logging but that's not true then)."
That's quite a stretch. I understand if this implementation is annoying to you - understood and reasonable, we get that feedback. But why take that unnecessary leap and assume we log what you do?
It's not "logging your devices" ie. we don't keep track of what kind of devices you use. We just keep track of how many is logged in at a specific time and we discard that information once not used. That's the only thing we "monitor", let's say, instead of logging. The end result and possible threats are pretty similar to concurrent connection implementations. This is very different from your interpretation.
Again, there are specific reasons for this, concurrent connection monitoring is challenging and less reliable due to different aspects (client roaming on OpenVPN, no hooks on WireGuard to increment/decrement active connections). It might sound stupid to you, but it's the truth, and we won't come up with alternative explanations to give you a better answer.
If, based on our conduct, you trust us with implementing such a scheme in a way that respects your privacy then consider accepting these statements as truthful - if you don't, you should not use IVPN at all for protecting it.
Thanks for the feedback. There are specific reasons for this that are related to our WireGuard implementation, and not to our intention to annoy users or create extra benefit for IVPN. This is not a trivial change, so we can't switch away from the current solution quickly. We will consider it's an annoyance to customers whenever we work on projects related to this.
I did ping (using Termux in Android) to one of the url in the block list and I got "127.0.0.1".
IVPN app is working as expected.
My NextDNS config has a more "aggressive list" causing it to pass the EFF test.
I have tested installing the IVPN App's daemon/CLI and UI packages using the AUR helper/Pacman wrapper yay
and everything installed correctly.
This may be all that is required:
yay -S ivpn yay -S ivpn-ui
If the issue persists, provide details of your environment, like whether you are building the packages manually or using a helper (and which helper).
Over at GitHub the IVPN QA personnel opened an issue for this feature a couple months ago but still has not made a ETA release within ‘Projects’ yet. Backlog is my guess as to why. I'm still hoping for random ID accounts to come to legacy accounts sometime soon.
Was this issue ever fixed? Mod said 8 months ago a fix is on the way but I didn’t see anything referencing it in change logs.
We generally suggest learning from reviews that don't use affiliate links or at least offer two options i.e. with/sans affiliate tracking. In some cases we might even mention or recommend reviewers who adhere to this policy (see We want people to pick a trustworthy VPN that was independently reviewed, even if they decide against going with IVPN.
For providing test accounts and information, we don't discriminate - we cooperate with anyone who is doing a review on us and does not ask for an affiliate cut.
Can you elaborate on your last point? ExpressVPN had their Turkey server seized after the assassination of their Russian ambassador, and turned up no logs. Their servers run on RAM-only (yes, I know that’s not unique to Express), they’re regularly audited.
Their website does have trackers, sure. But I see that as separate from the VPN and their software itself.
Along the same vein, wonder if IVPN will implement Lightway once ExpressVPN open sources it. Right now it’s in preview mode, and when I use VoIP, and my connection from Wifi drops and switches to LTE, my call doesn’t drop at all, just gets a little fuzzy. Also, Lightway has only about 1,000 lines of code, and works in the user space , not kernel (based on wolfSSL) …….Anyways, it will be interesting to see which other VPNs are first to implement Lightway too when the source code is released.
Express may indeed be more compatible with steaming services but that’s not IVPN focus, and sorry you’ve to insane to trust ExpressVPN over IVPN with anything privacy related, the comparison is laughable.
It seems like a lot of what you’re complaining about is how expensive the service is. You get what you pay for. They wouldn’t charge this much in a competitive VPN market unless they knew they were worth it, and their expenses as a company demand it.
If $8-10 a month (annual or monthly) is too much for you, ask yourself how much you spend on going out to eat, video games, computer parts, gas, etc and then use that to put into perspective just how little that is every month. A WoW subscription is $15 a month and doesn’t offer anything other than entertainment. This offers you privacy without gimping your internet speeds.
I filled up my truck with gas the other day and it was $70. That’ll last me a few weeks. That’s almost a whole year on IVPN.
A lot of the other stuff in here is wrong too, as other people have pointed out. But it seems like the cost was a big sticking point for you so I wanted to address that too.
