StrongVPN is a major US-based VPN service, which operates as a part of its parent company and hosting provider – Reliable Hosting. The company launched its first venture way back in 1994, starting off as a local computer dealer in South Lake Tahoe, California. Since then, the company has expanded to offer dedicated servers and collocation services, and, most recently, its VPN service, which has existed long enough on the market to establish itself as a very recognisable brand among virtual private network users.In this StrongVPN review, we are going to take a closer look at the many features offered by the service, with the aim of finding out whether it is worth purchasing and recommending to our readers. Among these features are its servers, privacy/logging policy, encryption methods, applications, performance, extras and the price.
StrongVPN server network
StrongVPN offers servers in the following countries:
- United States
- United Kingdom
- Hong Kong
- Czech Republic
The company owns most of its domestic (US) servers and leases server clusters at its numerous international locations, spanning the Americas, Europe and Asia. Not many VPN services are able to offer in-house server ownership and management, therefore, having a hosting provider for a parent company certainly plays no disadvantage to StrongVPN’s credibility. On the contrary, with privacy in mind, it is that bit more reassuring to know that your VPN offers Tier-1 infrastructure.
On its website, the company indicates that it operates out of the Digital Realty Trust data centre facility in San Francisco – a premier telecom carrier location in the country. Its secondary data centre is located in New York, while two more locations are on the way in Miami and Washington D.C.
According to the company, all software engineering is managed in-house.
“We will only comply with all valid subpoena request that follow the letter of the law. We cannot provide information that we do not have. StrongVPN will not participate with any request that is unconstitutional.”
Quite clearly, this one is directed at law enforcement agencies and other unwanted third parties who might want to extract some user-specific data from the provider. Nonetheless, potential customers should take note that if the service is misused through serious criminal activity, a valid subpoena request would force the company to cooperate with the authorities to identify a culprit.
Unfortunately this is a potential reality that affects all VPN companies, no matter how ‘anonymous’ one assumes the service to be. At the end of the day, the company is a registered business that has to comply with the law. But with this in mind, we do not doubt that an experienced provider like StrongVPN has its customers’ privacy within its top priorities and thus strives to minimise the chances of the above-mentioned scenario from occurring.
StrongVPN can be connected either via its own software or manually through third party clients. Both options allow users to connect using OpenVPN, L2TP/IPSec, SSTP or PPTP encryption protocols (note that the favourable OpenVPN protocol is only available through a pricier subscription package, but we’ll delve into this later on in the review:
- PPTP: uses MS-CHAPv2/MPPE with 128-bit encryption keys;
- L2TP: uses IPSec with 256-bit encryption keys;
- SSTP: uses SSL v3 with 256-bit AES-CBC keys;
- OpenVPN: supports BF-CBC-128 to AES-256 over the tunnel and 2048bit keys for authentication.
For those of you unfamiliar with common VPN protocols and the basic differences between them, here’s a quick 101:
• PPTP has low overheads and thus delivers fast connections, but security level is weak and penetrable;
• L2TP/IPSec offers strong encryption, requires a bit more CPU power, but it is the better choice since it uses better encryption and runs the tunnel over UDP (unlike PPTP which uses TCP). Good for speeds, but there are rumours that it has already been compromised;
• SSTP is the most secure protocol of all, since it uses SSLv3 & 256-bit AES-CBC, however, the strong encryption and very high overheads result in significantly slower speeds. SSTP is mostly recommended for bypassing tough firewalls;
• OpenVPN delivers the best balance between speed and security. The protocol is open source and is regularly modified by individual VPN providers. It’s worth mentioning that StrongVPN will modify the OpenVPN protocol based on the customer’s own criteria.
StrongVPN offers native apps for bypassing manual configuration. Custom-built VPN clients are available for Windows, Mac OS X, iOS and Android operating systems. Though, if customers wish to manually set up their connection through a built-in or any other third party client, detailed instructions are available for each operating system, including Linux, in the Setup section of the StrongVPN website. For the more visual learners, instructional videos can be found on the StrongVPN YouTube channel.
