VPN services

IPVanish is the best value for your money and is highly recommended - Premium VPN Service providers recommended

- IPVanish 5/5 - IPVanish review
- Hidemyass 5/5 - Hidemyass review
- Private Internet Access 5/5 - PIA review
- PureVPN 5/5 - PureVPN review
- OverPlay 4/5
- Perfect-Privacy 4/5
- IAPS 4/5
- AirVPN 4/5 -
AirVPN review
- LiquidVPN 4/5
- NordVPN 4/5 -
NordVPN review
- VPN.AC 3/5 -
VPN.AC review
- IbVPN 3/5 -
IbVPN review
- AceVPN 3/5 -
AceVPN review
- Mullvad 3/5 - Mullvad review
- Proxy.SH 3/5
- ExpressVPN 3/5 - ExpressVPN review
- CactusVPN 2/5 - CactusVPN review
- SecurityKiss 2/5 - SecurityKiss review
- Astrill 2/5 -
Astrill review
- SlickVPN 2/5 - SlickVPN review
- StrongVPN 2/5
- HideIpVPN 2/5
- VPNTunnel 1/5
- BoxPN 1/5 - BoxPN review
- TuVPN 1/5 -
TuVPN review
- VikingVPN 1/5

Best Encrypted VPN

Best Encrypted VPN

VPN uses encryption to provide data confidentiality. The length of the encryption key is an important security parameter.

- Private Internet Access PIA lets you decide on how you want your VPN traffic to be encrypted. AES-128 or AES-256 or Blowfish
- HideMyAss HMA! offers the standard BF-CBC (Blowfish) with a 128 bit key
- VPN.AC Up to AES 256-bit encryption with Elliptic Curve and/or 4096-bit RSA authentication

Best Logless VPN

Best Logless VPN

No Logs VPN Provider. A VPN can protect your privacy then it is important that it keeps no logs of your activities

- IPVanish No Logs. New feature since April 2014
- Private Internet Access One of PIA’s biggest selling points is that it does not log anything
- NordVPN NordVPN doesn't save or keep logs

Anonymity and Privacy

The Best Anonymous VPN

A VPN doesn't make you anonymous, but does greatly increase your privacy. Using a VPN is key to being anonymous (from a technical point of view) but don't forget the other aspects like the payment as well as precautions with email addresses and personal data when registering.

- Private Internet Access accepts Bitcoin, no logs, shared IP addresses
- IPVanish no logs, shared IP addresses
- LiquidVPN accepts Bitcoin, no logs, shared IP addresses, offers a Modulating IP Addresses and Warrant Canary

Best VPN For Avoiding Censorship

Best VPN For Avoiding Censorship

Depending on where you live in the world, you might be currently experiencing Internet censorship restrictions for political reasons or otherwise. A VPN is essential for bypass censorship restrictions and have unfiltered access to the Internet

- IPVanish Get around internet censorship blocks, completely bypassing firewalls in countries like China, by simply connecting to the IPVanish's servers
- Private Internet Access To bypass censorship PIA is a top quality solution because it uses a high encryption level and can avoid firewalls using its option "Local Port"
- PureVPN If there is a firewall that operates with deep-packet inspection, the firewall will not be able to monitor the transport packets from the SSTP VPN tunnel thanks to the fact that SSTP uses the HTTPS protocol

Best VPN for Bypassing Chinese Firewall

The Best VPN For China

China is one of the World’s heavily censored countries. The Great Firewall of China blocks Google+, Facebook, Youtube and Twitter. People in China have to use a VPN but only those that offer SSTP or OpenVPN (TCP will work well)

- PureVPN is one of the rare VPNs to offer a special installation format for China.
- VPN.AC VPN.AC can circumvent county blocks like the great wall of China. VPN.AC has Xor obfuscation for openvpn and can use TCP port 443 to mask that it looks like regular SSL traffic
- AceVPN's Stealth VPN works in countries like China

Best VPN by numbers of countries

Best VPN server locations

VPN with Most IP VPN Addresses. This will be important as the IP that will replace yours is of the server's public IP addresses

- HideMyAss 128 countries along with multiple servers providing a whopping 96,000+ IPs
- PureVPN 450 + Servers in 87 countries
- IPVanish 14,000+ IPs addresses with over 140 servers in 61 countries

Fastest VPN Service

Top 10 Fastest VPNs 2015

The fastest personal VPN service for maximum freedom of uninhibited and unrestricted Internet surfing. If you are streaming videos or download large files, the Download Speed will be important to you.

- IPVanish the fastest VPN service in America and Europe. They operate as a Tier-1 provider. Tier-1 means they own the network infrastructure, not having to deal with third party companies under contract.
- HideMyAss The speed is excellent. The software includes a "Speed Guide" feature to find the fastest servers near you.
- PureVPN PureVPN offers a Speed Test tool that allows you to quickly find the best server for your given application.

Unblock Access to Websites

Unblock Any Websites From Anywhere

2 Ways to Unblock websites: VPN services (Bypass geo blocking but also protects your online identity and data because your Internet traffic will be encrypted) or SmartDNS (No speed loss)

- IPVanish IPVanish is great to unblock websites. You can choose between IP’s in 61 countries
- HideMyAss You can use HideMyAss to securely unlock region restricted content from around the world
- OverPlay Overplay offers Smart DNS services as well as VPN services.

Best Smart DNS Services

Best SmartDNS

How To Watch Streaming Video Anywhere in the World - Using a DNS service will allow you to get around the restrictions based on region and Smart DNS allows you to use your internet providers original speed, without many changes in your device. 

- OverPlay OverPlay SmartDNS provides high speed access (typically as fast as your ISP allows) to websites that are restricted from your location, without the need for a VPN tunnel! We are big fans of their SmartDNS technology.
- PureVPN Smart DNS is included on to either VPN plan at no extra charge
- IbVPN IbDNS is included in two of the IbVPN plans (Ultimate VPN and Total VPN)

Best VPN or SmartDNS to Unblock Hulu

Best VPN or SmartDNS For Watching Hulu

How to unblock Hulu - Hulu has decided to block people using a VPN service to watch their TV programs. But it is still possible to watch Hulu US from abroad. Here are few options.

- HideMyAss HideMyAss is one the best VPN available to watch Hulu
- IPVanish IPVanish is the second most popular VPN for Hulu
- IAPS IAPS offers residential IPs, which means they come from local ISPs (Time Warner Cable , Comcast) that will never be blocked by Hulu

Best VPN or SmartDNS to Unblock Netfix

Best VPN or SmartDNS For Watching Netflix

There are two reasons you would want to change your Netflix region. For one, Netflix is a lot better in the US (the most popular Netflix region is the American Netflix region). Another reason is that you might be an expat in the USA or Traveler and you want to watch your American Netflix Library

- HideMyAss HideMyAss is one the best VPN available to watch Netflix
- PureVPN PureVPN is the second most popular VPN for Hulu
- Private Internet Access Only $6.95 a month which is an inexpensive solution (cheap as chips per month if you pay annually)

Best VPN for Torrent and P2P

Best VPN for Torrents and P2P File Sharing

List of Best VPN Services that allow legal P2P/Torrent traffic. Make sure the VPN providers allows P2P traffic, otherwise you can get suspended and you will not get your money refunded.

- HideMyAss Netherlands, Romania, Luxembourg and Swedish servers - Port 1194 - HighID - Secure IP Bind lets you block internet access to any program if not connected to VPN
- Private Internet Access Netherlands, Hong Kong, Romania and Swedish servers - Port Forwading - HighID - The client has a feature called “VPN Kill Switch ” to terminate applications when the VPN connection drops out
- AirVPN Luxembourg, Canada, Sweden, Lithuania, Russia and Hong kong servers - Port Forwading - HighID - The client has a feature called “Network lock ”, based on strict firewalls rules, that prevents IPv4 communications when your system is not connected to an AirVPN server.