Drop us a message ([]()) with the details of your device, the version of the OS and IVPN app you have installed, including the screenshot of the error, and our tech support team will get back to you asap.
From an email bug report.
Our development team is aware of the issue with Siri and the DoT/DoT feature in the IVPN App for iOS. In the course of investigating, unexpected behaviour within iOS was discovered. A bug report has been filed with Apple:
We have no ETA for a fix, though we will let you know when an update is available. Please feel free to follow along on GitHub:
In the meantime, you may have to choose between using a custom DoH/DoT address or using Siri when the VPN is connected.
If you literally haven’t done enough research for yourself to find the audit report that’s available on the website then I know you’re really just here to troll.
You even tried to do the same thing to Mullvad on their subreddit. This is getting sad. I don’t know what you think you’ve found but you sound like a very paranoid nerd. If you don’t like your VPN options that have been audited, are open source, and vetted by privacytoolsio, just download Tails and use Tor.
By the way the irony of making a Reddit account and posting when you supposedly care about privacy this much is delicious.
Reddit has gathered more information about you from this post than IVPN ever will.
As far as I'm concerned, I don't think IVPN operates under cash-cutting schemes the way other vendors do and I urge you not to prioritize the price than the quality of the service vendors provide.
I think most of IVPN users use IVPN because they can trust them, me included, and I'm not saying this lightly or trying to woo you in. They made substantiable effort to win our trust and treat us, not as a gullible subjects to exploit money from, but as intellectual people capable of discerning good shit from bad shit. For instance:
They made sure not to require our emails and passwords for an account if we choose to preserve anonimity that way.
IVPN is open-source so we know "exactly" what their software is capable of and to what extent.
Most importantly, they don't back-logs traffic.
Because of all these measures other vendors did not dare to implement, I pay IVPN not out of price but out of trust. The price is the least of my concern for secure privacy.
Hi. This has nothing to do with the Split Tunneling. The VPN connection itself does not block the access to your local network devices. It has always been this way.
To restrict the local network traffic, you need to enable the IVPN Firewall. In case you are able to access your LAN devices with Firewall enabled, navigate to 'Settings/Preferences' area - 'IVPN Firewall' tab and check whether the 'Allow LAN traffic.. ' option is enabled or not.
ProtonVPN commented in that article today:
> Although Apple has not fixed the VPN bypass problem directly, they have provided the Kill Switch capability to developers of apps on iOS 14. By enabling Kill Switch, existing connections will be blocked whenever the VPN is enabled. We will be adding this capability in an upcoming release of ProtonVPN.
Hi,
There is upstream maintenance impacting the data centre in Brazil. There is currently no ETA for when our server will be available, though the IVPN App will add the server back to the server list when it is available.
Meanwhile, consider connecting to an IVPN server in a different location, please.
Thank you in advance for your patience and understanding.
Sick! I see it now. I use them on my pfsense box, they are closer to line speed. I use iOS/Mac/pfsense. On west coast USA they are the fastest I’ve tested. I’ll probably switch from IVPN, to be honest. They are cheaper and the one good thing is that they are on fewer blacklists for vpns. I’ll test the crap out of their kill switch first though.
From my experience IVPN usually offers a good discount from Black Friday - Cyber Monday (4 days), if you can hold off and stick to what you’ve now I’d do that until then. I think going forward considering how much work they’ve invested toward absolute transparency and making additional security investments offering additional discounts no longer makes business sense, I can’t blame their for that because they’ve put in a lot of work towards offering a quality product.
Hello, I am really happy with IVPN. You guys rock.
I would like to see these improvements coming to IVPN apps (order of importance): - More Wireguard servers (like FRANCE) - Possibility to install the IVPN application on an unlimited number of devices (while keeping the number of simultaneous connections limited) - IPv6 support - Split Tunnelling (WireGuard) - Linux Application
Cheers
I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:
^(If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads.) ^([Info](/r/TotesMessenger) ^/ ^[Contact](/message/compose?to=/r/TotesMessenger))
Same thing going on here on MacOS. Oddly I submitted a ticket which suggested the same things. I don't seem to have a problem with iOS or Windows, just MacOS. I don't have these same issues with other VPN services (I have a ProtonVPN sub and was trying out Mullvad) which have been rock solid on Mac.