Desktop client (Windows example)
StrongVPN Windows client version 126.96.36.199[/caption]
For our desktop example, we will test out the current version of the StrongVPN Windows client, which should give us a good idea of how the service works and how it is delivered to the average user.
Having downloaded the client, the home screen of which is demonstrated in the screenshot above, we first wanted to check through each of the available connection options. The main screen is already equipped with some core settings, such as a server selection dropdown menu, as well as toggle On/Off options to switch between UDP and TCP (OpenVPN transport layer protocols). Plus, a switch to simply run the connection through a private proxy. Don’t forget that the proxy will only change the IP address, and will not implement any end-to-end encryption.
The full options menu can be found by clicking on Advanced – just below the StrongVPN logo. The client will then open up a second window, containing six tabs:
Tab 1: Information
As you might have guessed, this tab shows some basic information about the whole setup – from the client version number and our account details, to its host operating system ID and overall connectivity stats. A screenshot isn’t all that necessary in this instance.
Tab 2: Options
This is the tab where we get to adjust our VPN settings prior to connecting, and looking at the range of modifiable fields for OpenVPN, it’s clear that StrongVPN has really integrated and subsequently bought home the advanced connection options that are usually only found in the open source OpenVPN client.Some General TweaksThe first section of the tab is quite general. Here we see the option for automatic launch on system startup. We can also instruct the client to check for updates automatically or to connect to the last saved VPN server on launch. Additionally, we can toggle some notification settings.
We weren’t too sure about the Protocol Preference dropdown menu. Initially, it was presumed that we’d be able to change encryption protocols here, however, judging by the three available options – Package Tier, OpenVPN and PPTP/L2TP/SSTP, this feature turned out to be slightly more confusing than expected. A tech support assistant confirmed to us that this was actually a dropdown menu for available subscription packages.
Moving down, we are able to adjust several OpenVPN-associated options. These features are variables within the OpenVPN configuration file:
The first field, Max MSS (stands for TCP Maximum Segmentation Size) lets us define the largest amount of data (in bytes) that will be transferred in a single segment over a TCP connection. MSS derives from the value of MTU (Manual Transmission Unit), and the maximum MTU value for Ethernet, and generally for the Internet, is 1500 bytes.
It is recommended that the maximum MSS value is set to the largest data payload without causing fragmentation. With the maximum value for Ethernet MTU at 1500 bytes, the suggested and default maximum value of MSS is 1450. The last 50 bytes are an overhead contingent for IPv4 and TCP header.
The Timeout value ranges between 2 and 60 seconds. This field defines how long the client will wait to synchronise with the remote server before recycling and re-attempting to connect. By default, it is set to 20 seconds, however we shortened this interval to 10 seconds, in order to minimise the wait by a fraction.
Compression has three settings to select from: Enabled/Disabled/Adaptive. It is available for both TCP and UDP connections, and it works by compressing data on the user end. It then transmits it over the network and decompresses it on the other end. As a result, the process saves the actual amount of transmitted bytes.
When enabled, compression will always be on. Disabled means it will be off. Adaptive means that the client is using the LZO real-time compression library as is in the OpenVPN client. The feature will find out if compression is helping or not and disable or enable it on the go. If it finds the data to be incompressible, it will not attempt to compress it.
Following Compression is the multiple choice setting for Log verbosity. Ranging between Quiet, Normal, Insane and Maximum, this feature will determine how much information and what types of events trigger a new message to be written in the local client log. So the higher the verbosity, the more information the log will generate.
Below the global OpenVPN settings, we found the account-specific OpenVPN options. Aside from the Selected Account menu, which won’t display any further options with a single StrongVPN subscription, we have three fields that let us manually change the values (in bytes), each one ranging between 576 and 1500 bits. Much like the MSS value talked about earlier. These fields are Fragment, MSSfix and MTU.
Fragmentation deals with packets that come through and do need to be fragmented as their size is larger than the MTU value.