Best VPN for File Hosting

Best VPN for one-click hosting sites

One-click file hosting, or some people call them cyberlocker websites, are websites like 1Fichier or Uptobox, that allow anyone to upload and download files for free. But there are some annoyances when downloading files from the one-click file hosting sites as a free user:
1- No simultaneous parallel downloading
2- Download delays.
VPN can be beneficial to bypass Hosting services limits, VPN provides an ideal solution as it can unblock file sharing websites

- LiquidVPN LiquidVPN is the most impressive VPN, thanks to its IP modulating, to download from File hosting sites as a free user
- HideMyAss HideMyAss utilizes Dynamic IPs (independent IP address) + Random IP switching (rotate your IP address at set intervals or manually)
- IPVanish Tier-1 VPN Network (fastest delivery speeds available) + Random IP switching (rotate your IP address at set intervals or manually

Best VPN For Online Games

Best VPNs for gaming

Using a VPN during online gaming (MMO Games) has many advantages:
1- Improve Game Connection (Faster Game Load Time Reduce Lags and Latency)
2- Online gaming can be restricted in different ways: it can be blocked by your network administrator. Sometimes you don’t have access to online gaming or game content due to geographical restrictions. To bypass these restrictions, you can use our VPN for Online Gaming.

- IPVanish operates its own private server, they are able to offer the lowest latency, which, of course, is ideal for gaming.
- WTFAST The WTFast Gamers Private Network (GPN) is a client/server solution that makes online games faster

Best VPN for Wifi Hotspots

Best VPNs for WiFi Hotspots

Using non-secured public Wi-Fi hotspots can leave you vulnerable to identity theft, data theft, snooping, impersonation and malware infection. The most secure way to browse on a public network is to use a virtual private network. A VPN provides a secure and private way to connect to open networks.

- PureVPN PureVPN is excellent with its IKEv2 protocol. If the connection is temporarily lost, or if a user moves from one network to another, IKEv2 will automatically restore the VPN connection after the network connection is reestablished.
- IPVanish IPVanish assures users that their internet use will be secure while using insecure connections such as Wifi Hotspots or hotel internet services
- IbVPN IbVPN is a decent option to connect to unsecured public WiFi networks which are becoming increasingly risky

Best VPN For Travel Abroad

Best VPNs for Travelling

You have to use VPN during your traveling. Why should you use VPN for travel abroad? there are two main benefits:
1- Use public or hotel Wi-Fi safely
2- Have unfettered access to the geo-restricted sites of your choice

- PureVPN PureVPN is the best VPN for frequent travellers
- IPVanish IPVanish is also a good choice of VPN for travelling often.
- IAPS IAPS VPN provides residential servers for business use (frequent travellers)

Best Dedicated IP

Best Dedicated IP VPN

On subscribing to a dedicated IP VPN, you are given an exclusive IP address which can only be used by you and is not shared.

- Astrill You need to pay extra for a dedicated IP address ($5 per IP per month)
- PureVPN The Dedicated IP AddOn works in addition with the standard dynamic IP plan for $5 a month
- TuVPN Dedicated IP pricing - $18 per month

Best Bitcoin VPN Services

Best VPNs for Bitcoin

Bitcoin is an open-source distributed digital currency which is based on P2P technology. BitCoin is becoming very popular nowadays as more VPN providers are using it as a payment method.

- HideMyAss Bitcoin is available to all users, for 12 month and 6 month packages.
- IPVanish You can pay off for IPVanish services via Bitcoin
- Private Internet Access Private Internet Access uses Bitpay to process bitcoin payments

Best Cheap VPN

Best Cheapest VPN service

Cheap VPN service providers - All of these VPN services offer substantially discounts if you buy 12 months at a time instead of one month

- Private Internet Access The annual plan ($38.95) is an excellent value at just $3.25 a month
- PureVPN PureVPN can be purchased for $4.16 a month if you buy the annual subscription ($49.95)
- LiquiVPN LiquidVPN’s annual subscription is $54, just $4.5 a month, for annual subscription only

Best VPN Software application

Best VPN Software (desktop client)

“All In One VPN Client" are applications developed by VPN providers to make using a VPN easy. They include both the VPN service itself (protocols, servers) and a series of options like Internet kill switch or DNS Leak, ...