The response to the ticket I submitted made it appear that the customer service person didnt actually read the body of the ticket and just the subject. I gave specific details about my *Mac* setup and was greeted with instructions for Windows.
I uninstalled/reinstalled and no matter what US server I choose it disconnects a lot. Doesn't matter what protocol or port.
Hi! Nice resource list.
We have limited on-the-ground information about our the status of our service in Iran.
We got reports that the service is working with pre-shared config files, but not through the app (IVPN API is blocked), and only a couple of servers were accessible via WireGuard. I'm not going to share more details to avoid compromising the remaining available methods to connect, if any.
Stop being Dr Gloom. Neither IVPN nor any other VPN vendor could make a living providing VPNs if they were as much trouble as you make them out to be. I have never had an e-commerce issue traceable to using a VPN.
VPNs are a pretty trouble-free experience. I've used IVPN on all my devices for several years now, and another service for a decade before that. Any issues they cause are not in any way "normal" and are an aberration.
Yes, that's exactly what I'm saying. I have IVPN on, all the time, on all my devices, and it is a rare time that I have to turn it off. Certainly not for any mainstream site.
VPNs are standard issue for millions of users around the world. I think you're just trying to stir the pot, which is not helpful for others who may read this and think that VPNs are unreliable. They're not. They are, for everyday use, set-it-and-forget-it.
This is a hard-to-solve problem. There are ways to address it as a provider, but they are time/resource consuming and never long-term solutions, it's essentially a cat and mouse game.
What would be helpful for us, if you or anyone reading this thread, could report the list of websites that are blocked when using IVPN (email support at ). If we get more reports like that, we can assess the severity of the issue, and verify blocks better.
Charter has been my ISP for two decades. I've been using IVPN for 6 months and I have never had an issue. Try using a different DNS or switch to/from OpenVPN and Ghostwire protocols, tinker with different servers. Just gotta troubleshoot.
Threat got deleted, but I'll chime in anyways - having a commercial VPN on is different from doing a VPN connection into a corporate network. So in fact, the employer can't monitor or see your traffic with an IVPN connection specifically, as they would be able to in the second case. There is no option or functionality built into our systems for this, and it would go against many of our policies. The only entity who could monitor the traffic connected to our servers, theoretically, is us, but we do not log and monitor any traffic. Doing the above for anyone outside the IVPN staff that has access to our infrastructure would be impossible.
If your employer is paying for IVPN for Teams, the admin can see and do the following, related to your account:
- your email address, after you shared it (needed for the invitation)
- whether you have accepted an invitation to sign up or not for that email address
- remove you as a team member
That's all.
If you have uninstalled the IVPN app without logging out first the device slot will remain occupied. Reinstalling the app multiple times while still being logged in will quickly lead to exceeding the device limit.
If you receive an error about the device limit being reached, that means that all device slots available for your IVPN account are occupied. In this case, you will have to either log out from the IVPN app on one of the devices or use an option to "Log out from all devices" to reset the device counter to zero. This option appears when you attempt to log into the IVPN app while all device slots are already occupied.
You can also run the following terminal/CLI command to force log out from all devices on your desktop devices:
`ivpn login -force`
I am not trying to be rude but you have written IPVN twice, are you meaning to do that? I am asking because if you went to a site paying for IPVN instead of IVPN its a possibility you could have been taken to a typoquatting website and been unknowingly scammed.
Now that iOS/iPadOS 16.1 has been out for a while, will you be releasing an update to the IVPN app? 2.7.0 was supposed to allow us the option to connect to a specific host in a city/country, but it got pulled.
Using a reverse proxy might offer a solution (). The question for you to solve: how do your services (torrent client, media server) know which traffic is for them?
A different solution is for the two services to run on different computer systems. Connect the torrent server to one VPN server and connect the media server to a different VPN server. The assigned port for forwarding is reserved for you on all IVPN servers. This way, there is no conflict or need to share one port for two different services.
