VPN.AC

VPN.AC Review

Overall Rating

VPN.AC is owned by Netsec Interactive Solutions – a computer security company founded in Bucharest, Romania in 2009. Netsec Interactive solutions is a company whose employees are experts in computer security and cryptography. It is the only VPN provider, I am aware of, who is both ISO 27001 and ISO 9001 certified.

VPN.AC is on the smaller side of VPN corporations, but I believe it is in the Goldilocks Zone of VPN providers. With servers strategically located across 16 countries, it provides plenty of nodes, but is small enough that you communicate directly with the engineers who deploy and maintain its network.

In this VPN.AC review, I offer a detailed analysis of the service, covering its network, privacy policy, encryption, software and platforms, support and pricing.


Quick Links


Server network

VPN.AC Server Map
VPN.AC Server Map as of December, 2015

VPN.AC currently has 58 servers located in 16 countries strategically placed around the world:

It offers virtually unlimited traffic, capping at 2 TBs per month. However, it is highly unlikely any legitimate user would ever pass that limit. The traffic is capped to stop abuse, so that the provider is able to run a quality service to all clients. It allows 6 simultaneous logins, and unlimited server switches.

VPN.AC also runs its own private DNS servers to prevent DNS leaks. Its resolvers do not log user activity and mask users’ DNS queries by generating millions of queries of its own per day.

VPN.AC Node Status
Node status updated every 15 minutes

Node (server) status can be checked on its website. The page displays a rolling 15 minute average. As so many of its servers have such low usage I have found it fun to connect and pound the network to see if I can raise the usage reported.

I should also mention for users in China that you will need to use a mirror site. It would appear that someone is trying to keep the Chinese market from using VPN.AC.

VPN.AC announcement of Chinese DNS hijacking
VPN.AC announcement of Chinese DNS hijacking

Visit Provider


Privacy Policy

A great bonus of being a Romanian corporation is that the Romanian Constitutional Court has rejected the EU’s sweeping data retention program. This means that under Romanian law, VPN.AC is not required to track you like companies in many other countries are.

VPN.AC does not log its users’ web traffic and keeps basic connection logs (e.g. IP address, bandwidth, time of connection to server) for one day. According to the provider, the temporary connection logs are used strictly to improve the service. Moreover, they are stored in an undisclosed location, not on actual VPN servers used by its customers.

It uses “shared IPs” which helps mask any single user’s activity. As another example of how seriously it takes security, the company states on its website;

Who has root/admin access on your servers?

We are very strict on this matter. Only two technicians have access to our infrastructure, and both are security-minded professionals who know what they are doing. Needless to say, they would never share – not even temporarily in case of unforeseen emergency – authentication credentials with anyone else.

This is another example of how open VPN.AC is about its service and how serious it is about privacy and security.

Encryption

VPN.AC supports OpenVPN, L2TP/IPsec, and PPTP. Its OpenVPN support is some of the best I have seen. Utilizing up to AES 256-bit encryption with Elliptic Curve and/or 4096-bit RSA authentication, SHA512 HMAC and PFS.

The curve secp256k1 is used within the Bitcoin protocol and that serves as a good reason to trust it over the curves supported by NIST and NSA. ECC is being used during the OpenVPN tunnel authentication and key exchange, which is the most important part of VPN communication. For data-channel encryption we are using AES 128-bit, to benefit from the modern Intel CPUs providing hardware acceleration for AES encryption. ECC is also supported on Android devices (with the app OpenVPN for Android) and 128-bit AES is using less processing power, resulting in better battery-life than using AES-256.

ECDHE (Elliptic Curve Diffie–Hellman with Forward Secrecy) is now being used instead of regular DHE.

VPN.AC simply has some of the best encryption available to the consumer today.

Software

VPN.AC supports all major platforms via its own custom software and popular open source clients as well as built-in operating system support. Its custom client has a remarkable continuity in look and feel across platforms:

Windows

The Microsoft Windows client supports all versions of Windows and all available VPN protocols. VPN.AC also supports the Viscosity client and the open source OpenVPN GUI and provides tutorials on configuring these clients.

VPN.AC Windows Client Configuration
Windows Client Configuration

Its Windows client works refreshingly well. It doesn’t have a Windows installer, instead coming in either a self extracting binary or a zip archive. Installation is relatively straight forward: you simply extract the files to a destination of your choice and then run the executable from there. If your system doesn’t already have the TAP drivers installed, the client will install them when you run it for the first time.

The client doesn’t have a ton of advanced options, but all the important ones are there. As you might have noticed on the image above, one of the protocol choices is PPTP (insecure). VPN.AC is one of the few providers I have seen that openly states that PPTP is an insecure protocol.

Mac OS X

VPN.AC offers a custom Mac OS X client. It also supports the open source Tunnelblick client and has a tutorial on its setup.

VPN.AC Mac OS X Client Configuration
Mac OS X client Configuration

Its Mac client is very similar to the Windows client and just as easy to use. As the application is not signed by Apple, you will get a warning when installing it. I have seen a number of tutorials stating that you need to change your system preferences to allow the installation of untrusted apps. At least in my version of OS X, I didn’t need to do this. All I had to do was use the Finder to locate the download and then right-click (ctrl-click on a one button mouse) on it and select Open. I prefer this method as opposed to changing my system to always accept unsigned apps.

Once you have installed the app, you will probably want to drag & drop it to The Dock to make it easier to find.

If you prefer to use Tunnelblick, VPN.AC provides OpenVPN config files for their network. Although I haven’t tried it, I see no reason why Viscosity wouldn’t work just as readily.

Android

VPN.AC also offers an Android app for OpenVPN that can be found on their website or in the Play Store.

VPN.AC Android Client Status
Android client Status

Again, the client isn’t anything fancy, but it just works. There are also tutorials for setting up OpenVPN for Android, OpenVPN Connect, and the built-in L2TP/IPsec and PPTP protocols. You get a nice key displayed in your status bar when connected to the VPN, and if you expand the status bar you get some nice stats like connect time and data transfer rates.

Linux

Linux is the platform that I use most of the time and VPN.AC’s support for Linux is excellent. I pretty much only use the OpenVPN protocol with it as I see no need to use anything else. VPN.AC doesn’t offer a custom client for Linux, probably because there is no need to. It does provide a tar file with OpenVPN configuration files for all servers and ciphers. It also provides a very simple shell script and a tutorial to help you set your DNS resolver to its private DNS servers to prevent DNS leaks.

I use the open source OpenVPN command line client most of the time. I find this works very well for me, and I like to monitor the client’s output, as seen in the following image;

OpenVPN Linux Command Line
OpenVPN client via command line

For users that do not care to use the command line, VPN.AC has tutorials for using the Network Manager for both OpenVPN and PPTP. I have used these methods with no issues to report. Network Manager is a great option for Linux users who do not want to use the command line.

Routers

For those of us who would prefer to protect our entire LAN, VPN.AC provides a number of tutorials on setting up a VPN on your router, including for DD-WRT, TomatoUSB, and pfSense flashed devices. I am running AdvancedTomato, a fork of TomatoUSB on my router.

Advanced Tomato OpenVPN Client
AdvancedTomato OpenVPN client

SecureProxy Browser Extension

SecureProxy is a tantalizing custom VPN.AC extension for Chrome and Firefox on Windows, Mac OS X and Linux. It uses TLS for encrypting traffic, it is stealthier against DPI and allows you to tunnel just your browser traffic. But what is probably most interesting is that the proxy is automatically optimized for streaming traffic and geo-unblocking. Which is to say that if you want to watch a regionally restricted streaming services such as BBC iPlayer from the U.S. or US Netflix from the U.K., this just works in the extension regardless of what proxy server you are connected to.