- HideMyAss The best of all the VPN applications. Includes all the functions and options.
- Private Internet Access A large and satisfying number of configuration options for the OpenVPN protocol.
- Perfect-Privacy Efficient, excellent and ergonomic VPN software.

Best VPN Apps

Best VPN Apps

With the popularity of smartphones and the boom of apps, several VPN apps have emerged that make it a snap to connect to a VPN and start enjoying all the benefits of using a VPN

- IPVanish The application (iOS - Android) is quite intuitive and easy to use
- PureVPN PureVPN also has iOS and Android app.
- Private Internet Access All of the features that the PIA software clients boast are available for you in the Android app

Best VPN Provider for DD-WRT router

Best VPNs for DD-WRT

Some VPN offer the very interesting option to install it on your DD-WRT router. This means you will not need to install your VPN on each of the devices you are using in your home. Your internet connection will be protected by VPN at its source.

- HideMyAss DD-WRT routers are supported with a custom auto-installer script. Also supported: OpenWRT, Tomato, Mikrotik, DrayTek. HideMyAss offers one of best DD-WRT implementations out there
- OverPlay OverPlay's custom DD-WRT VPN Router application or OverPlay has partnered with FlashRouters to provide customized DD-WRT Routers (support both OpenVPN and PPTP VPN connections)
- Astrill "Astrill Router 2.0" applet supports both DD-WRT and Tomato firmware routers. Also you can get "Astrill VPN routers" preinstalled with Astrill VPN and ready to use immediately.

Types of VPN protocols

OpenVPN vs SSTP vs IKEv2. Protocol IKEv2 along with OpenVPN and SSTP are the most interesting. Each one has its advantages. This section will help to decide upon the ones that better suits with own requirements.

- OpenVPN Highly configurable - use a wide range of encryption algorithms
- SSTP Can bypass most firewalls
- IKEv2 The main advantage of IKEv2 is its MOBIKE option

VPN Resources

The following sections provide additional information about VPN

- Data Center VPN's versus Residential VPN's versus Tier-1 VPN's Different kinds of VPN Servers
- Explanation of VPN IP Types Different kinds of IP Addresses
- Glossary of security terms Terms Used In VPNs
- Advantages and benefits of VPN service VPN Benefits
- Countries and online services that block VPNs VPN Blocking
- The best free VPN services of 2015 Best Free VPN service
- The Ultimate list of VPN services List of VPN Providers

How to Check and see if your VPN Connection is Secure

The first thing you should actually check is simply your IP address. Make sure that the location is not your home location, and that its your VPN providers server.

- WhatismyIPAdress Find what is your IP address

Probably one of the most important ones aside from the VPN begin connected. A DNS leak happens when your request to a primary DNS happens outside the VPN. In this case your ISP knows what site you want to visit. Click TEST and see if your connection is safe

Test to ensure that your machine is not able to submit requests to IPv6 Networks.

How to Make Your VPN Even More Secure

- Ways To Secure Your Privacy If VPN Fails VPN Kill Switch

VPN Setup

Tutorial to configure your connection

- VPN on NAS Synology Synology NAS
- Force Vuze to only load Torrents through VPN Set up the VPN on Vuze
- How to BitTorrent download on Android uTorrent & IPVanish on Android
- How To Set Up A VPN In A VPS Setup OpenVPN on VPS

Best VPNs With Strong Encryption Levels

Apart from protecting your identity on the internet (protecting your private life), escaping any internet censorship (maintaining your freedom of expression), changing your IP (and all related advantages) VPN is also a way of securing data.

A VPN connects you to the internet safely without any risk of interception by a third party (protecting your personal data) or prevents D.P.I. So they control the route taken by your information, which means that an authorised party cannot gain access.

In this regard VPN services are very efficient and constantly improving ! Thanks to to their high level of encryption VPN is a good way of protecting personal information: they are able to stop any third parties from intercepting it... So no-one else may know what you say or do on the internet...

