VPN services

HideMyAss is the best value for your money and is highly recommended - Premium VPN Service providers recommended

- HideMyAss 5/5 - HideMyAss review
- IPVanish 5/5 - IPVanish review
- Private Internet Access 5/5 - PIA review
- PureVPN 5/5 - PureVPN review
- OverPlay 4/5
- Perfect-Privacy 4/5
- IAPS 4/5
- AirVPN 4/5 -
AirVPN review
- LiquidVPN 4/5
- NordVPN 4/5 -
NordVPN review
- VPN.AC 3/5 -
VPN.AC review
- IbVPN 3/5 -
IbVPN review
- AceVPN 3/5 -
AceVPN review
- Mullvad 3/5 - Mullvad review
- Proxy.SH 3/5
- ExpressVPN 3/5 - ExpressVPN review
- CactusVPN 2/5 - CactusVPN review
- SecurityKiss 2/5 - SecurityKiss review
- Astrill 2/5 -
Astrill review
- SlickVPN 2/5 - SlickVPN review
- StrongVPN 2/5
- HideIpVPN 2/5
- VPNTunnel 1/5
- BoxPN 1/5 - BoxPN review
- TuVPN 1/5 -
TuVPN review
- VikingVPN 1/5

Best Encrypted VPN

Best Encrypted VPN

VPN uses encryption to provide data confidentiality. The length of the encryption key is an important security parameter.

- Private Internet Access PIA lets you decide on how you want your VPN traffic to be encrypted. AES-128 or AES-256 or Blowfish
- HideMyAss HMA! offers the standard BF-CBC (Blowfish) with a 128 bit key
- VPN.AC Up to AES 256-bit encryption with Elliptic Curve and/or 4096-bit RSA authentication

Best Logless VPN

Best Logless VPN

No Logs VPN Provider. A VPN can protect your privacy then it is important that it keeps no logs of your activities

- IPVanish No Logs. New feature since April 2014
- Private Internet Access One of PIA’s biggest selling points is that it does not log anything
- NordVPN NordVPN doesn't save or keep logs

Anonymity and Privacy

The Best Anonymous VPN

A VPN doesn't make you anonymous, but does greatly increase your privacy. Using a VPN is key to being anonymous (from a technical point of view) but don't forget the other aspects like the payment as well as precautions with email addresses and personal data when registering.

- Private Internet Access accepts Bitcoin, no logs, shared IP addresses
- IPVanish no logs, shared IP addresses
- LiquidVPN accepts Bitcoin, no logs, shared IP addresses, offers a Modulating IP Addresses and Warrant Canary

Best VPN For Avoiding Censorship

Best VPN For Avoiding Censorship

Depending on where you live in the world, you might be currently experiencing Internet censorship restrictions for political reasons or otherwise. A VPN is essential for bypass censorship restrictions and have unfiltered access to the Internet

- IPVanish Get around internet censorship blocks, completely bypassing firewalls in countries like China, by simply connecting to the IPVanish's servers
- Private Internet Access To bypass censorship PIA is a top quality solution because it uses a high encryption level and can avoid firewalls using its option "Local Port"
- PureVPN If there is a firewall that operates with deep-packet inspection, the firewall will not be able to monitor the transport packets from the SSTP VPN tunnel thanks to the fact that SSTP uses the HTTPS protocol

Best VPN for Bypassing Chinese Firewall

The Best VPN For China

China is one of the World’s heavily censored countries. The Great Firewall of China blocks Google+, Facebook, Youtube and Twitter. People in China have to use a VPN but only those that offer SSTP or OpenVPN (TCP will work well)

- PureVPN is one of the rare VPNs to offer a special installation format for China.
- VPN.AC VPN.AC can circumvent county blocks like the great wall of China. VPN.AC has Xor obfuscation for openvpn and can use TCP port 443 to mask that it looks like regular SSL traffic
- AceVPN's Stealth VPN works in countries like China

Best VPN by numbers of countries

Best VPN server locations

VPN with Most IP VPN Addresses. This will be important as the IP that will replace yours is of the server's public IP addresses

- HideMyAss 128 countries along with multiple servers providing a whopping 96,000+ IPs
- PureVPN 450 + Servers in 87 countries
- IPVanish IPs addresses with over servers in countries

Fastest VPN Service

Top 10 Fastest VPNs 2015

The fastest personal VPN service for maximum freedom of uninhibited and unrestricted Internet surfing. If you are streaming videos or download large files, the Download Speed will be important to you.