Mssfix is for TCP streams running inside UDP streams. It announces to TCP sessions running over the tunnel that they should limit their packet sizes, so that after OpenVPN has encapsulated them, the resulting UDP packet sent to its peer will not exceed the maximum set value. Essentially, it helps prevent packet fragmentation in the first place by informing the endpoints as to how large a packet should be, without having to be broken down via the set MTU guidelines.
Generally, the Fragment and Mssfix values should be the same, but smaller than that of the MTU.
Both Fragment and Mssfix values are scaled according to the UDP output packet size which includes the encapsulation overhead. The value of 1390 bytes used by default is variable. Reasonable values range from anything between 1000 and up to 1500 bytes. It is recommended to use the highest value that doesn’t cause fragmentation. Note that it should always be smaller than that of MTU.
And as previously mentioned, MTU stands for Manual Transmission Unit. Its set value will determine the maximum unfragmented datagram size that can be sent over the connection. It doesn’t require overheads, which is why we are leaving it maximised at 1500 bytes.
Furthermore, in this section we are able to switch between UDP and TCP as well as choose our preferred encryption strength. As shown in the last screenshot, the menu ranges between BF-CBC (Blowfish), AES 128-CBC, AES 192-CBC and AES 256-CBC. These are already ordered in terms of strength (AES is also regarded to be more reliable than Blowfish). Just below, we will leave ticked the option to use additional HMAC authentication – a code that provides the server and the client each with a public as well as a private key in order to protect the user from active attacks. Note – HMAC is not the most efficient authentication method and may sacrifice performance in favour of security.
We also have the option of disabling the encryption altogether; and although that would defeat the purpose of safeguarding our privacy, this feature is useful to us should we only want to obtain a new IP without losing much speed. What we would have now is a functioning proxy instead of a virtual private network client. The proxy can be also be selected on the client’s home screen.
In early 2015, StrongVPN introduced a handy, in-app feature for Windows and Macintosh clients called Scramble. This option is available with OpenVPN packages only and, similarly to HMAC authentication, works by adding an additional security layer between the server and the client.
As seen in the above screenshot, options include Password, Xorptrpos, Reverse and Obfuscation:
- Password – Either automatically or randomly generated string which will be used to perform a basic xor operation;
- Xorptrpos – This option performs a xor operation using the current position in the packet payload;
- Reverse – This option will literally reverse the data within the packet;
- Obfuscation – Generally regarded as the most secure option out of the four, as it will implement all three of the above.
For Mac OS X, Scramble would have to be activated via the client control panel on the StrongVPN website. After choosing and saving one of the options, the user will then need to close down and re-launch the VPN client.
Here, we can find the same killswitch that is available to toggle under OpenVPN (Global) options, as shown a few screenshots earlier.
Lastly, the Options tab offers the option to repair external client components – specifically the third party OpenVPN TAP driver, which can get corrupted in instances such as when another VPN client is installed on the system. The process was local to the software and took no more than a minute to complete:
In case we can’t wait for an automatic update check, we can force it by clicking on the second of the two buttons under Diagnostics:
Tab 3: Log
This tab contains the local client connection log. In case of any immediate privacy concerns, this log is available to the user (you) only and may be cleared at any time.
Tab 4: Service
The Service tab serves for information purposes only, showing details, such as where on our computer the OpenVPN binary file is saved and which TAP adapters are installed on the system.
Tab 5: Port List
By default, there are already fifteen ports to select from, including standard ports like 443 and 500. This list is fully modifiable and ports can be deleted or added at any time. Users are able to revert to the default list at any time.
Tab 6: License
Here, users can find the detailed end user license agreement specifically for the VPN client, as well as view details of additional third party licenses that are in effect in conjunction with this software (e.g. OpenVPN).
Connecting to server
And now that we have checked out and tweaked all the necessary settings, it is time to connect to a VPN server. Here are a few examples of our successful connections to StrongVPN servers:Connected to a Canterbury server in the United Kingdom using OpenVPN UDP.
