VPN.AC is high-security VPN provider that continues to fly under the radar (just the way they like it). Based in Romania, their tech team has built a VPN network that prioritizes privacy and security instead of flashy features you’ll never use.
With cutting-edge crypto like encrypted DNS lookups, XOR VPN obfuscation (stealth mode), and adjustable encryption strength that even exceeds government standards. They also created ‘secureproxy’ a free encrypted proxy extension for your favorite web browser that gives you easy encrypted web browsing, even when you’re not connected to the VPN.
Excited yet? I am.
Website: www.vpn.ac
Company: VPN.ac (based in Romania)
Server Locations: 50+ servers in 18+ countries
Protocols: OpenVPN (best), PPTP, L2TP/IPSec
VPN.ac App for: Windows, Mac, Android, iPhone, Chrome, Firefox
Regular Price: $9/month
Current Best Price: $4.80/month (claim this offer)
Coming soon…
Review Sections:
- Overview
- VPN Software and Features
- Mobile Apps
- Security and Encryption
- Privacy and Logging Policy
- Pricing
- Conclusion
VPN.ac Overview
Based in Romania, VPN.ac was founded by a team of network security experts, who appear to take their business quite seriously. Their service provides better-than-industry-standard encryption, as well as several features you won’t find anywhere else.
They are a net-neutral company, meaning p2p/torrents, streaming, geo-unblocking are all permitted on their network. They take privacy seriously, and VPN.ac does not log any VPN activity. They do keep temporary connection logs for 1 day, for network optimization and to prevent network abuse.
Here’s a quick overview of their strengths and weaknesses:
Strengths
- Security – VPN.ac offers OpenVPN, PPTP, and L2TP VPN protocols in encryption strengths up to 256-bit AES. They’re also one of the few providers to offer rarer encryption algorithms like ECC (Elliptic Curve Encryption) which is considered the encryption technology of the future as computers get faster.
- Privacy – VPN.ac hosts their own private DNS servers (used to look up web addresses) which keeps your ISP (or government) from snooping on your web browsing history. They even encrypt DNS requests, and mix them with millions of fake requests for added privacy. Their VPN software has built-in DNS leak protection.
- Innovation/Features – VPN.ac has a unique feature set, including: Stealth VPN protocols (bypass firewalls), Smart P2P routing, their SecureProxy extension, and zero-log DNS servers with obfuscation technology.
Weaknesses
- # of Server Locations – VPN.ac has focused on quality over quantity when it comes to servers, but don’t expect 80+ countries like IPVanish offers. Currently VPN.ac has 34 server locations in 18 countries. Fortunately, It’s all the countries you’d want (USA, UK, Switzerland, Netherlands, etc…)
Website & Pricing
VPN.ac’s website is easy to navigate and well organized. They’ve got links to their desktop and mobile VPN apps, pricing, and step-by-step tutorials.
The website
I love it when VPN providers offer their own easy-to-follow tutorials, and VPN. ac is no exception. Their ‘Tutorials’ page has download links to their Windows, Mac, and Android software as well as step-by-step manual setup guides for all platforms, including VPN-capable routers.
Pricing
VPN.ac keeps it simple. There are no complicated VPN packages with different options. Every plan has the exact same features, unlimited bandwidth, and encryption strength. The only difference is the subscription length. The longer the subscription, the cheaper the price.
The month-to-month price starts at $9/month while the annual (1 year) package is only $4.83/month, a savings of nearly 50%. Most users will probably be better off choosing the 1 year package, as you can always take advantage of the refund policy if you aren’t happy.
Payment Options
VPN.ac accepts most major forms of payment including credit cards, and Paypal. You can also pay anonymously using Bitcoin, or even unused giftcard balances from major retailers (like Walmart, Bestbuy, etc.)
Refund Policy
VPN.ac has a 7-day unconditional refund policy if you’re unhappy with their service for any reason. They only ask that you contact them first to see if they can help fix any issues you’re experiencing.
Software
VPN.AC has their own custom VPN client software for Windows, Mac, and Linux systems. They also have a mobile VPN client for Android (with an iOS app currently in development).
We tested the Windows app for this review, but the feature set for the Mac client should be virtually identical.
We’ll do a complete walk-through of the software and it’s capabilities.
Main software screen
The main software interface gives you quick access to the full range of server locations, encryption algorithms, and your choice of Port. Don’t worry if the options seem overwhelming, VPN.ac built a ‘Which protocol/port’ guide right into the software.