- IPVanish the fastest VPN service in America and Europe. They operate as a Tier-1 provider. Tier-1 means they own the network infrastructure, not having to deal with third party companies under contract.
- HideMyAss The speed is excellent. The software includes a "Speed Guide" feature to find the fastest servers near you.
- PureVPN PureVPN offers a Speed Test tool that allows you to quickly find the best server for your given application.

Unblock Access to Websites

Unblock Any Websites From Anywhere

2 Ways to Unblock websites: VPN services (Bypass geo blocking but also protects your online identity and data because your Internet traffic will be encrypted) or SmartDNS (No speed loss)

- IPVanish IPVanish is great to unblock websites. You can choose between IP’s in 61 countries
- HideMyAss You can use HideMyAss to securely unlock region restricted content from around the world
- OverPlay Overplay offers Smart DNS services as well as VPN services.

Best Smart DNS Services

Best SmartDNS

How To Watch Streaming Video Anywhere in the World - Using a DNS service will allow you to get around the restrictions based on region and Smart DNS allows you to use your internet providers original speed, without many changes in your device. 

- OverPlay OverPlay SmartDNS provides high speed access (typically as fast as your ISP allows) to websites that are restricted from your location, without the need for a VPN tunnel! We are big fans of their SmartDNS technology.
- PureVPN Smart DNS is included on to either VPN plan at no extra charge
- IbVPN IbDNS is included in two of the IbVPN plans (Ultimate VPN and Total VPN)

Best VPN or SmartDNS to Unblock Hulu

Best VPN or SmartDNS For Watching Hulu

How to unblock Hulu - Hulu has decided to block people using a VPN service to watch their TV programs. But it is still possible to watch Hulu US from abroad. Here are few options.

- HideMyAss HideMyAss is one the best VPN available to watch Hulu
- IPVanish IPVanish is the second most popular VPN for Hulu
- IAPS IAPS offers residential IPs, which means they come from local ISPs (Time Warner Cable , Comcast) that will never be blocked by Hulu

Best VPN or SmartDNS to Unblock Netfix

Best VPN or SmartDNS For Watching Netflix

There are two reasons you would want to change your Netflix region. For one, Netflix is a lot better in the US (the most popular Netflix region is the American Netflix region). Another reason is that you might be an expat in the USA or Traveler and you want to watch your American Netflix Library

- HideMyAss HideMyAss is one the best VPN available to watch Netflix
- PureVPN PureVPN is the second most popular VPN for Hulu
- Private Internet Access Only $6.95 a month which is an inexpensive solution (cheap as chips per month if you pay annually)

Best VPN for Torrent and P2P

Best VPN for Torrents and P2P File Sharing

List of Best VPN Services that allow legal P2P/Torrent traffic. Make sure the VPN providers allows P2P traffic, otherwise you can get suspended and you will not get your money refunded.

- HideMyAss Netherlands, Romania, Luxembourg and Swedish servers - Port 1194 - HighID - Secure IP Bind lets you block internet access to any program if not connected to VPN
- Private Internet Access Netherlands, Hong Kong, Romania and Swedish servers - Port Forwading - HighID - The client has a feature called “VPN Kill Switch ” to terminate applications when the VPN connection drops out
- AirVPN Luxembourg, Canada, Sweden, Lithuania, Russia and Hong kong servers - Port Forwading - HighID - The client has a feature called “Network lock ”, based on strict firewalls rules, that prevents IPv4 communications when your system is not connected to an AirVPN server.

Best VPN for File Hosting

Best VPN for one-click hosting sites

One-click file hosting, or some people call them cyberlocker websites, are websites like 1Fichier or Uptobox, that allow anyone to upload and download files for free. But there are some annoyances when downloading files from the one-click file hosting sites as a free user:
1- No simultaneous parallel downloading
2- Download delays.
VPN can be beneficial to bypass Hosting services limits, VPN provides an ideal solution as it can unblock file sharing websites

- LiquidVPN LiquidVPN is the most impressive VPN, thanks to its IP modulating, to download from File hosting sites as a free user
- HideMyAss HideMyAss utilizes Dynamic IPs (independent IP address) + Random IP switching (rotate your IP address at set intervals or manually)
- IPVanish Tier-1 VPN Network (fastest delivery speeds available) + Random IP switching (rotate your IP address at set intervals or manually

Best VPN For Online Games

Best VPNs for gaming

Using a VPN during online gaming (MMO Games) has many advantages:
1- Improve Game Connection (Faster Game Load Time Reduce Lags and Latency)
2- Online gaming can be restricted in different ways: it can be blocked by your network administrator. Sometimes you don’t have access to online gaming or game content due to geographical restrictions. To bypass these restrictions, you can use our VPN for Online Gaming.