Next, we connected to Germany:And here we are connected to the USA (West Coast), using the San Francisco server as a proxy instead of a VPN:We were able to connect to each of the locations without a problem, and a quick IP check on the last connection confirmed that the service was working correctly. Due to the intended absence of encryption, the proxy connection maintained good ISP speeds, while letting us use a California-based IP address all the way out of Europe.
What’s more, the IP check showed that StrongVPN’s parent company Reliable Hosting owned this server, confirming that the service is Tier 1, at least for most of the United States
Mobile App (Android example)
StrongVPN offers mobile applications for iOS and Android devices. Both are very similar in feature and function, but we will take a closer look at the latter.
Its application for Android bears a slick design, at least in comparison to its desktop counterpart. Upon its download, we are greeted with this elegantly designed interface:
Changing the settings
To open the main options menu, we have to tap on the round equalizer icon located directly below the narrow burger stack on the top right side of the screen. In the screenshot below, this button is circled in green.
Although not as wide-ranging as the variables available in the desktop client, we can still tweak some important parameters of our connection:
Protocol lets us choose between UDP, TCP and proxy, which indicates that the app uses OpenVPN for encryption. However, the server list (found in Location) also shows nodes marked “PPTP/L2TP”, in addition to locations marked “OpenVPN”.
If we were to choose a location marked with “PPTP/L2TP”, it isn’t be clear if we would be connecting using PPTP or L2TP/IPSec, and no other page within the app lets us specify which of the two protocols we want to use. Moreover, following several attempts, we found that we simply weren’t able to connect to any of the “PPTP/L2TP” servers.
We raised the matter with technical support via live chat, and sure enough, it came to light that we are only able to connect to “OpenVPN” servers, and not those marked “PPTP/L2TP”. The chief concern is not only that these servers are redundant and shouldn’t really be listed in the server list, but that each time we switched locations, we were losing “server switch” credits in the process.
Despite this, the tech support agent rightly mentioned that we can setup a manual connection to servers listed as “PPTP/L2TP” in the app. To do this, we would need to:
- Login to the Customer Area
- Navigate to VPN Accounts > VPN Accounts Summary
- Check which server is selected (change if necessary)
- Click on Account Setup Instructions
- Grab the server URL or IP
- If configuring L2TP connection, grab the IPSec shared key from the original setup instructions email or from the Customer Area
- Proceed to set up a manual connection in your device’s built-in VPN client
Jumping back to the app, we found that the Scramble feature is available for OpenVPN connections, though the mobile version of the client is limited to generating only its own passwords:
Below Scramble, there is a toggle option for binding or disassociating local address and port. When turned on, the IP stack will allocate a dynamic post for returning packages.
Another useful feature is the Battery & Connectivity slider. This lets us choose whether we want the app to produce a more reliable connection or help prolong the battery of our device at the expense of the stability of the connection. By default, it is set to be balanced, however, we swiped the slider closer to “better connectivity”.
And finally, there is a toggle that will instruct the app to automatically reconnect if the connection drops.
Connecting to server
Once the app’s settings were adjusted to preference, we connected out of Europe to a StrongVPN New York server. The connection established successfully, and this was confirmed by the green light on the main screen and the expected appearance of the ‘key’ icon at the top of our Android monitor. This indicates that the device is connected to a VPN:
The service allows up to two simultaneous connections per subscription to account for mobile use of its service alongside active connections on desktop computers.
To analyse server performance, we tested multiple StrongVPN nodes using a 72Mb/s cable connection out of Midwest, United States:
The results were as follows:
- New York, USA – [Download: 22.34Mb/s] / [Upload: 9.12Mb/s]
- Montreal, Canada – [Download: 23.10Mb/s] / [Upload: 9.32Mb/s]
- London, UK – [Download: 23.69Mb/s] / [Upload: 8.14Mb/s]
- Krasnoyarsk, Russia – [Download: 11.85Mb/s] / [Upload: 3.21Mb/s]
- Batam, Singapore – [Download: 11.07Mb/s] / [Upload: 5.63Mb/s]
It is also possible to run a speed test on each server from the StrongVPN website. This feature can be found back on the server list page: there is a button labelled Speedtest on the far-right of each row.
