Skip to content

“Trusted Networks” support for wired/Ethernet connections to prevent autoconnect on home LAN #480

@ksmithRenweb

Description

@ksmithRenweb

Feature request

Description

Goal: Allow IVPN “Trusted Networks” rules to apply to wired/Ethernet connections (not just Wi-Fi SSIDs), so the app can avoid autoconnecting on a known-safe home wired LAN while still autoconnecting on untrusted/public networks.

Today, Ethernet has no SSID, so “Trusted Wi-Fi networks” logic doesn’t cover my primary home connection. The result is that IVPN may autoconnect while on my home wired LAN, which I explicitly want to treat as “trusted”.

This request is about trust detection for wired networks (not a security vulnerability report).

Why this matters

I want:

  • Auto-connect on untrusted networks (public Wi-Fi / unknown networks)
  • No auto-connect on home wired LAN (trusted environment)

Steps / scenario (how to see the limitation)

  1. Configure IVPN to autoconnect (either on launch, or when joining untrusted networks).
  2. Connect the machine to the internet using wired/Ethernet on a home network.
  3. Observe that the app has no way to recognize this wired network as “Trusted” (no SSID), and therefore can still autoconnect when I’d prefer it not to.

Expected behavior

  • I can mark a wired/Ethernet network as “Trusted” (or define rules that match a wired network).
  • When on that trusted wired network, IVPN can be configured to:
    • Do not autoconnect, and/or
    • Disconnect on entry, depending on user preference
  • (Optional) Allow firewall/kill-switch behavior to remain separately configurable.

Actual behavior

  • “Trusted Networks” behavior appears to be Wi-Fi-centric (SSID-based), so it doesn’t reliably address wired/Ethernet connections.
  • I cannot express “home wired LAN = trusted, do not autoconnect” using existing rules.

Describe the solution you'd like

Add a way to identify and trust a wired network, for example one (or more) of the following matching strategies:

  • Default gateway fingerprint
    • Gateway IP + gateway MAC (stable home router identifier)
  • DHCP server identifier
    • DHCP server IP / option identifiers
  • DNS suffix / search domain
    • Useful in managed/home setups that provide a consistent suffix
  • Subnet + gateway combo
    • e.g., 192.168.1.0/24 + gateway 192.168.1.1
  • OS network profile
    • e.g., Windows network profile/category or profile name (if stable/retrievable)
  • UI improvement: show a “Current network fingerprint” and allow saving it as Trusted.

User-facing rule examples

  • If network matches “Home Ethernet” → Do not autoconnect
  • If network is unknown/untrusted → Autoconnect

Describe alternatives you've considered

  • Disable autoconnect globally (works, but loses the “autoconnect on untrusted networks” behavior I want).
  • Use trusted Wi-Fi SSID rules (works for Wi-Fi, but does not cover my primary wired connection).

Environment

  • Device: Desktop
  • OS: Windows 11
  • IVPN app version: 3.15.0
  • Connection type: Wired/Ethernet
  • VPN protocol: WireGuard
  • Autoconnect settings enabled: Allow background Daemon, Autoconnect on joining wifi without encryption
  • IVPN Firewall / kill switch enabled: No

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions