VPN-on-Demand-VirnetX

Apple lost a patent lawsuit in November related to virtual private networking (VPN) and its FaceTime video feature in a judgment that awarded patent holder VirnetX $368.2 million. The last we heard, Apple and VirnetX were ordered to work out a settlement that would see Apple paying a royalty for future use of the network-related patents. Now, with the mediation deadline coming up on April 12, Apple has informed customers through a knowledge base article that it will change “the behavior of VPN On Demand for iOS devices using iOS 6.1 and later” due to the lawsuit. The changes will kick in later this month and seem to be a move to avoid a royalty settlement:

Devices using iOS 6.1 and later with VPN On Demand configured to “Always” will behave as if they were configured with the “Establish if needed” option. The device will establish a VPN On Demand connection only if it is unable to resolve the DNS name of the host it is trying to reach. This change will be distributed in an update later this month.

The change will result in Apple’s previous “Always” on option for VPN on Demand behaving like the “Establish if needed” option. The changes mean that Apple will disable the iOS feature that allows corporate users to automatically make a VPN connection upon hitting a corporate address or site. A worried 9to5reader and corporate iOS user explained, “this effectively means that the iOS user will, like on a PC, have to start the VPN client before the run an app, or before they open mobile Safari to access an intranet site.”

While providing instructions on how to manually establish a VPN connection, Apple confirms that it will “address this functionality with alternatives in a future software update.” Apple continued its knowledge base article by informing users of other behavior changes they might experience:

If the name of a host can be resolved without a VPN connection, you may see one of the following behaviors:

  • If the host is a web server that presents different content to internal and external users, the VPN On Demand connection will not be established and you will see the external content.
  • If the host is a web or mail server that has a name that can be resolved externally but cannot be contacted externally, the VPN On Demand connection will not be established and you will not be able to connect to the server.
  • If you are using a public DNS service that provides an alternative IP address for hosts that it cannot resolve, the VPN On Demand connection will not be established and you will not be able to connect to the server.
  • If you are using a VPN configuration that includes wildcard entries (such as *.com) that match top-level domains that are publicly accessible, the VPN On Demand connection will not be established when you contact hosts in those domains.

There is no word on the status of the court case or if Apple will seek another appeal before the April 12 mediation deadline. We’ll update this post as we learn more.