- IPVanish operates its own private server, they are able to offer the lowest latency, which, of course, is ideal for gaming.
- WTFAST The WTFast Gamers Private Network (GPN) is a client/server solution that makes online games faster

Best VPN for Wifi Hotspots

Best VPNs for WiFi Hotspots

Using non-secured public Wi-Fi hotspots can leave you vulnerable to identity theft, data theft, snooping, impersonation and malware infection. The most secure way to browse on a public network is to use a virtual private network. A VPN provides a secure and private way to connect to open networks.

- PureVPN PureVPN is excellent with its IKEv2 protocol. If the connection is temporarily lost, or if a user moves from one network to another, IKEv2 will automatically restore the VPN connection after the network connection is reestablished.
- IPVanish IPVanish assures users that their internet use will be secure while using insecure connections such as Wifi Hotspots or hotel internet services
- IbVPN IbVPN is a decent option to connect to unsecured public WiFi networks which are becoming increasingly risky

Best VPN For Travel Abroad

Best VPNs for Travelling

You have to use VPN during your traveling. Why should you use VPN for travel abroad? there are two main benefits:
1- Use public or hotel Wi-Fi safely
2- Have unfettered access to the geo-restricted sites of your choice

- PureVPN PureVPN is the best VPN for frequent travellers
- IPVanish IPVanish is also a good choice of VPN for travelling often.
- IAPS IAPS VPN provides residential servers for business use (frequent travellers)

Best Dedicated IP

Best Dedicated IP VPN

On subscribing to a dedicated IP VPN, you are given an exclusive IP address which can only be used by you and is not shared.

- Astrill You need to pay extra for a dedicated IP address ($5 per IP per month)
- PureVPN The Dedicated IP AddOn works in addition with the standard dynamic IP plan for $5 a month
- TuVPN Dedicated IP pricing - $18 per month

Best Bitcoin VPN Services

Best VPNs for Bitcoin

Bitcoin is an open-source distributed digital currency which is based on P2P technology. BitCoin is becoming very popular nowadays as more VPN providers are using it as a payment method.

- HideMyAss Bitcoin is available to all users, for 12 month and 6 month packages.
- IPVanish You can pay off for IPVanish services via Bitcoin
- Private Internet Access Private Internet Access uses Bitpay to process bitcoin payments

Best Cheap VPN

Best Cheapest VPN service

Cheap VPN service providers - All of these VPN services offer substantially discounts if you buy 12 months at a time instead of one month

- Private Internet Access The annual plan ($38.95) is an excellent value at just $3.25 a month
- PureVPN PureVPN can be purchased for $4.16 a month if you buy the annual subscription ($49.95)
- LiquiVPN LiquidVPN’s annual subscription is $54, just $4.5 a month, for annual subscription only

Best VPN Software application

Best VPN Software (desktop client)

“All In One VPN Client" are applications developed by VPN providers to make using a VPN easy. They include both the VPN service itself (protocols, servers) and a series of options like Internet kill switch or DNS Leak, ...

- HideMyAss The best of all the VPN applications. Includes all the functions and options.
- Private Internet Access A large and satisfying number of configuration options for the OpenVPN protocol.
- Perfect-Privacy Efficient, excellent and ergonomic VPN software.

Best VPN Apps

Best VPN Apps

With the popularity of smartphones and the boom of apps, several VPN apps have emerged that make it a snap to connect to a VPN and start enjoying all the benefits of using a VPN

- IPVanish The application (iOS - Android) is quite intuitive and easy to use
- PureVPN PureVPN also has iOS and Android app.
- Private Internet Access All of the features that the PIA software clients boast are available for you in the Android app

Best VPN Provider for DD-WRT router

Best VPNs for DD-WRT

Some VPN offer the very interesting option to install it on your DD-WRT router. This means you will not need to install your VPN on each of the devices you are using in your home. Your internet connection will be protected by VPN at its source.