The identification process relies on three stages (the length of the key is an important security feature but not the only one) - VPN Encryption explained:

  • Data Encryption - This is the symmetric cipher algorithm with which all of your data is encrypted and decrypted. Choose between the encryption algorithm of AES or Blowfish or Camellia
    AES 128 bit
    On modern systems (newer than Pentium 4) this runs faster than Blowfish and may be more secure than Blowfish. It is generally seen as secure up to the year 2030. Some experts claim it’s more secure than 256 bit AES. It is also widely used and has greatest compatibility. For most people this is the fastest encryption mode.
    AES 192 bit
    In many cases, still faster than Blowfish 128 bit. Gives a little bit more headroom for bruteforcing. However employs a weaker key schedule than AES 128 bit so may NOT be necessarily more secure (weakness is still theoretical and debatable). This is debatable still but generally is seen as more secure than 128 bit since a higher bit means more protection from brute-forcing (though even 128 bit offers crazy crazy protection against brute forcing).
    AES 256 bit
    Generally seen as highest level security, and used for top secret communications by the US government. However also employs a weaker key schedule than AES 128 (weakness is theoretical and debatable still). Tends to be the slowest of all the ciphers evaluated. Theoretically provides protection against quantum computing (which doesn’t quite exist just yet).
    Blowfish 128 bit
    Blowfish is fast but seen by experts as a weaker algorithm than AES though this is debatable. One of the perceived benefits is that Blowfish is not used by the NSA, however this is purely an association issue. The cipher is still deemed to be secure.
    Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits.
    Camellia is a symmetrical encryption algorithm (developed by Mitsubishi and NTT from Japan) by blocks of 128 bits, created to work with keys of 128, 192 and 256 bits. Overall it is twice as slow as AES, offering a similar performance to Blowfish.
    AES supports block and key sizes of 128, 192, and 256 bits, but in AES the block size is always 128 bits
    • NOTE: A block cipher is a box which encrypts "blocks" (Example: 128-bit chunks of data with AES). When encrypting a "message" (The message could be anything: a string, binary data, numbers, a file. It doesn’t matter.) which may be longer than 128 bits, the message must be split into blocks, and the actual way you do the split is called the mode of operation or "chaining". There a lot of encryption operating modes (= mode of operation = encryption mode = Block cipher mode of operation). The most famous are ECB, CBC, OFB, CFB, CTR of which the most used is CBC (Cipher Block Chaining). The latter provides confidentiality, but they do not protect against accidental modification or malicious tampering. The cryptographic community recognized the need for dedicated integrity assurances. The cryptographic community began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive. The modes are referred to as authenticated encryption, AE or "authenc". GCM (Galois/Counter Mode) is one of them. As well as confidentiality, it offers the integral and authentic transfer of data.

    AES-CBC vs AES-GCM: In GCM mode data integrity and privacy (encryption) is ensured. In CBC mode encryption is provided without the benefit of authentication. GCM is also faster (GCM can take full advantage of parallel processing) and more secure (Cache timing attacks).