If you only have one computer system, using docker containers or virtual machines with their own VPN connections might offer a solution.
The “split VPN” solution works, but it requires me to trust another app, including that it does not fail, and, if I don’t use 198.245.51.147, another provider.
Furthermore, but this is not IVPN’s fault, if I see the “VPN” indicator on in iOS, I don’t know if one of the two is not activated.
I ask IVPN, if feasible, to implement three IKEv2 profiles for each server in their app. One for each of their three resolvers from
I think the dev also means the AntiTracker feature doesn’t work with IKEv2 as well. I know this isn’t what you asked about but one could basically get a custom DNS feature with a filtering app like NextDNS or AdGuard Pro along with the IVPN app IKEv2 protocol. this is the method I use to use with iOS before AntiTracker was implemented, not exactly sure about Mac but would imagine much the same.
For anyone with the same issue or curious, I received a quick answer back from support:
Hi,
Thank you for providing the account detail and screenshots.
There is likely a heavy network restriction between your device and our authentication servers.
One option to bypass the restriction might be to switch to a different network, like different WiFi or a mobile/cellular hotspot, then try logging into the app.
If another network is not available, creating a manual VPN connection is another option. There are setup guides at the bottom of the IVPN App's download page:
Create the manual connection, log in to the IVPN App, then disconnect the manual VPN and use the IVPN App to manage the VPN.
I hope this helps.
Regards
So pretty much what hes saying is that my ISP or someone along the way (upstream providers?) is blocking my connection to which blows my mind. His suggestion was to create a VPN connection (i used openvpn instructions) to first connect with, and while connected, connect using the client.
This worked. I would love to know who the FUCK is blocking my connections to ivpn though. If these assholes are scared enough of ivpn to do such a thing, then Im glad Im using ivpn.
Hi, I understand you work for IVPN? :) I have a question regarding price. Mullvad is 5€ a month, and IVPN is 10€ for almost the same features. I don't understand why IVPN is twice as expensive. The only reason I'm considering switching from Mullvad is the "trusted wifi" feature, but it's not worth double the price. Are there other features of IVPN compared to Mullvad that makes IVPN pro worthwhile? I only have three devices, so the 7 devices vs 5 is not a selling point for me :)
Mullvad is 5€ a month, while IVPN is 10€ for almost the same features. I don't understand why, theyre twice as expensive. The only reason I'm considering switching from Mullvad is the "trusted wifi" feeature, but it's not worth double the price.
Is there something in IVPN Pro which I fail to see the worth of, compared to Mullvad?
>Then I realized that the IP address for connecting to IVPN (Endpoint), is not the same as the apparent IP address seen by the final destination.
The inbound IP address of the server will always be different than the assigned public IP address.
>Does IVPN publish the "exit" IP address of each server?
We do not.
>Do those IP addresses change often?
The public IP address of the server can be rotated from time to time, when we deem so necessary - there is no set schedule for that. Sometimes, we might rotate the IP after receiving a lot of reports from customers about the IP being blocked by a certain website or an online service. This, however, is not something that happens often, as we do not have an unlimited supply of spare IP addresses.
>Or is there a domain name used instead?
Every IVPN server has a hostname. They are associated with the servers' inbound IPs. Our native apps connect to the servers using their inbound IPs directly to prevent some networks from restricting the connection to the server by blocking access to our domain (*).
The list of the hostnames can be viewed on our Server Status page -
You can connect using hostnames via any other VPN clients as well as resolve them (e.g. `nslookup `) to figure out the servers' inbound IP.
Do mobile operating systems allow for a tunneling app to hard-block IP addresses?
That would be cool – users having the ability to input specific IP addresses/ranges into a “Denylist” section in the IVPN app – because we could neuter bad apps that bypass DNS resolution when they phone home.
Doubt it’s allowed, but one can dream…
An update on this - I posted 'coming this week to iOS. That release is delayed due to this issue: _app_update_related_bug_on_ios_16/
We will wait for 16.1 to be out with a fix before releasing a new iOS IVPN version, to avoid any potential issues for users.
