[digitalengineer]

Personal (non-company) VPN still doens't fully work on smartphones. It needs to be manually activated each time, making 'all-traffic-behind-vpn' impossible for now. It is possible for coporate VPN's so we know iPhones can do it. A choice by Apple HQ?

[ingenium]

Works fine for me with OpenVPN on Android (4.4.2 on a Galaxy S4 and Nexus 7). It will only prompt to accept the VPN the first time it's run. If you leave it running in the background it will re-establish the connection whenever it needs to.

That being said, I also have an Xposed module to get rid of the confirmation prompt entirely (I use Tasker to enable the VPN automatically when my phone connects to unsecured wifi networks).

I can't speak to how Apple does it, so maybe it's just an OpenVPN vs IPsec thing. If you setup your own IPsec VPN you could possibly have it activated automatically. There was a post on HN a few months ago with a script to basically setup an IPsec VPN automatically for you.

[nodata]

I just checked my phone, and Android 4.4.2 supports always-on VPN.

[redsparrow]

Android added always-on VPN in 4.2.

[lazerwalker]

I don't know how they're accomplishing it technically, but http://getcloak.com manages to auto-enable my VPN on my iPhone every time I connect to a non-whitelisted wireless network.

[jeff_tyrrill]

I'm a Cloak user. Connect on Demand in iOS has a great design, but unfortunately it's buggy. About once a week, I will catch it not using the VPN (and not blocking traffic nor trying to reconnect). I even connected my iPhone to Apple's desktop utility that allows reading the device logs and I correlated the behavior to certain log errors. This problem started in iOS 7.0 and remains up to 7.1.1 (iOS 6 was fine).

As a result of this bugginess, I'm no longer willing to use untrusted wi-fi networks even with VPN. It's really too bad that Apple is not fixing this, because it renders the Connect on Demand feature useless from a security point of view, and it nullifies the functionality of Cloak. Cloak is otherwise an awesome app and service, and it's not their fault as they can't control this code.

[autodidakto]

iOS 7 opened up some APIs for it. GetCloak's app uses it (and has a lot more niceties, I read), and so does the ugly but generic OpenVPN app. I'm guesses that they're not able to block all traffic before the VPN is set up though. I'm not sure. And I'm certain the OpenVPN app doesn't fail safe/closed.

Anyone know of a portable, travel wifi router that supports VPN and fails closed?

[computer]

Do it on your router, so that all devices that connect over wifi are automatically router through your VPN.