  • Data Authentication - This is the message authentication algorithm with which all of your data is authenticated. SHA stands for "secure hash algorithm". Choose from SHA-1 or  SHA-256. SHA can use the HMAC packet authentication feature to add an additional layer of security to the connection. As you know, CBC, the most commonly used mode of operation, will not protect integrity of the message. For this, we can use an authentication code (HMAC = keyed-hash message authentication code) to protect the encrypted message.
    SHA-1 produces a 160-bit (20-byte) hash value. A 160-bit hash function which resembles the earlier MD5 algorithm. 
    SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 currently consists of a set of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits.
  • Handshake Encryption - This is the encryption used to establish a secure connection. Exchange of Diffie-Hellman keys with RSA Certificates (2048 or 3072 or 4096bit) or exchange of Diffie-Hellman keys with ECDSA encryption (Elliptic Curve Digital Signature Algorithm). Diffie-Hellman can uses temporary, public keys. When a key exchange uses Ephemeral Diffie-Hellman a temporary DH key is generated for every connection and thus the same key is never used twice. This enables Perfect Forward Secrecy (PFS), which means each session key is unique, so an old key cannot decrypt your new communications. 
    RSA  is one of the first practicable public-key cryptosystems and is widely used for secure data transmission. RSA, as in the algorithm, stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. In 2010 it was reported that RSA 1024 bit encryption had been cracked. We believe that 2048 bit is sufficient.
    ECC (Elliptic Curve Cryptography) 
    Elliptic Curve is one of the most powerful types of cryptography today, it is future-proofing and is arguably significantly more secure than RSA. However, its level of security depends on the curves being used: some being more secure than others. 
    Some doubts have been raised recently around the security of ECC (Elliptic Curve Encryption). ECC offers a fast and perhaps too greedy encryption with keys. It is in direct competition with the great RSA but offers smaller keys with “lighter” calculations compared to its competitor.Some doubts come from the secp256r1 curve certified by the NIST. According to some experts (including the wise Bruce Schneier) the NSA influenced the American Institute of Normalisation, NIST, to certify this pseudo-random number generator that has a weak point. In other words the numbers generated are not unpredictable. A backdoor, or entry point, into a mechanism for generating random numbers means the whole security system will be compromised and vulnerable to attackers or surveillance organisations. If you still wish to use elliptic curves we advise secp256k1 (certified by Certicom) the one that uses Bitcoin for transaction signatures.

Two points to remember:

  • The level of encryption is very important, as it should be high to maximise the exchange of data and data transfer.
  • Having different encryption options helps you to optimize performance with your VPN.
The table below shows OpenVPN (OpenVPN is the best choice when available on your device) with the best encryption.

VPN providers that give you extra layers of security.


Private Internet Access is the only VPN that lets you choose the kind of encryption for each of the steps in an OpenVPN connection.

If you need maximum security, Private Internet Access recommends this configuration:

  • Maximum Protection — AES-256 / SHA256 / RSA-4096
Here are the other options:
  • Data Encryption:
    • GCM and CBC for both AES-128 and AES-256 encryption
    • None — No encryption. None of your data will be encrypted. Your login details will be encrypted. Your IP will still be hidden. This may be a viable option if you want the best performance possible while only hiding your IP address. This would be similar to a SOCKS proxy but with the benefit of not leaking your username and password.
  • Data Authentication - The use of CBC Data Encryption will allow the selection of SHA1, SHA256, or None for Data Authentication:
    • SHA1 — HMAC using Secure Hash Algorithm (160bit). This is the fastest authentication mode.
    • SHA256 — HMAC using Secure Hash Algorithm (256bit)
    • None — No authentication. None of your encrypted data will be authenticated. An active attacker could potentially modify or decrypt your data. This would not give any opportunities to a passive attacker.
    • The GCM Data Encryption settings must utilize GCM Data Authentication. 
  • Handshake Encryption:
    • RSA-2048 — 2048bit Ephemeral Diffie-Helman (DHE) key exchange and 2048bit RSA certificate for verification that the key exchange really happened with a Private Internet Access server. Private Internet Access uses a Diffie-Hellman exchange (abbreviated DHE) which is the basis of PFS.
    • RSA-3072 — Like above but 3072bit for both key exchange and certificate.
    • RSA-4096 — Like above but 4096bit for both key exchange and certificate.
    • ECC-256k1 — Ephemeral Elliptic Curve DH key exchange and an ECDSA certificate for verification that the key exchange really happened with a Private Internet Access server. Curve secp256k1 (256bit) is used for both. This is the same curve that Bitcoin uses to sign its transactions.
    • ECC-256r1 — Like above but using curve prime256v1 (256bit, also known as secp256r1) is used for both key exchange and certificate.
    • ECC-521 — Like above but using curve secp521r1 (521bit) is used for both key exchange and certificate.

DHE ? - Ephemeral Diffie-Helman (DHE) generates a unique session key for every session a user initiates. You should always use Ephemeral Diffie-Hellman because it provides Perfect Forward Secrecy.

Note: Private Internet Access also provides the option of using a 256-bit AES GCM encryption. Private Internet Access is one of the rare VPNs to have an alternate mode of operation for a block cipher.

