VPN.AC is owned by Netsec Interactive Solutions – a computer security company founded in Bucharest, Romania in 2009. Netsec Interactive solutions is a company whose employees are experts in computer security and cryptography. It is the only VPN provider, I am aware of, who is both ISO 27001 and ISO 9001 certified.
VPN.AC is on the smaller side of VPN corporations, but I believe it is in the Goldilocks Zone of VPN providers. With servers strategically located across 16 countries, it provides plenty of nodes, but is small enough that you communicate directly with the engineers who deploy and maintain its network.
VPN.AC currently has 58 servers located in 16 countries strategically placed around the world:
It offers virtually unlimited traffic, capping at 2 TBs per month. However, it is highly unlikely any legitimate user would ever pass that limit. The traffic is capped to stop abuse, so that the provider is able to run a quality service to all clients. It allows 6 simultaneous logins, and unlimited server switches.
VPN.AC also runs its own private DNS servers to prevent DNS leaks. Its resolvers do not log user activity and mask users’ DNS queries by generating millions of queries of its own per day.
Node (server) status can be checked on its website. The page displays a rolling 15 minute average. As so many of its servers have such low usage I have found it fun to connect and pound the network to see if I can raise the usage reported.
I should also mention for users in China that you will need to use a mirror site. It would appear that someone is trying to keep the Chinese market from using VPN.AC.
A great bonus of being a Romanian corporation is that the Romanian Constitutional Court has rejected the EU’s sweeping data retention program. This means that under Romanian law, VPN.AC is not required to track you like companies in many other countries are.
VPN.AC does not log its users’ web traffic and keeps basic connection logs (e.g. IP address, bandwidth, time of connection to server) for one day. According to the provider, the temporary connection logs are used strictly to improve the service. Moreover, they are stored in an undisclosed location, not on actual VPN servers used by its customers.
It uses “shared IPs” which helps mask any single user’s activity. As another example of how seriously it takes security, the company states on its website;
Who has root/admin access on your servers?
We are very strict on this matter. Only two technicians have access to our infrastructure, and both are security-minded professionals who know what they are doing. Needless to say, they would never share – not even temporarily in case of unforeseen emergency – authentication credentials with anyone else.
This is another example of how open VPN.AC is about its service and how serious it is about privacy and security.
VPN.AC supports OpenVPN, L2TP/IPsec, and PPTP. Its OpenVPN support is some of the best I have seen. Utilizing up to AES 256-bit encryption with Elliptic Curve and/or 4096-bit RSA authentication, SHA512 HMAC and PFS.
The curve secp256k1 is used within the Bitcoin protocol and that serves as a good reason to trust it over the curves supported by NIST and NSA. ECC is being used during the OpenVPN tunnel authentication and key exchange, which is the most important part of VPN communication. For data-channel encryption we are using AES 128-bit, to benefit from the modern Intel CPUs providing hardware acceleration for AES encryption. ECC is also supported on Android devices (with the app OpenVPN for Android) and 128-bit AES is using less processing power, resulting in better battery-life than using AES-256.
ECDHE (Elliptic Curve Diffie–Hellman with Forward Secrecy) is now being used instead of regular DHE.
VPN.AC simply has some of the best encryption available to the consumer today.
VPN.AC supports all major platforms via its own custom software and popular open source clients as well as built-in operating system support. Its custom client has a remarkable continuity in look and feel across platforms:
The Microsoft Windows client supports all versions of Windows and all available VPN protocols. VPN.AC also supports the Viscosity client and the open source OpenVPN GUI and provides tutorials on configuring these clients.
Its Windows client works refreshingly well. It doesn’t have a Windows installer, instead coming in either a self extracting binary or a zip archive. Installation is relatively straight forward: you simply extract the files to a destination of your choice and then run the executable from there. If your system doesn’t already have the TAP drivers installed, the client will install them when you run it for the first time.
The client doesn’t have a ton of advanced options, but all the important ones are there. As you might have noticed on the image above, one of the protocol choices is PPTP (insecure). VPN.AC is one of the few providers I have seen that openly states that PPTP is an insecure protocol.
Mac OS X
Its Mac client is very similar to the Windows client and just as easy to use. As the application is not signed by Apple, you will get a warning when installing it. I have seen a number of tutorials stating that you need to change your system preferences to allow the installation of untrusted apps. At least in my version of OS X, I didn’t need to do this. All I had to do was use the Finder to locate the download and then right-click (ctrl-click on a one button mouse) on it and select Open. I prefer this method as opposed to changing my system to always accept unsigned apps.
Once you have installed the app, you will probably want to drag & drop it to The Dock to make it easier to find.
If you prefer to use Tunnelblick, VPN.AC provides OpenVPN config files for their network. Although I haven’t tried it, I see no reason why Viscosity wouldn’t work just as readily.
VPN.AC also offers an Android app for OpenVPN that can be found on their website or in the Play Store.
Again, the client isn’t anything fancy, but it just works. There are also tutorials for setting up OpenVPN for Android, OpenVPN Connect, and the built-in L2TP/IPsec and PPTP protocols. You get a nice key displayed in your status bar when connected to the VPN, and if you expand the status bar you get some nice stats like connect time and data transfer rates.
Linux is the platform that I use most of the time and VPN.AC’s support for Linux is excellent. I pretty much only use the OpenVPN protocol with it as I see no need to use anything else. VPN.AC doesn’t offer a custom client for Linux, probably because there is no need to. It does provide a tar file with OpenVPN configuration files for all servers and ciphers. It also provides a very simple shell script and a tutorial to help you set your DNS resolver to its private DNS servers to prevent DNS leaks.
I use the open source OpenVPN command line client most of the time. I find this works very well for me, and I like to monitor the client’s output, as seen in the following image;
For users that do not care to use the command line, VPN.AC has tutorials for using the Network Manager for both OpenVPN and PPTP. I have used these methods with no issues to report. Network Manager is a great option for Linux users who do not want to use the command line.
For those of us who would prefer to protect our entire LAN, VPN.AC provides a number of tutorials on setting up a VPN on your router, including for DD-WRT, TomatoUSB, and pfSense flashed devices. I am running AdvancedTomato, a fork of TomatoUSB on my router.
SecureProxy Browser Extension
SecureProxy is a tantalizing custom VPN.AC extension for Chrome and Firefox on Windows, Mac OS X and Linux. It uses TLS for encrypting traffic, it is stealthier against DPI and allows you to tunnel just your browser traffic. But what is probably most interesting is that the proxy is automatically optimized for streaming traffic and geo-unblocking. Which is to say that if you want to watch a regionally restricted streaming services such as BBC iPlayer from the U.S. or US Netflix from the U.K., this just works in the extension regardless of what proxy server you are connected to.
While you don’t get the same encryption level that you will with OpenVPN, traffic is still encrypted and processing overhead is low. In many of my tests, closely approaching that of my ISP. In my discussions with the engineers at VPN.AC, they have informed me that they are using TLS with AES-128 for the encrypted tunnel and RSA-4096 for authentication. They also plan to move to ECC once it is supported in some back-end open source software they are using.
Testing the performance of a worldwide VPN service is problematic and time consuming. However, some metric is needed. There are many factors, such as your ISP performance, network distance to the VPN node, and total distance to the final test server. Not to mention your platform, protocol, and encryption strength, your test platform, and of course the phase of the moon. :)
The following table are the results of tests from my workstation to various VPN.AC nodes around the world. The first result is without any VPN, which is the best I can achieve, and other results should be compared relative to the best I can achieve. Notice the ping times, or network latencies. As expected the VPN nodes “closest” to me, achieve the best results. Some coming surprisingly close to my raw ISP speeds. The last three tests were performed using a stronger encryption strength for comparison. The performance hit wasn’t as bad as I expected, about 5%-7% going from AES-128-CBC to AES-256-CBC.