- HideMyAss DD-WRT routers are supported with a custom auto-installer script. Also supported: OpenWRT, Tomato, Mikrotik, DrayTek. HideMyAss offers one of best DD-WRT implementations out there
- OverPlay OverPlay's custom DD-WRT VPN Router application or OverPlay has partnered with FlashRouters to provide customized DD-WRT Routers (support both OpenVPN and PPTP VPN connections)
- Astrill "Astrill Router 2.0" applet supports both DD-WRT and Tomato firmware routers. Also you can get "Astrill VPN routers" preinstalled with Astrill VPN and ready to use immediately.

Types of VPN protocols

OpenVPN vs SSTP vs IKEv2. Protocol IKEv2 along with OpenVPN and SSTP are the most interesting. Each one has its advantages. This section will help to decide upon the ones that better suits with own requirements.

- OpenVPN Highly configurable - use a wide range of encryption algorithms
- SSTP Can bypass most firewalls
- IKEv2 The main advantage of IKEv2 is its MOBIKE option

VPN Resources

The following sections provide additional information about VPN

- Data Center VPN's versus Residential VPN's versus Tier-1 VPN's Different kinds of VPN Servers
- Explanation of VPN IP Types Different kinds of IP Addresses
- Glossary of security terms Terms Used In VPNs
- Advantages and benefits of VPN service VPN Benefits
- Countries and online services that block VPNs VPN Blocking
- The best free VPN services of 2015 Best Free VPN service
- The Ultimate list of VPN services List of VPN Providers

How to Check and see if your VPN Connection is Secure

The first thing you should actually check is simply your IP address. Make sure that the location is not your home location, and that its your VPN providers server.

- WhatismyIPAdress Find what is your IP address

Probably one of the most important ones aside from the VPN begin connected. A DNS leak happens when your request to a primary DNS happens outside the VPN. In this case your ISP knows what site you want to visit. Click TEST and see if your connection is safe

Test to ensure that your machine is not able to submit requests to IPv6 Networks.

How to Make Your VPN Even More Secure

- Ways To Secure Your Privacy If VPN Fails VPN Kill Switch

VPN Setup

Tutorial to configure your connection

- VPN on NAS Synology Synology NAS
- Force Vuze to only load Torrents through VPN Set up the VPN on Vuze
- How to BitTorrent download on Android uTorrent & IPVanish on Android
- How To Set Up A VPN In A VPS Setup OpenVPN on VPS

VPN provider encryption levels

Apart from protecting your identity on the internet (protecting your private life), escaping any internet censorship (maintaining your freedom of expression), changing your IP (and all related advantages) VPN is also a way of securing data.

A VPN connects you to the internet safely without any risk of interception by a third party (protecting your personal data) or prevents D.P.I. So they control the route taken by your information, which means that an authorised party cannot gain access.

In this regard VPN services are very efficient and constantly improving ! Thanks to to their high level of encryption VPN is a good way of protecting personal information: they are able to stop any third parties from intercepting it... So no-one else may know what you say or do on the internet...

The identification process relies on three stages (the length of the key is an important security feature but not the only one) - VPN Encryption explained:

  • Data Encryption - This is the symmetric cipher algorithm with which all of your data is encrypted and decrypted. Choose between the encryption algorithm of AES or Blowfish or Camellia
    AES 128 bit
    On modern systems (newer than Pentium 4) this runs faster than Blowfish and may be more secure than Blowfish. It is generally seen as secure up to the year 2030. Some experts claim it’s more secure than 256 bit AES. It is also widely used and has greatest compatibility.
    AES 192 bit
    In many cases, still faster than Blowfish 128 bit. Gives a little bit more headroom for bruteforcing. However employs a weaker key schedule than AES 128 bit so may NOT be necessarily more secure (weakness is still theoretical and debatable). This is debatable still but generally is seen as more secure than 128 bit since a higher bit means more protection from brute-forcing (though even 128 bit offers crazy crazy protection against brute forcing).
    AES 256 bit
    Generally seen as highest level security, and used for top secret communications by the US government. However also employs a weaker key schedule than AES 128 (weakness is theoretical and debatable still). Tends to be the slowest of all the ciphers evaluated. Theoretically provides protection against quantum computing (which doesn’t quite exist just yet).
    Blowfish 128 bit
    Blowfish is fast but seen by experts as a weaker algorithm than AES though this is debatable. One of the perceived benefits is that Blowfish is not used by the NSA, however this is purely an association issue. The cipher is still deemed to be secure.
    Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits.
    Camellia is a symmetrical encryption algorithm (developed by Mitsubishi and NTT from Japan) by blocks of 128 bits, created to work with keys of 128, 192 and 256 bits. Overall it is twice as slow as AES, offering a similar performance to Blowfish.
    AES supports block and key sizes of 128, 192, and 256 bits, but in AES the block size is always 128 bits
    • NOTE: A block cipher is a box which encrypts "blocks" (Example: 128-bit chunks of data with AES). When encrypting a "message" (The message could be anything: a string, binary data, numbers, a file. It doesn’t matter.) which may be longer than 128 bits, the message must be split into blocks, and the actual way you do the split is called the mode of operation or "chaining". There a lot of encryption operating modes (= mode of operation = encryption mode = Block cipher mode of operation). The most famous a are ECB, CBC, OFB, CFB, CTR of which the most used is CBC (Cipher Block Chaining). The latter provides confidentiality, but they do not protect against accidental modification or malicious tampering. The cryptographic community recognized the need for dedicated integrity assurances. The cryptographic community began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive. The modes are referred to as authenticated encryption, AE or "authenc". GCM (Galois/Counter Mode) is one of them. As well as confidentiality, it offers the integral and authentic transfer of data.

  • Data Authentication - This is the message authentication algorithm with which all of your data is authenticated. SHA stands for "secure hash algorithm". Choose from SHA-1 or  SHA-256
    SHA-1 produces a 160-bit (20-byte) hash value. A 160-bit hash function which resembles the earlier MD5 algorithm. 
    SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 currently consists of a set of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits.
  • Handshake Encryption - This is the encryption used to establish a secure connection. Exchange of Diffie-Hellman keys with RSA Certificates (2048 or 3072 or 4096bit) or exchange of Diffie-Hellman keys with ECDSA encryption (Elliptic Curve Digital Signature Algorithm).
    RSA  is one of the first practicable public-key cryptosystems and is widely used for secure data transmission. RSA, as in the algorithm, stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. In 2010 it was reported that RSA 1024 bit encryption had been cracked. We believe that 2048 bit is sufficient.
    ECC (Elliptic Curve Cryptography) 
    Elliptic Curve is one of the most powerful types of cryptography today, it is future-proofing and is arguably significantly more secure than RSA. However, its level of security depends on the curves being used: some being more secure than others. 
    Some doubts have been raised recently around the security of ECC (Elliptic Curve Encryption). ECC offers a fast and perhaps too greedy encryption with keys. It is in direct competition with the great RSA but offers smaller keys with “lighter” calculations compared to its competitor.Some doubts come from the secp256r1 curve certified by the NIST. According to some experts (including the wise Bruce Schneier) the NSA influenced the American Institute of Normalisation, NIST, to certify this pseudo-random number generator that has a weak point. In other words the numbers generated are not unpredictable. A backdoor, or entry point, into a mechanism for generating random numbers means the whole security system will be compromised and vulnerable to attackers or surveillance organisations. If you still wish to use elliptic curves we advise secp256k1 (certified by Certicom) the one that uses Bitcoin for transaction signatures.

Two points to remember:

  • The level of encryption is very important, as it should be high to maximise the exchange of data and data transfer.
  • PIA (and others comme VPN.AC, IronSoket) have custom levels of encryption available via their own programs
The table below shows OpenVPN (OpenVPN is the best choice when available on your device) with the best encryption. Very few VPN services actually specify this essential information, to our disappointment. Too many just mention OpenVPN with a 256-bit encryption.

VPN providers that give you extra layers of security.


Full review

  • Protocol: OpenVPN
  • Port TCP or UDP

PIA is the only VPN that lets you choose the kind of encryption for each of the steps in an OpenVPN connection.