The tests are run through an embedded Ookla widget, displaying both download and upload speeds of each node.
We tested this feature from a different location (in Europe) using an Amsterdam server and a 100Mb/s broadband connection. Our result showed a download speed of 90Mb/s and an upload rate of 43Mb/s, as shown in the above screenshot.
It is unlikely that connecting to a specific server will not suffice for unblocking US-based sites, however, should this be the case, StrongVPN recommends that users change their DNS settings to its own publicly available addresses:
Changing your DNS settings to the provided addresses will likewise help prevent DNS leaks.
Smart DNS (StrongDNS)
In addition to its VPN, Reliable Hosting also offers a Smart DNS service called StrongDNS. The service, however, is completely separate from StrongVPN, parked on a different domain, and to use it, you would need to sign up separately.StrongDNS is specifically optimised for unblocking geo-blocked online streaming networks and websites. As with any Smart DNS, the service does not provide encryption, instead, changing your device’s DNS settings to unblock content in specific regions that are otherwise blacked out in your location.
StrongVPN is one of a handful of VPN providers that sells pre-configured VPN routers. Its catalogue ranges between numerous Asus, Netgear and Linksys routers.Features among them range from varying processor power (from 300MHz to 5GHz), RAM (32Mb to 256Mb), bandwidth capacity and other specifications.
StrongVPN offers three packages – Lite, Special and Deluxe, as well as protocol-based sub-tariffs (OpenVPN or PPTP) within these plans. For clarification, the OpenVPN sub-plan provide access to all available protocols including OpenVPN, SSTP, L2TP/IPSec and PPTP. The PPTP sub-plan will feature all protocols except OpenVPN.
The Lite package contains the cheapest subscription plans, with access to servers only in the United States:
- 1 month: $7.95
- 3 months: $21
- 6 months: $40
- 1 year: $75
- 1 month: $11.95
- 3 months: $30
- 6 months: $57
- 1 year: $90
The Special subscription plan is labelled as the most popular of the three. Users will gain access to four server locations including USA, Canada, United Kingdom and the Netherlands. The plan does contain an OpenVPN + PPTP combo plan, which provides access to servers in 22 countries.
- 1 year: $55
- 1 year: $85
- 1 month: $34.95 (with access to 22 countries)
The Deluxe plan is the most expensive of the three, and despite it granting access to all available locations, the price itself certainly reveals the provider to be on the much pricier side of the scale than the average VPN provider.
- 1 month: $16.95
- 3 months: $45
- 6 months: $85
- 1 year: $155
- 1 month: $21.95
- 3 months: $60
- 6 months: $114
- 1 year: $210
Additional server switching
As users are limited to 25 server switches per month, StrongVPN offers an option to buy additional credits. They are available at the following prices:
- $5 for 10 extra switches per month;
- $10 for 20 extra switches per month;
- $15 for 30 extra switches per month.
This option is definitely our least favourite aspect of the service. In fact, this is one of the rare few times that we have come across a VPN provider with limited server switching. Given that most other major provider offer unlimited server switching, many VPN users have already come to expect this feature to freely available.
Saying that, if you are impressed with StrongVPN and do not plan on changing servers on the regular, this limitation may not even turn into an issue. Plus, judging by what we have seen during the making of this review, it is safe to say that this is a serious, secure and reliable VPN provider.
Accepted payment methods
StrongVPN accepts the following forms of payment: Cards (Visa, Mastercard, Discovery, American Express), PayPal, Google checkout and Western Union ( for orders above $55.00). Debit cards are also accepted, with the exception of Visa Electron.
If the customer is dissatisfied with the service, there is a 7-day moneyback guarantee, as stated in the Billing Department FAQ section on their website.
1 user review