On October 16, 2012, OpenVPN’s first VPN client arrived in a mobile app store. On that first release, however, it wasn’t available on Apple. Developed and released by OpenVPN co-founder James Yonan, the client app was then called OpenVPN Connect Client, and it was only available for Android devices. James knew that was a good start, but ultimately, he wanted to bring the app to iOS.
And as it turned out, he wasn’t the only one. Users wanted that little VPN client app on their iPhones, too — and Apple developers even wanted it on their phones so they could use it for their open source OpenVPN server within the company.
“People were demanding OpenVPN on iOS because OpenVPN on Google had been out... Apple came to us looking at their tickets and saying, “People are coming to us and demanding this.' So we got added to that list by our customers.”— Elfredy Capadan, OpenVPN Product Director
It’s Not Easy To Make an iOS VPN Client
But the path to get there was blocked: apps weren’t allowed to access the locked away network capabilities necessary for a VPN client, and open source code didn’t mesh well with the legal hurdles in Apple’s marketplace.
Working with his coworker, Elfredy Capadan, James set out to remove these impediments.
The first block had to do with access to networking capabilities on iPhones — Apple had locked those down for app developers. OpenVPN Connect Client needed to create routes, manage traffic, and handle networking subsystems, among other networking tasks, but those were inaccessible to an iOS app.
"All the access to the networking subsystems, all that is locked away from the app layer, basically as an app developer, you cannot add routes, you cannot direct network traffic even. You don't have access to the underlying layer."— Elfredy Capadan
Elfredy decided to reach out directly to Apple. How could he get what OpenVPN Connect Client needed? No other app had access to these things either. Not in 2012, at least. So he asked them: What would it take to make that happen?
Apple’s team responded with a plan: they sent James and Elfredy the code for a network plugin. Apple would then review code additions by James and Elfredy for OpenVPN Connect Client, and ultimately plan on signing off on the plugin if it all looked allowable.
The Open Source Community Came Through
So James and Elfredy got to work. In the meantime, they also put their heads together to talk about the second block: legal. For app developers in iOS, the terms of having an app with Apple require that the developer assumes full legal responsibility for the code. That’s a little tricky to do with OpenVPN Connect Client. Why? Because it’s open source.
"The thing that's stopping a lot of the open source projects from putting apps on the App Store — the code comes from different contributors, and a lot of them may not be in the project anymore."— Elfredy Cadapan
While James and Elfredy worked with Apple for the network plugin, other larger companies also used it — such as Cisco and Juniper Networks. They, too, were working on networking apps. But they didn’t have the same legal hurdles. James had worked with the open source community to develop the OpenVPN Connect Client, and he knew there were (and are still!) far too many benefits with open source code to close this project off for proprietary development, but that legal hurdle still seemed tricky.
Thankfully, the open source developers came through. They were also eager to get the app to iPhone users, and so collectively they assumed full legal responsibility for the code and signed off.
Then, on January 16, 2013, OpenVPN Connect Client made its way into the App Store.
The OpenVPN Client For Mac, iOS, and More
OpenVPN Connect Client, now known only as OpenVPN Connect, happily exists today for Windows, macoS, Android, and yes, iOS. With each new release, Elfredy always collaborated with Apple's team to get the code changes approved and a new version out, whether it was a bug-fix release or new functionality. In the App Store, there’s a record of those releases in the version history, which reads like a walk down memory lane for OpenVPN Connect. Some highlights include:
- 1.0.0 released January 16, 2013
- 1.0.2 released December 16, 2013 added support for ARM64
- 1.0.7 released May 31, 2016 updated mbedTLS (formerly PolarSSL)
- 1.2.5 released January 8, 2018 converted VPN backend to new Apple Network Extensions framework
- 3.0.0 released August 27, 2018 added a new UI layer with two skins and automated the profile import from OpenVPN Access Server
- 3.2.0 released Jun 13, 2020 switched over from mbedTLS to OpenSSL
- 3.3.0 is in the works
Five years after the first App Store release, OpenVPN Connect switched from using the network plugin to using the Apple NetworkExtensions framework. This switch removed the back-and-forth collaboration between the OpenVPN team and Apple’s team. As explained by Apple, the framework opens up the ability for an app like OpenVPN Connect to customize and extend core networking features. And because it doesn’t require the Apple sign off, more VPN apps can get into the App Store using this framework.
Paving the Way For Other VPN Clients
By overcoming the hurdles they faced, OpenVPN Connect opened the door for other VPN apps to enter the App Store.
The OpenVPN Connect team really wanted this client to be available on as many operating systems, for free, as possible — to support any VPN server using the OpenVPN protocol. This includes our business VPN products: OpenVPN Access Server and OpenVPN Cloud. It also includes the open source OpenVPN Community Edition.
Where OpenVPN invests company time and resources reflects our company values. The time and work by our co-founder, James, with our Product Director, Elfredy, into the development of our free VPN client reflects our commitment to both our business products and our open source community. Today, we have a dedicated team for OpenVPN Connect, and while it’s not a purchased product, it delivers incredible value for our business customers as well as the open source community. What’s more, the team is dedicated to continually supporting both of these essential groups, whether via the iOS app, or the app on Windows, Android, or macOS.