The software not only gives you access to the OpenVPN protocol (best option for most users) you also can choose PPTP, or L2TP/IPsec. VPN.ac also has an XOR obfuscated ‘stealth’ mode for slipping through pesky vpn-blocking firewalls. We’ll go into the available options more in depth in the ‘Security’ section of this review.
You’ll also notice the two buttons at the bottom of the main software view:
- Connect
- Restore gateway
The ‘Connect’ button is self explanatory, but we were extremely excited to see the ‘Restore Gateway’ which saves you time and hassle when using the ‘kill-switch’ feature. We’ll go into greater depth in the settings section under ‘kill-switch’.
Advanced Software Settings
The ‘Advanced’ settings tab gives users access more advanced features such as:
- Kill-Switch (gateway) functionality
- DNS Leak protection
- IPv6 Leak protection
- Auto-connect options
- And access to unique China-only server lists
Here are some of the most important settings you should know:
Gateway removal (Kill-Switch) [fig. 1]
This is a security feature that prevents your true IP from leaking if the VPN happens to disconnect unexpectedly. Normally, your computer would just reconnect through your normal internet connection (leaking your IP to whatever web server or p2p peers you’re connected to).
The kill-switch prevents this by constantly monitoring for a change in your network adapter status and instantly shutting down your internet access if a change is detected.
This is where the Restore Gateway feature comes in.
Ordinarily, to restore internet access after a kill-switch event, you have to manually reset your DCHP settings using either windows’s ‘Network Troubleshooter’ or by reconnecting to VPN server. This process can be a bit of a pain, and some users don’t even realize it’s required, leading to ‘The kill-switch broke my internet’ threads on forums.
Thankfully, all you have to do with VPN.ac is click ‘Restore Gateway’ and the software will perform the manual reset for you. It’s a welcome feature and I can’t believe that VPN.ac is the first company to think of it.
IPv6 Leak Protection [Fig. 2]
Ever since IPv6 was deployed in 2008, devices can now have 2 IP addresses. Devices have an IPv4 address (which is the IP format you’re already familiar with: 192.168.20.10) but they may also be assigned an IPv6 address by your operating system.
There are known ‘attacks’ that can trick your device into exposing it’s IPv6 address, thus compromising your anonymity.
By choosing to ‘Block IPv6’ you can prevent these IPv6 leaks. If you’ve already disabled IPv6 on your operating system, or your router, then this step isn’t necessary.
Disable DNS on NIC [Fig. 3]
This option allows you to override whatever DNS servers you have specified on your computer’s internet settings. NIC stands for ‘Network Interface Card’ and usually refers to your wifi chip.
This option is only necessary if you having DNS leak problems. In our testing, we had zero DNS leaks, and VPN.ac was even able to override my Antivirus’s DNS servers.
Learn more about DNS leaks here, or test your VPN connection for DNS leaks.
VPN.AC Mobile VPN Application
Currently VPN.ac has a proprietary VPN app available for Android devices (running 4.0 and higher). Their iOS app is currently in development.
Android App
VPN.ac’s Android client is completely free (requires an active subscription), and has a 4+ star rating in the google play store.
The app uses the OpenVPN protocol, and gives users 1-click access to every server location. You even get to choose TCP vs. UDP protocols and can adjust your encryption strength by using selecting different port numbers when connecting.
Features
- OpenVPN Encryption: Choose from UDP or TCP protocol, and AES-128 or AES-256 encryption (depending on which port # you choose)
- Split Tunneling: Choose to route specific apps outside the VPN tunnel (optional)
- All server locations: The app lets you choose from all available server locations in 20+ countries.
Screenshots
Performance
The Android client performed quite well in testing. It is stable (no unexpected disconnects) and the speeds were quite good. I had no trouble watching a youtube video in 1080p resolution (no re-buffering).
The only feature missing is a kill-switch, but hopefully that will be included in a future update.
Security & Encryption
Most VPNs services meet the industry standards for strong encryption, but VPN.ac goes well beyond ‘standard’ with security measures that should be future-proof for years (if not decades).
VPN.ac offers 128-bit AES encryption, 256-bit AES encryption, 128-bit Blowfish or full ECC (Elliptic Curve) encryption.