If you need maximum security, PIA recommends this configuration:

  • Maximum Protection — AES-256 / SHA256 / RSA-4096
Here are the other options:
  • Data Encryption:
    • AES-128 — Advanced Encryption Standard (128bit) in CBC mode. For most people this is the fastest encryption mode.
    • AES-256 — Advanced Encryption Standard (256bit) in CBC mode.
    • Blowfish — Blowfish (128bit) in CBC mode.
    • None — No encryption. None of your data will be encrypted. Your login details will be encrypted. Your IP will still be hidden. This may be a viable option if you want the best performance possible while only hiding your IP address. This would be similar to a SOCKS proxy but with the benefit of not leaking your username and password.
  • Data Authentication:
    • SHA1 — HMAC using Secure Hash Algorithm (160bit). This is the fastest authentication mode.
    • SHA256 — HMAC using Secure Hash Algorithm (256bit)
    • None — No authentication. None of your encrypted data will be authenticated. An active attacker could potentially modify or decrypt your data. This would not give any opportunities to a passive attacker.
  • Handshake Encryption:
    • RSA-2048 — 2048bit Ephemeral Diffie-Helman (DH) key exchange and 2048bit RSA certificate for verification that the key exchange really happened with a Private Internet Access server.
    • RSA-3072 — Like above but 3072bit for both key exchange and certificate.
    • RSA-4096 — Like above but 4096bit for both key exchange and certificate.
    • [!ECC-256k1 — Ephemeral Elliptic Curve DH key exchange and an ECDSA certificate for verification that the key exchange really happened with a Private Internet Access server. Curve secp256k1 (256bit) is used for both. This is the same curve that Bitcoin uses to sign its transactions.
    • [!ECC-256r1 — Like above but using curve prime256v1 (256bit, also known as secp256r1) is used for both key exchange and certificate.
    • [!ECC-521 — Like above but using curve secp521r1 (521bit) is used for both key exchange and certificate.


Full review

  • Protocol: OpenVPN
  • Port TCP or UDP

HideMyAss supports OpenVPN in either TCP or UDP ports. Unlike a lot of other VPNs (that use AES), HMA! trusts the reliable Blowfish

  • Data Encryption: For encryption the cipher in use is CBC mode of Blowfish with encryption strength of 128bit
  • Data Authentication: hash algorithm is 160bit SHA1
  • Handshake Encryption: the control channel is same TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA


  • Protocol: OpenVPN
  • Port TCP or UDP

But an increasing number of VPN providers including VPN.AC have decided to offer types and levels of encryption apart from the classic AES + RSA.

For its OpenVPN, VPN.AC decided to use the elliptical curve secp256k1 for its Handshake Encryption and its transactions (the same curve used by Bitcoin). Its OpenVPN can be broken down to allow its users to choose:

  • Data Encryption: 128-bit AES CBC and 256-bit AES CBC
  • Data Authentication: SHA512 data authentication
  • Handshake Encryption: For AES (both 128 and 256 bit) VPN.AC use RSA-4096 and/or Elliptic Curve (ECDHE) with secp256k1

In the connection programme you can choose from a drop-down menu that offers OpenVPN ECC, OpenVPN 128-bit, OpenVPN 256-bit and OpenVPN XOR (VPN optimised for China)


Full review


  • Protocol: IKEv2
  • Port UDP

AceVPN is a rare VPN to propose the protocol IKEv2.

IKEv2 is the least known and most under-estimated protocol. It allows automatic reconnection thanks to its Reconnect VPN option. If the connection is temporarily lost, or the users move from one wifi access to another, IKEv2 automatically restores the VPN when connection is re-established.

Also, the protocol has a high encryption level. For its IKEv2 AceVPN uses a chiffrement Suite B, a group of encryption algorithm approved by the NSA (National Security Agency).

The components of Suite B are as follows:

  • Data Encryption (encryption algorithm): AES 256. The encryption algorithm is a classic, AES 256 (Others like HideMyAss use Blowfish)
  • Data Authentication: SHA512. The hash code is SHA512. Others often only have a maximum of 256. The size of the block is 1024 bits. The bigger the chain, the more secure it is.
  • Handshake Encryption: 384 bits ECC (Equivalent to RSA 7680 bits). To establish communication, Suite B uses elliptical curves instead of classic systems of asymmetric encryption.


  • Protocol: OpenVPN
  • Port TCP or UDP

LiquidVPN is a rare service that proposes a choice of algorithm for its data encryption. As well as AES (the most common cipher among VPNs), LiquidVPN offers Camellia in 256-CBC

There are in fact many other ciphers like Serpent, Twofish or Threefish. But the common usage of AES and to a lesser measure, Blowfish, makes AES seem to be the universal encryption.