|None||None||None||Linux||23 ms||73.40 Mbps||7.37 Mbps|
|OpenVPN UDP||AES-128-CBC||Chicago||Linux||69 ms||66.53 Mbps||6.83 Mbps|
|OpenVPN UDP||AES-128-CBC||Bucharest||Linux||320 ms||24.05 Mbps||5.68 Mbps|
|OpenVPN UDP||AES-128-CBC||London||Linux||265 ms||25.12 Mbps||6.47 Mbps|
||AES-128-CBC||Montreal||Linux||154 ms||55.36 Mbps||6.9 Mbps|
|OpenVPN UDP||AES-128-CBC||San Jose||Linux||243 ms||19.74 Mbps||6.54 Mbps|
|OpenVPN UDP||AES-128-CBC||NYC||Linux||160 ms||23.86 Mbps||6.79 Mbps|
|OpenVPN UDP||AES-256-CBC||Chicago||Linux||71 ms||62.27 Mbps||6.71 Mbps|
|OpenVPN UDP||AES-256-CBC||Bucharest||Linux||315 ms||22.92 Mbps||5.49 Mbps|
|OpenVPN UDP||AES-256-CBC||London||Linux||266 ms||23.80 Mbps||5.59 Mbps|
Another method of testing the VPN nodes, is to use a test server close to the VPN server. This is a reasonable way to test how fast that particular node’s connection to the backbone is.
|OpenVPN UDP||AES-128-CBC||Chicago||Linux||36 ms||88.94 Mbps||6.88 Mbps|
|OpenVPN UDP||AES-128-CBC||Bucharest||Linux||161 ms||65.78 Mbps||6.66 Mbps|
|OpenVPN UDP||AES-128-CBC||London||Linux||148 ms||26.02 Mbps||5.62 Mbps|
||AES-128-CBC||Montreal||Linux||110 ms||33.5 Mbps||6.25 Mbps|
|OpenVPN UDP||AES-128-CBC||San Jose||Linux||147 ms||65.93 Mbps||6.95 Mbps|
|OpenVPN UDP||AES-128-CBC||NYC||Linux||160 ms||49.0 Mbps||7.02 Mbps|
If you notice in the above results the Chicago node tests out faster than my raw ISP speed! Interestingly, Montreal comes in at about half the speed in my relative tests. This is probably due to the end test server and not the VPN node. As I said, testing network speeds is problematic. But Bucharest tests much higher than in my relative tests. The Bucharest VPN node is on fast connection but between my location in the Upper Midwest and Romania, there is a particularly bad network hop between routers in Switzerland. This is of course out of VPN.AC’s control.
With any VPN provider, your speed will be dependent upon many factors. Which is why you will want to try and find VPN nodes that work well for your particular circumstances. Having tested VPN.AC’s network extensively over the past six months, it is simply one of the fastest and most reliable that I have used.
VPN.AC provides support via chat, although being 8 hours ahead of my local time, I seldom see chat manned. It has email support utilizing a PGP key, which I was impressed by, and of course, I had to see if they really use it. All email correspondence I have sent encrypted to them has been received and replied to encrypted to my PGP key! This is a feature that I have not seen in any other VPN provider and again shows how serious VPN.AC is about privacy and security.
It also provides support via Skype and Jabber. The suggested method of support is to use its in-house ticketing system. Many VPN providers outsource their support ticketing and chat lines, which could be a security issue. I have found the ticketing system and encrypted email to work very well for me and have never gone more than 24 hours without a response. Often, they respond within a few hours. There are also many FAQs and tutorials on their website.
VPN.AC offers various subscription packages based on subscription term. It also operates with a 7-day moneyback guarantee. I find it refreshing that it does not charge for “extras”. Some providers have complicated pricing structures, whereas at VPN.AC, all features are under one simple price with discounts for longer billing cycles.
VPN.AC is the VPN service I use on a daily basis for my own needs. My only real concern is if everyone reading this review signs up with the service and they are not able to scale properly. But given their expertise, I am confident they will be able to handle it. Pricing is very reasonable with a refreshing flat pricing structure. It is obvious they are technically talented and ideologically driven. With a 7-day moneyback guarantee, what do you have to lose by giving them a try?