+1 from me. I would love for 1Hosts Pro to be added. While OISD is a popular blocklist it is not very strict at all, with a heavy focus on not breaking anything so that it is an easy “set and forget”. I use 1Hosts Pro and have found it very good, blocking up to about 4 times as much as OISD with minimal false positives (I have also tried energized, lightswitch, notracking etc but personally found 1Hosts Pro to be the best). For some it is probably too strict so it definitely makes sense to add it as an additional option rather than replacing OISD (assuming that is technically possible?).
I recently tried out IVPN through a trial (thanks u/viktorivpn) and coincidentally was just about to feedback that I thought a lack of 1Hosts Pro was the only downside to the otherwise great product. It is good IVPN includes the option for a custom dns like nextdns, but then you have to trust those guys too so I think there is a definite advantage if a more strict blocklist can be directly included within IVPN. I can only speak for myself, but as someone who has been shopping for a new VPN provider this addition would give IVPN a clear advantage when compared to other premium VPNs
Would be nice. While I do think OISD-full is the best compromise (blocks as much as possible without breaking anything), it would be cool if we had an option for 1Hosts Pro.
Not sure how IVPN configures their DNS servers, but I reckon the simplest implementation would be an ‘either/or’ option, meaning either OISD or 1Hosts Pro, since the latter already blocks everything the former blocks (OISD is larger mainly due to its extensive whitelisting). They could put a warning below the 1Hosts Pro toggle since it can cause some apps to crash* or prevent certain OS updates** from coming through.
*most likely due to google firebase related stuff being blocked
**on my NextDNS config that includes 1Hosts Pro, I need to add two Apple domains to my Allowlist in order to allow App Store and iOS/iPadOS updates.
Same issue here. OpenVPN with IVPN is crap. I never have any issues with my Mullvad OpenVPN configs, but IVPN account keeps disconnecting after a couple of hours. I have had this issue for years and never found a solution (even tried optimizing the MTU). Now I just use my IVPN connections for casual browsing and don't plan on renewing it once it expires.
thank you for your reply and explanation.
to answer your question, I'd say number 2 with a note:
this is my situation, my ISP change routes everyday, idk why but I can't change them that's the sad part. I connect manually to IVPN 3-5 times a day, I connected to 1 country %99 of all time of my usage to this service. sometimes LeaseWeb is better, sometimes Datacamp is better (same country), so I go to and test, if it is good I stay with it, if not I disconnect then reconnect, and here is the reason why I suggested this, sometimes I get stuck on one provider, and it keeps giving it to me over and over for a long time and Im just disconnecting then reconnecting, so when I saw this feature in Mullvad I was like oh man that's a really good QoL feature. just a suggestion and nothing more, and I totally %100 understand if it wont happen for any reason, I like your service anyway.
The same as I am using Tailscale for, and the same a (mesh) VPN would be for: create an overlay network between my devices and access them directly, bypassing NAT and so on.
Tailscale is nice but has sometimes issues with other VPNs. It would be cool to have all under the same product, but trustworthy like IVPN is. Contrary to NordVPN.
ah lucky you! With mine it really depends on the day, sometimes I can't even watch a video.
Well it has happened to me that I restarted my phone and when opening IVPN it decided to refresh the keys, but couldn't do it because it couldn't connect to the server. And I couldn't turn on the VPN because the keys had expired, so I was stuck.
Well my connection is super fast using IVPN, with a China Telecom 500 mbps Here's a speedtest I did. However I do see that without a VPN on the keys can't be regenerated. If I turn on IVPN and do it it does refresh them properly so maybe that wouldn't matter?
IVPN doesn't work well in China unfortunately, besides the login issue, sometimes it cannot refresh the wireguard keys without using another vpn as you did. Also it is super slow if your ISP is China Telecom.
OpenVPN config files remain unchanged for a long while, until there is a critical update to the OpenVPN itself which would require adjustments to be made for both servers and client configuration.
The generated WireGuard config files remain unchanged for as long as the uploaded public key/s or the IVPN account itself are not deleted.
Hi. As a workaround, you can connect to any of our servers using native OpenVPN or WireGuard clients. Once the connection is established, you can open the IVPN app and log in with your account id.