VPN.AC Proxy iPlayer
VPN.AC SecureProxy viewing BBC iPlayer from Romanian proxy server on Chromium/Linux

While you don’t get the same encryption level that you will with OpenVPN, traffic is still encrypted and processing overhead is low. In many of my tests, closely approaching that of my ISP. In my discussions with the engineers at VPN.AC, they have informed me that they are using TLS with AES-128 for the encrypted tunnel and RSA-4096 for authentication. They also plan to move to ECC once it is supported in some back-end open source software they are using.


Visit Provider


Speed

Testing the performance of a worldwide VPN service is problematic and time consuming. However, some metric is needed. There are many factors, such as your ISP performance, network distance to the VPN node, and total distance to the final test server. Not to mention your platform, protocol, and encryption strength, your test platform, and of course the phase of the moon. :)

The following table are the results of tests from my workstation to various VPN.AC nodes around the world. The first result is without any VPN, which is the best I can achieve, and other results should be compared relative to the best I can achieve. Notice the ping times, or network latencies. As expected the VPN nodes “closest” to me, achieve the best results. Some coming surprisingly close to my raw ISP speeds. The last three tests were performed using a stronger encryption strength for comparison. The performance hit wasn’t as bad as I expected, about 5%-7% going from AES-128-CBC to AES-256-CBC.

Relative Network Speed Tests
Protocol Encryption VPN Server Platform Ping Download Upload
None None None Linux 23 ms 73.40 Mbps 7.37 Mbps
OpenVPN UDP AES-128-CBC Chicago Linux 69 ms 66.53 Mbps 6.83 Mbps
OpenVPN UDP AES-128-CBC Bucharest Linux 320 ms 24.05 Mbps 5.68 Mbps
OpenVPN UDP AES-128-CBC London Linux 265 ms 25.12 Mbps 6.47 Mbps
OpenVPN UDP
AES-128-CBC Montreal Linux 154 ms 55.36 Mbps 6.9 Mbps
OpenVPN UDP AES-128-CBC San Jose Linux 243 ms 19.74 Mbps 6.54 Mbps
OpenVPN UDP AES-128-CBC NYC Linux 160 ms 23.86 Mbps 6.79 Mbps
OpenVPN UDP AES-256-CBC Chicago Linux 71 ms 62.27 Mbps 6.71 Mbps
OpenVPN UDP AES-256-CBC Bucharest Linux 315 ms 22.92 Mbps 5.49 Mbps
OpenVPN UDP AES-256-CBC London Linux 266 ms 23.80 Mbps 5.59 Mbps

Another method of testing the VPN nodes, is to use a test server close to the VPN server. This is a reasonable way to test how fast that particular node’s connection to the backbone is.

VPN Node Speed Tests
Protocol Encryption VPN Server Platform Ping Download Upload
OpenVPN UDP AES-128-CBC Chicago Linux 36 ms 88.94 Mbps 6.88 Mbps
OpenVPN UDP AES-128-CBC Bucharest Linux 161 ms 65.78 Mbps 6.66 Mbps
OpenVPN UDP AES-128-CBC London Linux 148 ms 26.02 Mbps 5.62 Mbps
OpenVPN UDP
AES-128-CBC Montreal Linux 110 ms 33.5 Mbps 6.25 Mbps
OpenVPN UDP AES-128-CBC San Jose Linux 147 ms 65.93 Mbps 6.95 Mbps
OpenVPN UDP AES-128-CBC NYC Linux 160 ms 49.0 Mbps 7.02 Mbps

If you notice in the above results the Chicago node tests out faster than my raw ISP speed! Interestingly, Montreal comes in at about half the speed in my relative tests. This is probably due to the end test server and not the VPN node. As I said, testing network speeds is problematic. But Bucharest tests much higher than in my relative tests. The Bucharest VPN node is on fast connection but between my location in the Upper Midwest and Romania, there is a particularly bad network hop between routers in Switzerland. This is of course out of VPN.AC’s control.

