The staff at the Apple Store Genius Bar told me that the AVAST VPN installed on my devices was likely causing problems and advised me to get rid of it and use the free Apple one. But I’m not sure which of the ones shown in the App Store is the one she was referring to. Can someone tell me how to delete my paid but now expired Avast one and get the free Apple VPN? I’m not a very technical person, by the way. Thanks!
iPad, iPadOS 17
While iOS/iPadOS has a built-in VPN client (configured from iPad settings) that can be set-up to access VPN services, Apple does not offer a free VPN service.
Perhaps the recommendation that you received was to remove the AVAST VPN/Security App from your iPad - and manually configure the VPN connection from settings:
Settings > General > VPN & Device Management > VPN > Add VPN Configuration
To complete setup, you will need the VPN settings for your VPN Provider.
Be aware that VPN is not a complete security solution - and can engender a false sense of security. Unless you understand precisely what it can and can't protect, you might be best advised to avoid the added complications of attempting to use VPN.
A VPN connection can only protect traffic between the VPN Client and the VPN Gateway. If you are running your own Gateway, while the VPN is active (and a no-split-tunnel traffic policy is applied) all traffic to your Gateway will have protection of the VPN tunnel between these two endpoints.
If instead you are connecting to a commercial VPN Service, your VPN traffic will be protected as far as your VPN Provider's Gateway - where it will be delivered to (and traverse) the internet without benefit of the VPN. As such, when connecting to an untrusted public WiFi, all of your network traffic will be protected over the least-trustworthy public WiFi connection - but receive no additional protection from where your traffic exits the VPN at the Gateway.
It is when using untrusted WiFi networks that Commercial VPN Apps may have useful utility - but you must consider that your unencrypted data remains visible to the VPN Provider. Choose your Provider with care - as not all are themselves trustworthy.
Also consider that much of your network traffic is already encrypted, by default, using TLS/SSL. That said, there are some network protocols (such as DNS) that do not have benefit of encryption - and this traffic can be intercepted or maliciously manipulated. This risk can be mitigated using DoH, DoT or ODoH protocols.
DoH and DoT are natively supported by iOS/iPadOS, but are not exposed via iPad settings; to configure and use these protocols you will need to use a third-party App - such as DNSecure. ODoH is also natively supported - but is only available to iCloud+ subscribers using Apple's Private Relay function.
While iOS/iPadOS has a built-in VPN client (configured from iPad settings) that can be set-up to access VPN services, Apple does not offer a free VPN service.
Perhaps the recommendation that you received was to remove the AVAST VPN/Security App from your iPad - and manually configure the VPN connection from settings:
Settings > General > VPN & Device Management > VPN > Add VPN Configuration
To complete setup, you will need the VPN settings for your VPN Provider.
Be aware that VPN is not a complete security solution - and can engender a false sense of security. Unless you understand precisely what it can and can't protect, you might be best advised to avoid the added complications of attempting to use VPN.
A VPN connection can only protect traffic between the VPN Client and the VPN Gateway. If you are running your own Gateway, while the VPN is active (and a no-split-tunnel traffic policy is applied) all traffic to your Gateway will have protection of the VPN tunnel between these two endpoints.
If instead you are connecting to a commercial VPN Service, your VPN traffic will be protected as far as your VPN Provider's Gateway - where it will be delivered to (and traverse) the internet without benefit of the VPN. As such, when connecting to an untrusted public WiFi, all of your network traffic will be protected over the least-trustworthy public WiFi connection - but receive no additional protection from where your traffic exits the VPN at the Gateway.
It is when using untrusted WiFi networks that Commercial VPN Apps may have useful utility - but you must consider that your unencrypted data remains visible to the VPN Provider. Choose your Provider with care - as not all are themselves trustworthy.
Also consider that much of your network traffic is already encrypted, by default, using TLS/SSL. That said, there are some network protocols (such as DNS) that do not have benefit of encryption - and this traffic can be intercepted or maliciously manipulated. This risk can be mitigated using DoH, DoT or ODoH protocols.
DoH and DoT are natively supported by iOS/iPadOS, but are not exposed via iPad settings; to configure and use these protocols you will need to use a third-party App - such as DNSecure. ODoH is also natively supported - but is only available to iCloud+ subscribers using Apple's Private Relay function.
Part #2
One of the arguments against the use of commercial VPN is that all your traffic is routed via the VPN provider”s VPN Gateway. This of course is completely true - however, in many cases presents no greater risk to you, or your privacy, than routing all your internet traffic via your ISP or mobile phone operator.
Reputable “paid” commercial VPN services have no vested interest in your internet traffic beyond statutory obligations imposed by the authorities in whose territory in which they operate. Again, from a regulatory a technical perspective, this is no different to your ISP or mobile phone operator. Reputable commercial VPN services are fully and profitably monetised by service subscriptions.
Free or “low cost” VPN operators are funded differently. Clearly, these VPN operators have cost overheads that must be fully funded; such services are often funded through commercial advertising served via the VPN connection, or traffic analysis and data mining - this data being sold-on to other interested parties. Dishonest VPN operators may attract business with express intention of misusing your data - or to facilitate criminal activity.
Looking now at areas where a commercial VPN provides useful threat mitigation…
Assuming that your home wired/WiFi network is secure - and that other network devices using the network are trusted - use of a VPN within your local network offers little if any tangible benefit. By contrast, public WIFi networks (such as Airports and Hotels) are high risk; other users of these networks can access and manipulate your network traffic - and it is here that a commercial VPN provides useful protection. Here, when using a VPN, all your traffic is fully protected from actors over the high-risk elements of the network path - between your client device and the VPN Gateway.
Remember, the local WiFi connection is likely to be the least-trustworthy network segment.
Expanding upon my initial reply - perhaps adding some context that you may find helpful with understanding...
With a VPN App or profile installed, this can sometimes interfere with anticipated connection to services and websites. Typical issues are some Apps or services seemingly having no connection to the internet - while others continue to work normally.
Without delving into the complexities of the network stack and interaction with an installed VPN and similar Security Apps, perhaps suffice to say that to resolve an unexpected connection issue, it is sometimes necessary to remove and reinstall the associated VPN/Security App. Simply removing the VPN and performing a restart of your iPad, prior to reinstalling the offending App, may be all that is required to restore normal function.
This Apple Support page may help with troubleshooting network connection issues:
As for the relative merits of using a VPN, perhaps some background and context would be worthwhile...
A VPN connection can only protect traffic between the VPN Client and the VPN Gateway. If you are running your own Gateway, while the VPN is active (and a no-split-tunnel traffic policy is applied) all traffic to your Gateway will have protection of the VPN tunnel between these two endpoints. Similarly, when connecting to an Enterprise (such as your employers business network) a correctly configured VPN connection can provide robust network security for this type of connection.
If instead you are connecting to a commercial VPN Service, your VPN traffic will be protected as far as your VPN Provider's Gateway - where it will be delivered to (and traverse) the internet without benefit of the VPN. As such, when connecting to an untrusted public WiFi, all of your network traffic will be protected over the least-trustworthy public WiFi connection - but receive no additional protection from where your traffic exits the VPN at the Gateway.
It is when using untrusted WiFi networks that Commercial VPN Apps may have some useful utility - but you must consider that your unencrypted data remains visible to the VPN Provider. Choose your Provider with care - as not all are themselves trustworthy.
Also consider that much of your network traffic is already encrypted by default using TLS/SSL. That said, there are some network protocols (such as DNS) that do not have benefit of encryption - and this traffic can be intercepted or maliciously manipulated. This risk can be mitigated using DoH, DoT or ODoH protocols.
In more detail...
Part #1
Much of the hype and negative comment that you will often observe throughout the Apple Support Communities are derived from a bias against, or a fundamental misunderstanding of, VPN technologies and their uses/benefits - in addition to misguided faith in Apple products being immune to cyber-threat. In many cases, negative viewpoint will be based upon consumption of misinformed commentary of others; such commentary often reinforces preconceived faith in both invulnerability and perceived immutable truth.
It is impossible to provide an in-depth discussion of Information Security and IP networking with the limited space that this forum allows. The following is intended to provide brief overview and insight - from which you are free to ask additional questions, draw conclusions as to efficacy, and/or make informed decision as to potential benefit in securing your internet communications.
Enterprise applications may use VPN technologies to securely connect remote users to corporate systems - security benefit being derived through the entire path being protected. Commercial VPNs, as used by private individuals, do not offer protection over the entire path as the encrypted tunnel terminates at the VPN Gateway from which your traffic is routed over the internet to its destination(s). Properly configured commercial VPN services do, however, provide useful mitigation against very specific threats. In using these services, It is important to understand the risks against which a commercial VPN can provide useful protection - and those that it can not. A commercial VPN cannot provide total protection against all monitoring of your internet traffic - as the end-to-end path is not protected by the VPN in its entirety.
A high proportion of your traffic (such as browser traffic) already benefits from encryption (e.g., SSL/TLS) without use of a VPN - but some protocols (such as DNS) are entirely “in-clear” and can be intercepted and manipulated. Header and routing information are also unencrypted - and is available to anyone that is able to monitor your local network connection. Where utilised, VPN encapsulation ensures that all your traffic, including unencrypted data, is contained within the VPN tunnel away from prying eyes and threat actors.
How to get free Apple VPN for my iPhone and iPad?