Our manual setup guides are available at the bottom of our Apps page -
Ok since OpenVPN doesn't work at all in China without some kind of proxy like Shadowsocks, which is what Mullvad does, so I will download a Wireguard configuration file and keep that on a USB somewhere maybe. Do the configurations often have to be updated or do your server configuration stay unchanged for a long time?
I second this. It's not IVPN's responsibility to save the world so to speak. At the end of the day, IVPN is a business. Nevertheless, they are in the business of protecting those users who pay for such protection.
As far as censorship in war-torn countries, That's exactly what TOR was created for. And if TOR blocked one can utilize bridges: "When the Tor network is blocked, users can get a bridge to circumvent censorship."
Asking to get something for free because you cant afford is always a bold demand. TOR is free and should suffice for evading censorship. Maybe the IVPN team will honor your request but you shouldnt take it for granted given how many wars there are and how difficult it is to verify the legitimacy of such requests.
I've had mixed results. Large banks, Paypal, Etsy, etc., in fact any large site, is seldom a problem. It's usually the small website with probably little technical knowhow that causes a problem, and that's a one-off situation.
Which IVPN server you use can also be an issue. I normally use NY or NJ and almost never have a problem with either. The Northern Virginia (I assume that's Amazon's facility) server has all sorts of problems, and I avoid it like the plague.
In general it's trouble-free for me. On an iPhone 13 Pro you can't see the "VPN" ID at the top of the screen and I'm sometimes surprised to see I've gone days with IVPN turned on with no problem. When I remember I'll turn it off and on again, just to have a fresh session, but I don't know if that's really necessary.
Yes, the `includeAllNetworks` API was introduced in iOS 14 as a "fix" for the VPN bypass issue. So instead of actually fixing the VPN bypass, Apple introduced this option for VPN apps.
In the IVPN iOS app, when the user enables the Kill Switch that sets "includeAllNetworks: true". We implemented the feature only after iOS 15.1 was released, as this was the first version in which `includeAllNetworks` worked properly with WireGuard protocol.
Your screenshot looks to be from 5/10/13.
10 days later, however, the May 20th 2013 Snowden firestorm happened. At this point, I think everyone's position on and definition of anonymity changed drastically.
I think we can all agree that between 2009 when IVPN was born and now, many company processes have matured significantly. I mean, did you notice that subtle comment they made on their website at the time, advising their users that if privacy laws change in Malta, they will move? Well, they moved, and are now in Gibraltar.
😎
With all due respect, upon reviewing your explanation and exhibition of your understanding of port forwarding, it most certainly appears that you have not thoroughly reviewed IVPN's explanation of port-forwarding on their website.
If you could so kindly navigate to IVPN's help center here:
Additionally, they also explain the benefits, risks, and reasons should users still decide to utilize this feature:
I am confident that IVPN appreciates your concerns about security, and as a fellow user, I, too, encourage it. Nevertheless, kindly navigate to and thoroughly read everything (yes, I mean everything) on their website before coming to such a conclusion.
IVPN takes user security VERY seriously, and thankfully, they already have done just what you've asked.
namaste.
😎
I moved to IVPN because of two things:
I understand the reasoning (a WiFi SSID is trivial to fake) but my threat model does not include someone faking my own home SSID (home router has VPN connected to IVPN, hence no need for device to run their own VPN on top of it).
I'm a marketing expert (or rather, used to be). Marketing experts are not a good fit for a company and service like ours, as they will tell you how to approach the mass market and figure out what uniform solutions should be pursued to capture a larger market share. IVPN is built differently and we view the question of "saleability" with a different lens, but I digress.
The above does not mean we don't want your business, or don't care about this issue. I personally don't think the device limit scheme is ideal, or better UX for customers compared to concurrent connections, but I know all internal reasons for this and seems justified. I cannot comment on SurfShark specifically (perhaps being owned by another top VPN brand has something to do with their laissez faire attitude), but if you dig a bit deeper you will find some other providers limit WireGuard session key generations and started talking about "x devices allowed" instead of concurrent connections. There is a reason for this, and it's not because they want their customers to suffer.
