NordVPN provides an app for their customers that manages the VPN connection to their servers. The app comes with a kill switch feature that ensures that all network traffic goes through this connection. NordVPN claim on their website (emphasis by me):
The Mobile version of the Kill Switch, used in our Android and iOS apps (as well as the IKEv2 version of the Mac app), disables system-wide internet access if the VPN connection suddenly disconnects – that way it protects all apps, without terminating them. It will also try to reconnect you to the last server you were connected to.
How is this possible? I find it hard to believe that the iOS API allows access to such an important system-wide function to an app. Can anyone explain how NordVPN implemented this?
Best Answer
Kill switches on iOS only work with the IKEv2 protocol.
IKEv2 provides resilience to the VPN connection. When the VPN client moves from one wireless hotspot to other, it automatically disconnects all internet activities when a VPN connection is lost and re-establishes the connection upon successful connectivity.
Mobile users specifically can benefit from such a protocol. However, it is not supported on many platforms as it is fairly new to VPN services.
Apple has a very strict process for getting the entitlements to allow an app to control system wide network access. You need to contact them and answer all kinds of questions before you get the entitlements.