The strongest possible settings are:
- 256-bit AES tunnel – Industry standard is 128-bit AES. Any stronger than 256 and speeds would be much slower
- 4096-bit Handshake – 22048 times stronger than industry standard
- SHA-512 Authentication – Prevents man-in-the-middle attacks. Most VPNs only use SHA-128 or 256. Some still use SHA-1 which is no longer secure.
Read our VPN Encryption tutorial to better understand these terms, and how they affect your security.
Encryption Ciphers & Protocols
VPN.ac has multiple algorithms available, and you can even choose to use L2TP/IPsec, or PPTP protocols in addition to OpenVPN. You can choose anyone of the following protocols when using the Windows or Mac VPN software.
PPTP
This is an old encryption protocol, and while fast it is not very secure and almost certainly compromised by the NSA. It should be used only if security isn’t important, and all you care about is speed (streaming Netflix or Youtube is a good example).
In reality, it won’t be much faster than 128-bit AES and should only be used if OpenVPN isn’t an option on your device.
L2TP/IPSec
Medium security and fast speeds, but it doesn’t use Perfect Forward Secrecy, and connections tend to be less stable than OpenVPN. This is the best option if your mobile phone doesn’t support OpenVPN (if you’re running an older iOS or Android version).
OpenVPN ECC + 128-bit AES
This is the recommended mode for most users. It uses Elliptic curve encryption for the handshake (the first phase of a VPN session), and then uses 128-bit AES for the VPN tunnel. AES-128 still has no major weaknesses and is considered secure against targeted brute-force attacks.
OpenVPN 128-bit (Blowfish)
This mode uses Bruce Schneier’s own Blowfish encryption algorithm, which was also a finalist in the competition won by Rjindael to become the AES standard.
It is an alternative to AES-128. They are similar in strength, but AES-128 is slightly faster. The main reason to choose Blowfish is if you tend to mistrust algorithms that have been chosen by NIST (since there’s evidence past choices may have been influence by the NSA).
OpenVPN 256-bit (AES)
This is the strongest encryption mode. If you are extremely security-conscious, this mode is worth considering, but will almost always be slower than using 128-bit AES. On the flip side, it takes 2128 times as long to crack AES-256 vs AES-128 (Assuming you try keys at random) so the security leap is substantial.
OpenVPN XOR (Stealth Mode)
The XOR protocol is VPNac’s version of ‘Stealth Mode.’
This protocol is designed to make it more difficult for a VPN-blocking firewall to recognize your traffic as OpenVPN.
Ideally you should run the XOR protocol on TCP port 443, which will make it appear to be standard HTTPs web traffic, and very difficult to block.
IP Leak Protection
VPN.ac has triple IP-leak protection built into their desktop software, protecting against:
- Disconnect Leaks (kill-switch/gateway)
- IPv6 Leaks (Disable IPv6 options)
- DNS Leaks (Built-in)
Encrypted DNS on private, self-hosted servers
VPN.ac goes beyond most other VPNs when it comes to DNS leak protection. Most VPNs only worry about preventing DNS queries from being routed to your ISP/broadband provider’s DNS servers, and instead route your queries to a 3rd-party DNS service like FreeDNS or GoogleDNS.
VPN.ac takes a different approach. They host their own private DNS servers, with some truly impressive security features:
- Their DNS servers keep no logs or records of your DNS requests
- All DNS requests are encrypted with 128-bit AES encryption (rare)
- They mix all DNS requests with millions of random DNS queries (needle in a haystack)
I have yet to find another VPN that matches this level of DNS privacy.
DNS Leak Test Results
No DNS Leaks Found.
We tested VPN.ac for DNS leaks using DNSLeaktest.com. We found no leaks whatsoever, even without enabling the ‘Disable NIC DNS’ option in the software.
Both servers found in the extended testing are private DNS servers belonging to VPN.ac’s own network.
Privacy & Logging Policy
It’s clear from their website that VPN.ac is serious about privacy. They’re one of the few providers that doesn’t install any sort of 3rd-party tracking software on their website (Google Analytics, Facebook, advertising networks, etc). This means your IP address isn’t ending up in somebody else’s database.
Below are the privacy features they highlight on their site:
Shared IP addresses
Shared IP addresses are an important privacy feature, and is offered by most VPNs we recommend. What it means is many VPN users on their network all share the same IP address. The benefit of this is simple:
One IP address cannot be used to identify a specific account or subscriber
We wrote an entire article about the pros and cons of shared vs. dedicated IP addresses.
