After patent dispute loss Apple changes iOS 6.1 VPN feature
After losing a patent dispute, Apple has modified the VPN behaviour of iOS 6.1. In a support document published last week, the company announced that the "VPN On Demand" feature will no longer initiate a secure connection by default, even if it is set to "Always". Instead, the iOS VPN will behave as if it were set to "Establish when needed".
In practice, this will mean that a VPN connection will only be initiated if the system is unable to resolve the DNS name of a requested host. This could potentially make using a VPN difficult: for example, a web server that renders different content for internal and external users will likely render the content for external users without activating the VPN. Administrators can avoid this behaviour by preventing the DNS names of internal servers from being resolved externally, but this might not always work. The only other alternative is to remind users to keep enabling the VPN manually without relying on the "On Demand" feature.
The change is due to be implemented with the release of an update before the end of the month; it was triggered by a patent dispute with patent holding firm VirnetX. Apple lost this dispute in November, and a $386 million fine was confirmed in February. The deadline to reach a licence agreement will expire on 12 April. Apple's support document explicitly mentions the VirnetX lawsuit.