Further, regarding abuse you need to consider that most other providers ask for email and you need to use and password for logging in. IVPN has just an ID, and you can also easily generate config files that you can share. You can contrast the abuse mitigation available in the two scenarios for account share. We have seen/experienced IDs and config files shares in group chats that included tens of thousands of parties. Large scale abuse like that would make our operations unsustainable.
I appreciate your feedback and we will take it into consideration, along with similar reports, when we review these matters.
>If you want to log into your vpn on your phone but forgot to totally log out of your IVPN on your other devices at home you won't be able to use IVPN, regardless if your other devices are currently connected to the VPN network or not.
Just to clarify, this is not correct. If you max out your device limit, you can choose to force a log out on all them, log in on your phone, and connect to the service. This is less than ideal, and we have plans to offer more choices for device management - the challenge comes from keeping all privacy safeguards when doing them.
On a different note, the issue you described u/DisappearDinosaur is indeed annoying. The only way to currently manage devices is to max out allowed logins and (optionally) choose logging out all devices. This is less than ideal, and we have plans to offer more choices for device management - the challenge comes from keeping all privacy safeguards. OP's OPSEC concern would be valid in a scenario where you see (potentially sensitive) information on all logged in devices if you know someone's IVPN ID, naturally we want to avoid that.
no. you are missing the point.
​
the discussion is about the account being logged in simultaniously vs being connected simultaniously.
ivpn is i think the only vpn provider that works with a LOGGED IN limit. If you want to log into your vpn on your phone but forgot to totally log out of your IVPN on your other devices at home you won't be able to use IVPN, regardless if your other devices are currently connected to the VPN network or not.
​
So in your example, all 1000 indian scammers won't be able to be on the network *at the same time* if they share an account.
The IVPN God has spoken! greetings viktor! 😎 My apologies, as I did not intend for my advice to come off as a work around. From what I understand, I believe most VPN providers approve of such router settings because they don't necessarily remove the device limit on a global scale. Would I be correct in explaining it this way?
Nice to hear from you again! 🤝
> My question is what technology does it use ?
There are internal network interfaces dedicated to proxy connections on each VPN server to accept incoming proxy requests from locally connected clients or via the WireGuard mesh network mentioned in the blog post.
> how is it possible that IVPN manages to know which traffic comes from which tab ?
We do not know. The Firefox Multi-account Containers add-on handles it. Your web browser knows which websites you visit. When the Multi-account Containers add-on detects a configured URL, it activates the proxy connection for a tab. Check the 34-second video in the blog post for an example.
We don't consider the situation any different from IVPN's threat model perspective compared to servers in other countries. Our infrastructure, setups and policies ensure there is no data to inspect in case of a seizure, and data centers have no virtual access to our servers.
The main change we need to monitor is the legal requirement to start logging activity of our customers inside of a country. We never had an end point in India, but some providers had to shut down their servers there because of this requirement changing recently. There is no such thing happening in Ukraine and I would not expect it.
In terms of 5/14 eyes - most capabilities and operations are obfuscated, thus hard to assess. IVPN is designed to protect against mass surveillance, and not targeted attacks or highly skilled adversaries. Having said that, one possible threat against VPN users is timing attacks upstream, this is where using Multi-hop can help. I suggest reading this answer (specifically the last paragraph) from Nick for more insights on all this: _source=reddit&utm_medium=web2x&context=3
That's all I can add as relevant information - we don't have any data or opinion on the level of surveillance and restrictions on a broader level.
That worked! I turned off the Firewall on iVPN MacOS and Kill Switch on iVPN iOS. Thank you so much. I'm wondering if this applies to Mullvad, too, but then again iCloud sync doesn't work at all and this issue is known to them (reported multiple times) for some time already.
No problem, thank you for the clarification.
I understand the feedback on data controls. Implementing changes based on CR suggestions simply has not been prioritised because we don't feel the actual shortcomings are that important vs. the necessary effort to research and implement documentation and policy changes. We are aware of CCPA and ready to honour all requests as per the guidance in the law. In fact, we are happy to provide all data to anyone we hold on them, not just in GDPR jurisdictions - because we have none or very little. You can also delete your account and all associated information manually in a couple of seconds. I think the observations relating to data controls are cosmetic issues and documentation improvements, but the actual intended outcomes are very well covered and facilitated by IVPN. For us, that's enough right now. I will make a note to add further clarifications on this when we do a policy overhaul.
