Feature request
Description
Goal: Allow IVPN “Trusted Networks” rules to apply to wired/Ethernet connections (not just Wi-Fi SSIDs), so the app can avoid autoconnecting on a known-safe home wired LAN while still autoconnecting on untrusted/public networks.
Today, Ethernet has no SSID, so “Trusted Wi-Fi networks” logic doesn’t cover my primary home connection. The result is that IVPN may autoconnect while on my home wired LAN, which I explicitly want to treat as “trusted”.
This request is about trust detection for wired networks (not a security vulnerability report).
Why this matters
I want:
- Auto-connect on untrusted networks (public Wi-Fi / unknown networks)
- No auto-connect on home wired LAN (trusted environment)
Steps / scenario (how to see the limitation)
- Configure IVPN to autoconnect (either on launch, or when joining untrusted networks).
- Connect the machine to the internet using wired/Ethernet on a home network.
- Observe that the app has no way to recognize this wired network as “Trusted” (no SSID), and therefore can still autoconnect when I’d prefer it not to.
Expected behavior
- I can mark a wired/Ethernet network as “Trusted” (or define rules that match a wired network).
- When on that trusted wired network, IVPN can be configured to:
- Do not autoconnect, and/or
- Disconnect on entry, depending on user preference
- (Optional) Allow firewall/kill-switch behavior to remain separately configurable.
Actual behavior
- “Trusted Networks” behavior appears to be Wi-Fi-centric (SSID-based), so it doesn’t reliably address wired/Ethernet connections.
- I cannot express “home wired LAN = trusted, do not autoconnect” using existing rules.
Describe the solution you'd like
Add a way to identify and trust a wired network, for example one (or more) of the following matching strategies:
- Default gateway fingerprint
- Gateway IP + gateway MAC (stable home router identifier)
- DHCP server identifier
- DHCP server IP / option identifiers
- DNS suffix / search domain
- Useful in managed/home setups that provide a consistent suffix
- Subnet + gateway combo
- e.g., 192.168.1.0/24 + gateway 192.168.1.1
- OS network profile
- e.g., Windows network profile/category or profile name (if stable/retrievable)
- UI improvement: show a “Current network fingerprint” and allow saving it as Trusted.
User-facing rule examples
- If network matches “Home Ethernet” → Do not autoconnect
- If network is unknown/untrusted → Autoconnect
Describe alternatives you've considered
- Disable autoconnect globally (works, but loses the “autoconnect on untrusted networks” behavior I want).
- Use trusted Wi-Fi SSID rules (works for Wi-Fi, but does not cover my primary wired connection).
Environment
- Device: Desktop
- OS: Windows 11
- IVPN app version: 3.15.0
- Connection type: Wired/Ethernet
- VPN protocol: WireGuard
- Autoconnect settings enabled: Allow background Daemon, Autoconnect on joining wifi without encryption
- IVPN Firewall / kill switch enabled: No
Feature request
Description
Goal: Allow IVPN “Trusted Networks” rules to apply to wired/Ethernet connections (not just Wi-Fi SSIDs), so the app can avoid autoconnecting on a known-safe home wired LAN while still autoconnecting on untrusted/public networks.
Today, Ethernet has no SSID, so “Trusted Wi-Fi networks” logic doesn’t cover my primary home connection. The result is that IVPN may autoconnect while on my home wired LAN, which I explicitly want to treat as “trusted”.
This request is about trust detection for wired networks (not a security vulnerability report).
Why this matters
I want:
Steps / scenario (how to see the limitation)
Expected behavior
Actual behavior
Describe the solution you'd like
Add a way to identify and trust a wired network, for example one (or more) of the following matching strategies:
User-facing rule examples
Describe alternatives you've considered
Environment