VirnetX patent loss forcing Apple to change its iOS VPN On Demand in forthcoming update


Apple lost a patent lawsuit in November related to virtual private networking (VPN) and its FaceTime video feature in a judgment that awarded patent holder VirnetX $368.2 million. The last we heard, Apple and VirnetX were ordered to work out a settlement that would see Apple paying a royalty for future use of the network-related patents. Now, with the mediation deadline coming up on April 12, Apple has informed customers through a knowledge base article that it will change “the behavior of VPN On Demand for iOS devices using iOS 6.1 and later” due to the lawsuit. The changes will kick in later this month and seem to be a move to avoid a royalty settlement:

Devices using iOS 6.1 and later with VPN On Demand configured to “Always” will behave as if they were configured with the “Establish if needed” option. The device will establish a VPN On Demand connection only if it is unable to resolve the DNS name of the host it is trying to reach. This change will be distributed in an update later this month.

The change will result in Apple’s previous “Always” on option for VPN on Demand behaving like the “Establish if needed” option. The changes mean that Apple will disable the iOS feature that allows corporate users to automatically make a VPN connection upon hitting a corporate address or site. A worried 9to5reader and corporate iOS user explained, “this effectively means that the iOS user will, like on a PC, have to start the VPN client before the run an app, or before they open mobile Safari to access an intranet site.”

While providing instructions on how to manually establish a VPN connection, Apple confirms that it will “address this functionality with alternatives in a future software update.” Apple continued its knowledge base article by informing users of other behavior changes they might experience:

Author Ad Placeholder
Will only appear on redesign env.

If the name of a host can be resolved without a VPN connection, you may see one of the following behaviors:

  • If the host is a web server that presents different content to internal and external users, the VPN On Demand connection will not be established and you will see the external content.
  • If the host is a web or mail server that has a name that can be resolved externally but cannot be contacted externally, the VPN On Demand connection will not be established and you will not be able to connect to the server.
  • If you are using a public DNS service that provides an alternative IP address for hosts that it cannot resolve, the VPN On Demand connection will not be established and you will not be able to connect to the server.
  • If you are using a VPN configuration that includes wildcard entries (such as *.com) that match top-level domains that are publicly accessible, the VPN On Demand connection will not be established when you contact hosts in those domains.

There is no word on the status of the court case or if Apple will seek another appeal before the April 12 mediation deadline. We’ll update this post as we learn more.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & He also co-authors 9to5Mac’s Logic Pros series.