As for other points:
"we’d like to see it describe in more detail the systems in place to monitor employee access to user data."
- We have internal guidelines for this, but no plans to make them public.
"In any case, is IVPN willing to let customers see PDFs of the legal requests? Or, at least, redacted legal requests"
- I think this is a good idea, it has been mentioned before, but it carries risks we might not want to take in order to protect the users/service (not from information disclosure, but undesired spotlight). Filed for future consideration.
Did you guys see the white paper Consumer Reports finished regarding the best VPNs? They had you guys in the top 3 with Mullvad, and Firefox VPN (they also use Mullvad's servers).
I believe they tried to reach out to someone at IVPN, but nobody got back to CR.g
Will you guys be adding faster servers?
Lastly, although you finished with the top spot, one thing you guys didn't respond to was the fact that U.S. customers don't have an option to request any and all data potentially collected (even if there isn't my).
Did you guys see the white paper Consumer Reports finished regarding the best VPNs? They had you guys in the top 3 with Mullvad, and Firefox VPN (they also use Mullvad's servers).
I believe they tried to reach out to someone at IVPN, but nobody got back to CR.g
Lastly, although you finished with the top spot, one thing you guys didn't respond on was the fact that for the qh I'm le so
The most important difference is how many devices you can install IVPN on - 2 and 7, respectively for Standard and Pro. If have more than 2 in your household you will need Pro. If you just want to run IVPN on a laptop and a mobile phone, for example, you are OK with Standard.
Besides, Port forwarding and Multi-hop are the two distinctive features of the Pro account.
Port forwarding is used to to allow incoming connections on particular ports essential for operating servers, or for participating in networks where your node must be visible to other nodes. For your use case, most likely not necessary.
Multi-hop routes your traffic through two VPN servers instead of one, ideally in different jurisdictions, which can have additional privacy benefits. The tradeoff is a slower connection as a result. The need for Multi-hop depends on your threat model, but for the use case you described, Multi-hop is most likely also not necessary.
In short, if you don't need these two features, or you don't know if you need them, you are most likely OK with a Standard account.
IVPN has 3-5 IP addresses on each server, so it is unlikely that they change IP addresses frequently.
Streaming services such as Netflix and Hulu may obtain IP addresses used by VPN services from IP address information collectors or other sources, or determine IP addresses used simultaneously by users with different language settings as VPNs.
Based on the above, the VPN servers provided by IVPN and the VPN blocking of streaming services are very incompatible, and most servers would not be able to browse streaming services.
Greetings,
IVPN and Proton are neck in neck I know i have both the thing I like about IVPN you can pick your port when you do a openVPN manually which I like ..but other then that they are both good :)
Greetings,
IVPN and Proton are neck in neck I know i have both the thing I like about IVPN you can pick your port when you do a openVPN manually which I like ..but other then that they are both good :)
Greetings,
IVPN and Proton are neck in neck I know i have both the thing I like about IVPN you can pick your port when you do a openVPN manually which I like ..but other then that they are both good :)
Greetings,
IVPN and Proton are neck in neck I know i have both the thing I like about IVPN you can pick your port when you do a openVPN manually which I like ..but other then that they are both good :)
Short answer is yes, at least on my device (Android 12).
Android's Private DNS feature will hijack all DNS queries, so if you're connected to IVPN the DNS queries will go to whatever provider you've set in Android's Private DNS setting.
Your queries will still come from within the VPN tunnel though. I checked this by setting NextDNS as Android's Private DNS and connecting to IVPN after that. The NextDNS logs would show the queries originating from the IVPN's server address.
I think the same will happen even with Anti-Tracker enabled. Android's Private DNS setting seems to take precedence over everything. If you want to use IVPN's own servers you'll have to disable Android's Private DNS before connecting.
There's a possibility I'm wrong here (I'm not very experienced with Android), so it'd be good if another poster would back me up on this, or tell me off if I'm wrong.