As you know, different modes of operation for block ciphers exist, some more vulnerable than others, like ECB (Electronic Code Book). The most popular is CBC (Cipher-block chaining) qui provide only confidentiality. For this reason these encryption modes were specifically created to combine confidentiality and authentication: for example, GCM, CCM, CWC. Private Internet Access chose GCM (Galois/Counter Mode) which efficiently provides both data authenticity (integrity) and confidentiality.


AirVPN is very clear about the technical side of its VPN, a great advantage. AirVPN only supports the OpenVPN protocol. Its OpenVPN has a good level of encryption, particularly when it comes to Data Encryption.

  • Data Encryption: GCM and CBC for AES-256 encryption
  • Data Authentication: HMAC SHA384 Control Channel when you don’t use an AED cipher * such as AES-GCM. AED cipher is a form of encryption which simultaneously assure the confidentiality and authenticity of data.
  • Handshake Encryption: 4096 bit RSA keys size
  • Perfect Forward Secrecy - Through Diffie-Hellman key exchange DHE. After the initial key negotiation, re-keying is performed every 60 minutes (this value can be lowered unilaterally by the client)


TorGuard offers OpenVPN customization. You can customize Data encryption, the port/authentication between various SHA rates, and you can also customize the actual cipher.

As for the VPN encryption options, TorGuard offers the following four:

  • GCM and CBC for AES-128 encryption
  • GCM and CBC for AES-256 encryption

It's worth noting that GCM based ciphers are much faster than CBC based ciphers

  • Blowfish — Blowfish (128bit) CBC mode. TorGuard will continue to offer Blowfish on all servers.
  • None — No encryption.

Furthermore, ports can be set to Auto, 443 (SHA1), 80 (SHA1), 995 (SHA1), 1912 (SHA256), 1195 (SHA256), 53 (SHA256), 1215 (SHA 512), 389 (SHA 512), 1194, and 4443 (SHA 256)/Stealth. 


NordVPN uses OpenVPN protocol and AES 256-bit encryption which is the industry standard. 

  • Data Encryption: 256-bit AES CBC
  • Data Authentication: HMAC SHA256 hash authentication
  • Handshake Encryption: RSA-2048 certificate for verification and Perfect Forward Secrecy, which maximizes the security of OpenVPN, is provided by a DHE-4096 key exchange.

What is Perfect Forward Secrecy (PFS)?

Perfect Forward Secrecy (PFS) is a massive leap in privacy technology. PFS allows each connection to be encrypted with a new, unique key that will never be used again by you.


PureVPN employs AES 256-bit military-grade encryption, HMAC authentication and Perfect Forward Secrecy. The PFS feature in OpenVPN adds an extra layer of security to your VPN connection with complete secrecy and data integrity. 


ExpressVPN uses AES 256-bit encryption and OpenVPN almost exclusively. Additionally, the company uses an RSA-4096 handshake (a form of connection negotiation between your device and a VPN server) and SHA-512 hash message authentication code (HMAC), along with PFS (Perfect Forward Secrecy). ExpressVPN rotates the key every 60 minutes, which ensures your security even during long VPN sessions


VPN.ac offers numerous different encryption options. This allows you to select the best encryption strength depending upon how much privacy and security you are seeking, while also optimizing performance.

Its OpenVPN can be broken down to allow its users to choose:

  • Data Encryption: 128-bit AES CBC or 128-bit BF-CBC or 256-bit AES CBC. VPN.AC offers the ability to use both AES-256-CBC and BF-CBC. Unlike a lot of other VPNs (that use AES), VPN.AC trusts the reliable Blowfish
  • Data Authentication: SHA512 HMAC data authentication
  • Handshake Encryption: For AES (both 128 and 256 bit) VPN.AC uses RSA-4096 and Elliptic Curve (ECDHE) with secp256k1

In the connection programme you can choose from a drop-down menu that offers OpenVPN ECC, OpenVPN 128-bit, OpenVPN 256-bit and OpenVPN XOR


LiquidVPN is a rare service that proposes a choice of algorithm for its data encryption. As well as AES (the most common cipher among VPNs), LiquidVPN offers Camellia in 256-CBC

There are in fact many other ciphers like Serpent, Twofish or Threefish. But the common usage of AES and to a lesser measure, Blowfish, makes AES seem to be the universal encryption.