With any VPN provider, your speed will be dependent upon many factors. Which is why you will want to try and find VPN nodes that work well for your particular circumstances. Having tested VPN.AC’s network extensively over the past six months, it is simply one of the fastest and most reliable that I have used.

Support

VPN.AC provides support via chat, although being 8 hours ahead of my local time, I seldom see chat manned. It has email support utilizing a PGP key, which I was impressed by, and of course, I had to see if they really use it. All email correspondence I have sent encrypted to them has been received and replied to encrypted to my PGP key! This is a feature that I have not seen in any other VPN provider and again shows how serious VPN.AC is about privacy and security.

It also provides support via Skype and Jabber. The suggested method of support is to use its in-house ticketing system. Many VPN providers outsource their support ticketing and chat lines, which could be a security issue. I have found the ticketing system and encrypted email to work very well for me and have never gone more than 24 hours without a response. Often, they respond within a few hours. There are also many FAQs and tutorials on their website.

VPN.AC Client Area
VPN.AC client area

Price

VPN.AC offers various subscription packages based on subscription term. It also operates with a 7-day moneyback guarantee. I find it refreshing that it does not charge for “extras”. Some providers have complicated pricing structures, whereas at VPN.AC, all features are under one simple price with discounts for longer billing cycles.

VPN.AC Pricing

Payment Options

VPN.AC accepts a variety of payment methods including Bitcoin, Paypal, credit/debit cards, Ukash, and Cashu.

Conclusion

VPN.AC is the VPN service I use on a daily basis for my own needs. My only real concern is if everyone reading this review signs up with the service and they are not able to scale properly. But given their expertise, I am confident they will be able to handle it. Pricing is very reasonable with a refreshing flat pricing structure. It is obvious they are technically talented and ideologically driven. With a 7-day moneyback guarantee, what do you have to lose by giving them a try?


Visit Provider


Like this article? Spread the word!
Tweet about this on TwitterShare on Facebook4Share on Reddit0Share on Google+4Share on LinkedIn0Share on VK

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

13 thoughts on “VPN.AC Review

    • Hi Ilham,

      Yes, this service is compatible with online gaming. You can use your VPN.AC account settings to set up a VPN connection via your console or, if you play on your computer, simply connect via the VPN.AC desktop application (available for either Windows or Mac OS X).

      For comparison, also see this guide to recommended VPN services for online gaming: https://www.bestvpnz.com/best-vpn-for-online-gaming/

  1. As you all might know by now, access to VPN websites is blocked here in China, where I spend most of my time now. So here I am wanting to get a VPN, but I am stuck. Is there a way of receiving an email from the people at VPN.AC with possibly a link, that doesn’t contain the three letters “vpn”, so it won’t be blocked and I can purchase and install your software?
    And please, I am a nerd when it comes to stuff like that, so I need clear instructions for my MacBook running on the latest OS X El Capitan Version 10.11.3

    • Hi Chris,

      Have you tried using the “China Mirror” link that is at the top of this article? Give it a go and drop us a line if that works/does not work for you.

      • Thanks a lot for that tip. I actually tried that before I left the above message and I couldn’t get in, but now it worked :)

  2. Can’t say much , just started using it but AMAZING simply AMAZING!

    • Hi Alex,

      We’re very glad that you like our service. Should you face any problems or have questions, please get in touch with us. We’re always glad to help.

  3. They use ECC and XOR to bypass the China Firewall. They also have 256bit
    Great service

  4. Awesome service. I tried 10 other VPN services before settling with VPN.AC. Small company dedicated to true security. Great speeds, encrypted dns and when you need support you speak directly to one of the engineers. With current coupon code I paid $40.60 for a year of service! Currently running on my DD-WRT router like a champ.

  5. Glad that I went with a smaller provider. Performance is well above my expectation and the servers are clearly not overloaded with tons of users. Everything is downloading without a hitch. Was looking for a while but I found my favorite VPN service!

Leave a Comment