Is there a reason for IVPN to do this and would it be okay if I firewalled out all these unnecessary connections?
That is probably part of the latency measurement to each server, imo it isn’t a nice feature for such aspect.
Especially consider, if one server is compromised then that attacker can still potentially enumerate a significant portion of users afaiu.
Would this be avoidable if I connected using the wireguard client rather than their app? I like their app’s on-demand firewall on macs and don’t know if the wireguard app has a similar option.