Towards the end of 2015, Cisco reported that iOS 9 caused DNS leaks for its AnyConnect VPN service, and warned that the issue could affect other VPN clients as well. While the issue has since been fixed – and iOS tends to be more leak proof than, say, Windows – it’s still worth being informed about what problems could affect your iPhone VPN.
iPhone DNS Leaks
When you’re not using a VPN, your Internet Service Provider (ISP) is the one who resolves your Domain Name System (DNS) requests. Think of the DNS as the phonebook of the Internet. It’s through these DNS requests that your device can communicate with the websites and services you access on a daily basis.
Your VPN may route DNS requests through their own servers so your ISP doesn’t know what websites you access. And it’s no surprise, given that major telecom companies have been investigated by the FTC for selling customer location and browsing data.
A DNS leak occurs when these requests aren’t properly routed through your VPN, for whatever reason. This is usually attributed to an improper configuration of OpenVPN for iOS. There have been reports of this happening on third-party clients using OpenVPN as well – which thankfully get fixed in a timely manner.
The only real solution against DNS leaks on iOS is to pick a provider that offers DNS leak protection.
iPhone IPv6 Leaks
IPv4 addresses have run out as of 2019, so a solution was needed to make new ones for the ever-growing number of Internet-capable devices. As such, IPv6 was slated to become the new standard, allowing for longer and more varied combinations for IP addresses.
Yet its adoption has slowed down considerably in the past few years, leading to several problems – including IPv6 leaks in VPN clients that don’t support the standard. On other operating systems, the solution is as easy as disabling IPv6 from the network adapter.
Unfortunately, this is not possible on Apple’s mobile devices, so you must make sure your VPN offers IPv6 leak protection. For example, apps like OpenVPN Connect have an “IPv4-only tunnel” you can use to block out IPv6 traffic.
iPhone WebRTC Leaks
WebRTC is a browser feature that allows you to perform audio and video calls without the need for third-party apps. Unfortunately, it can also cause your VPN to leak your real IP address if the websites you visit perform things called STUN requests.
The article linked above mentions that this issue seems to be limited to Windows devices, but there have been reports of WebRTC happening on iOS 11 through Brave Browser, among others. This issue seems to have been fixed as of iOS 12, but it’s best you check your device for WebRTC leaks just in case.
Until iOS 12 came around, it used to be possible to disable WebRTC for Safari from the device settings. Apple has since removed this possibility, so make sure your VPN provider offers WebRTC leak protection.
Finally, use the tool mentioned in the beginning to check your device for VPN leaks once every week, at the very least. Software updates and incompatibilities can sometimes mess with the privacy offered by your VPN, and it’s better safe than sorry.