  • Data Encryption: AES-128-CBC or 256-bit AES CBC or Camellia-256-CBC (German location)
  • Data Authentication: LiquidVPN uses SHA512 exclusively for OpenVPN. HMAC Firewall Included *
  • Handshake Encryption: LiquidVPN uses either 2048 or 4096 bit Diffie-Hellman

* What is HMAC Authentication and why is it useful?

We know that CBC, the most commonly used mode of operation, will not protect integrity of the message. For this, we can use an authentication code (HMAC = keyed-hash message authentication code) to protect the encrypted message.


IPvanish supports OpenVPN in either TCP or UDP ports. The configuration below is excellent.

  • Data Encryption: 256-bit AES CBC
  • Data Authentication: HMAC SHA-256 control. The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks. OpenVPN can use the HMAC packet authentication feature to add an additional layer of security to the connection - HMAC protects message's data integrity
  • Handshake Encryption: DHE-RSA 2048-bit with perfect forward secrecy. Perfect Forward Secrecy (PFS) ias a system of private encryption keys generated for each new session.

IPVanish is great for data security from an encryption standpoint.


Proxy.sh has a high level of encryption (like its competitors):

  • Data Encryption: 256-bit AES CBC
  • Data Authentication: SHA512 data authentication
  • Handshake Encryption: 4096-bit RSA handshake and/or the possibility of trying the curve secp384r1

Proxy.SH also offers Serpent (limited beta) as extra encryption method.


Their OpenVPN has a good level of encryption, especially when it comes to Handshake.

  • Data Encryption: AES-256-CBC Data Channel
  • Data Authentication: SHA512
  • Handshake Encryption: 4096 bit RSA keys size
  • HMAC Firewall Included - We know that CBC, the most commonly used mode of operation, will not protect integrity of the message. For this, we can use an authentication code (HMAC = keyed-hash message authentication code) to protect the encrypted message.


StrongVPN has a more than reasonable level of encryption.

  • Data Encryption: AES 256 cipher
  • Data Authentication: SHA256 authentication
  • Handshake Encryption: 2048-bit Diffie Hellman RSA key
  • Perfect forward secrecy. It is a valuable privacy feature that can make your VPN sessions much more secure, and help prevent the decryption of your web history.



Their OpenVPN has a good level of encryption:

  • Data Encryption: AES-256-CBC
  • Data Authentication: HMAC SHA384 hash authentication
  • Handshake Encryption: RSA 2048 for its handshake encryption. Perfect forward secrecy is provided courtesy of Diffie-Hellman Exchange (DHE) keys.


HideMyAss supports OpenVPN in either TCP or UDP ports.

  • Data Encryption: AES 256-bit encryption. AES is considered the safest and quickest way to encrypt your data
  • Data Authentication: SHA256
  • Handshake Encryption: 2048-bit keys


IronSocket provides a Network 2.0 which has 3 levels of encryption according to the connection used.

A VPN that provides different encryption level

For example, a connection in Amsterdam (S1 ou S2 ou S3), OpenVPN supports multiple levels of Encryption, both TCP and UDP protocols, as well as offers many alternative ports in case you're behind a restrictive firewall or proxy:

  • All Encryption Levels use a 4096-bit key for Secure Authentication (Handshake Encryption)
  • Strong - Default configuration that uses AES 256-bit Data Encryption with SHA256 Message Authentication. It is recommended to all users for Maximum Privacy and Security.
  • Light - This configuration uses Blowfish 128-bit Data Encryption. It allows for Faster Data Transfer while still offering a Basic Level of Data Encryption. Unlike a lot of other VPNs (that use AES), Ironsocket trusts the reliable Blowfish.
  • None - This configuration uses No Data Encryption, at all. This option offers Maximum VPN Speeds. It is only recommended when Data Encryption is not required.