Logging Policy
VPN.ac has a very privacy-friendly logging policy. They keep records for 1 day, after which they are destroyed. They also take additional precaution (like no logs stored on VPN servers) to prevent this data from every falling into someone else’s hands.
There are two types of logs a VPN provider may keep:
- Activity Logs: Records of sites you visit or files you download
- Connection Logs: Metadata like connection duration, bandwidth used, IP address
Activity Logs
VPN.ac does not monitor your activity or keep activity logs of any kind.
Connection Logs
VPN.ac keeps connection logs for 1 day (24 hours). As stated in their privacy policy, they transfer connection logs to an encrypted server in a secure location (logs are not stored in server RAM or hard-drives).
These connection logs are intended to be used only for trouble-shooting purposes, or to diagnose network issues.
Below is an excerpt directly from their privacy policy, laying out their logging policy:
We consider 1-day logs to be quite reasonable, and when used in combination with shared IP addresses, it should be theoretically impossible to identify a specific user based soley on their VPN-assigned IP address. This is the next-best-thing to a true ‘Zero-Log’ VPN provider.
VPN.ac Speed Test Results
We performed these speedtests using a wired 100mbps up/down connection on a windows machine with VPN.ac’s windows desktop client. We chose OpenVPN ECC (128-bit) UDP as the encryption mode (recommended by VPN.ac as the fastest OpenVPN mode).
USA/Canada servers
Europe/Worldwide
Speedtest analysis:
VPN.ac performed incredibly well in our speedtests. We were able to hit 90+ Mbps download speeds on domestic servers and 40-50 on European servers.
Even our speeds in Australia (just under 9mbps) were still fast enough to stream HD video in 1080p resolution.
Upstream bandwidth was excellent, and was frequently even higher than downstream (many VPNs limit upstream bandwidth to save on server costs).
We were especially impressed with speeds on the P2P-optimized servers which tend to be used by high-bandwidth-using filesharing and bittorrent users. Clearly VPN.ac has bandwidth to spare as these servers were still plenty fast (hitting 90mbps in Canada).
Filesharing/Torrent/P2P Policy
VPN.ac is extremely torrent-friendly, and they specifically allow torrenting/file-sharing on their website.
VPN.ac doesn’t block torrents on any server location, however they have created p2p-optimized servers in torrent-friendly locations that are designed to give users the best possible torrent speeds. Torrent download speeds will often be faster on these servers than non-p2p ones, even if they aren’t the closest location to you.
Conclusion & Verdict
Overall I was very impressed with VPN.ac’s service, especially when it came to their focus on security, privacy, and speed.
There were legitimately no weak spots or glaring security flaws in their service, and we found our VPN connections to be fast, stable, and quick to connect (especially when using OpenVPN ECC mode).
If you’re a heavy iOS user, it’s worth remembering that VPN.ac doesn’t have a dedicated iOS app yet (one is currently under development), but you can still use VPN.ac on your iPhone either via the OpenVPN connect app, or a manual L2TP/IPsec or PPTP connection.
I would highly recommend VPN.ac for almost user or VPN purpose, including:
- General Security / Privacy / Encryption
- Streaming / Unblocking sites
- Torrents / Filesharing / P2P
I tried a trial version of this VPN service and tried every possible option this service has, including the XOR “stealth” mode over TCP 443. And yet, at the school I substitute teach at, I was still unable to bypass their firewall to get full internet access. I even tried the China settings and that failed as well. I’ve tried every OpenVPN option available through the service I currently have (PIA) as well as every L2TP over IPSec option and NOTHING has been able to bypass it. I’ve used every port on TCP and UDP as well as local port 53. I’ve tried Google DNS, PIA’s DNS, VPN.ac’s DNS, flushed my DNS cache, spoofed my MAC address, and done just about everything else imaginable to try and bypass their firewall. It is beyond me that it is possible for a school to have such incredible technology as to stop this. Does anyone have any suggestions at all as to how to bypass this? I just cannot believe the school has the technological power to do this. I mean, VPN.ac can bypass CHINA’S FIREWALL! How can a school be more advanced than an entire nation?
Wow that is astounding. Tech support from VPN.ac is very good (much better than most VPNs). Did they have any feedback regarding what could be causing this?
Really good review
But the multi hop feature isnt metioned
But this gives you an really good extra layer of security/anonymity
Regards