Configuring iVPN/Mullvad for private and secured web browsing

Questions
1

Any iVPN and Mullvad users here on PG? It’s too bad there isn’t a guide on how to best configure these two PG-recommended VPNs. I am currently trying out both VPNs. I’ll probably continue testing both for the next month or two before deciding which service to go with.

The use case here will be on phones and tablets. I use both iOS and Android. I suspect most of us use our phones for web browsing, messaging, voice, and video calls. For messaging, I mainly use Signal and FaceTime (unavoidable due to the number of iPhone users in the US). I have a VPN on at all times and I want the settings to ensure the best possible performance, privacy, and security. I know it’s a balance that we all strive to achieve.

The good news is that both iVPN and Mullvad have multihop. The thing that isn’t clear to me is what are entry and exit points are? How should I set it? Due to Iceland and Switzerland’s reputations for privacy, I would like to use their servers. I’m assuming I should set either one of them as the exit points? So far, I have tested using Seattle, USA as the entry point and Zurich, Switzerland as the exit point. With my use case that I outlined above, everything seems to work well on T-Mobile’s 5G cellular network and AT&T’s gigabit fiber-optic network. I’ll continue to play around with the servers. When multihop is used, what will my IP address be?

One thing that I like about iVPN over Mullvad is the ability to use a custom secured DNS. I have no idea why neither Proton nor Mullvad allows that. Their implementation is only IPv4/IPv6. It’s horrible and I have emailed them about it. No promise of ever implementing it. iVPN also has blocklists like Hagezi available in the app so it’s more choices available and not stuck with a default DNS.

Mullvad has DAITA and Quantum resistance, which I have also enabled.

I’m using the WireGuard protocol with iVPN. Should I stick with the default port UDP 2049? I don’t understand what the “bypass VPN for local networks” setting does, but it’s disabled by default. Should I enable “IPv6 for Wireguard VPN"? Should I enable “trusted/untrusted networks”? If so, how do I configure that?

Looking forward to hearing your thoughts on iVPN and Mullvad and why you prefer one over the other.

2

I find it very interesting that IVPN’s iOS client has more features such as V2Ray. I haven’t tested that yet, but it doesn’t seem to be automatic and requires manual intervention since it only works on WiFi. As someone who switches back and forth between cellular and WiFi networks, I find that to be a bit annoying and not user-friendly.

IVPN also has a “block LAN traffic” setting. What does that do?

Does it matter whether IPv4 or IPv6 is used inside a VPN tunnel?

3

The “block LAN traffic” option is just iOS’s version of a kill switch.

They removed the “kill switch” wording due to Apple traffic leaking outside the tunnel. You can find more info here: Removal of kill switch from our iOS app due to Apple IP leak issue

2 Likes
4

They are not complicated products to use. What exactly do you want guides for?

Also, it is not iVPN, it’s IVPN. It’s not an Apple product.

Yes. But entry and exit is only thought about when using multi hop. This makes the connection slower. Otherwise, you can directly connect and the connection will exit the location you choose.

They do allow it. Mullvad allows it and so does Proton (but perhaps not on every client). That said, custom DNS is not generally recommended to use as the VPN’s DNS is more than adequate and the best option (unless you have very specific use case for why you need custom DNS).

Yes, you can leave that as it is.

That’s only if you need your printer to work or if you want to stream your media from your TV that’s set up on your computer via Plex or Jellyfin.

Depends if you really need that setting on. If you are asking, I’m guessing you don’t really know if you need it or not. So, you can leave it as it is.

Same here too. If you’re asking, and seeing that you want an always on VPN, I would say don’t enable this.

If you want to configure it, you need to begin by enabling it first.

Like I said in a recent comment of mine about VPNs - Mullvad or IVPN can’t or should not be evaluated on objective metrics or merits because they both are fantastic with varying feature sets. It really comes down to what’s working best for you for your devices and set ups you have. And there is no wrong answer here so don’t think of it as one being better than the other if your goal is to choose the “best”. There is no best between them.

Use what you like more and what works best for you over time. I like them both. Proton and Mullvad work best for me in North America, IVPN and Mullvad work best when I am in Asia. I like Mullvad’s DAITA and IVPN’s V2Ray obfuscation too and have used them both. Currently, I’m on Mullvad but will move to IVPN once my year ends because I like to change providers every year (and only rotate between Proton, Mullvad, and IVPN).

5

(post deleted by author)