  • Data Encryption: 256-bit AES CBC or Camellia-256-CBC (German location)
  • Data Authentication: SHA256 data authentication
  • Handshake Encryption: 4096-bit RSA handshake
  • HMAC Firewall Included *

* What is HMAC Authentication and why is it useful?

We know that CBC, the most commonly used mode of operation, will not protect integrity of the message. For this, we can use an authentication code (HMAC = keyed-hash message authentication code) to protect the encrypted message.


  • Protocol: OpenVPN
  • Port TCP or UDP

IronSocket has recently begun using a new server network (Network 2.0) which has 3 levels of encryption according to the connection used.

For example, a connection in Amsterdam (S1 ou S2 ou S3), l' OpenVPN supports multiple levels of Encryption, both TCP and UDP protocols, as well as offers many alternative ports in case you're behind a restrictive firewall or proxy:

  • All Encryption Levels use a 4096-bit key for Secure Authentication (Handshake Encryption)
  • Strong - Default configuration that uses AES 256-bit Data Encryption with SHA256 Message Authentication. It is recommended to all users for Maximum Privacy and Security.
  • Light - This configuration uses Blowfish 128-bit Data Encryption. It allows for Faster Data Transfer while still offering a Basic Level of Data Encryption.
  • None - This configuration uses No Data Encryption, at all. This option offers Maximum VPN Speeds. It is only recommended when Data Encryption is not required.


  • Protocol: OpenVPN
  • Port TCP or UDP

Their OpenVPN has a good level of encryption, especially when it comes to Handshake.

  • Data Encryption: AES-256-CBC Data Channel
  • Data Authentication: SHA512
  • Handshake Encryption: 4096 bit RSA keys size
  • HMAC Firewall Included *

* What is HMAC Authentication and why is it useful?

We know that CBC, the most commonly used mode of operation, will not protect integrity of the message. For this, we can use an authentication code (HMAC = keyed-hash message authentication code) to protect the encrypted message.


  • Protocol: OpenVPN
  • Port TCP or UDP
  • ECC + XOR network

Proxy.sh has a high level of encryption (like its competitors):

  • Data Encryption: 256-bit AES CBC
  • Data Authentication: SHA512 data authentication
  • Handshake Encryption: 4096-bit RSA handshake and/or the possibility of trying the curve secp384r1 (comes with the new OpenVPN's XOR scrambling/obfuscating option) *

* ECC + XOR network

Originally Proxy.SH was going to offer the djb's curve25519 (with a beta programme). But now it is Elliptic Curve (ECDHE) with secp384r1 that is available. Proxy.SH has added the original feature of the Patch XOR which scrambles OpenVPN so that the latter goes undetected (especially relevant in China and India). In order to connect to this ECC network, you first need to go to their Network Status in order to locate the VPN nodes which have ECC enabled. THen you need to manually install it (the process is described in detail here: Proxy.sh VPN network using ECC encryption and XOR option) but it is not easy for the average user.

Our advice: if you want to test and use the patch XOR then try VPN.AC who have integrated it into their programme.


Full review

  • Protocol: OpenVPN
  • Port TCP or UDP

IPvanish supports OpenVPN in either TCP or UDP ports. The configuration below is excellent.

  • Data Encryption: 256-bit AES CBC
  • Data Authentication: SHA256 data authentication
  • Handshake Encryption: 2048-bit RSA handshake


Full review

  • Protocol: OpenVPN
  • Port TCP or UDP

Mullvad offers the ability to use both AES-256-CBC and BF-CBC. But the default option is AES. Except when encountering certain connection problems the client program will fall back to Blowfish 128.

For a long time Blowfish was the only possibility by Mullvad. Does this mean they are recognising the superiority of AES? At the moment, HideMyAss is the only service to still prefer Blowfish!.


Full review

  • Protocol: OpenVPN
  • Port TCP or UDP

AirVPN is very clear about the technical side of its VPN, a great advantage. Its OpenVPN has a good level of encryption, particularly when it comes to Handshake.

  • Data Encryption: AES-256-CBC Data Channel
  • Data Authentication:  SHA1 Control Channel
  • Handshake Encryption: 4096 bit RSA keys size

Remember you can increase security and authentication of your data without worrying about DPI by adding SSL


  • Protocol: OpenVPN
  • Port TCP or UDP

VikingVPN offers an original and powerful OpenVPN. By default, you will have:

  • Data Encryption: 256-bit AES CBC or 256-bit AES GCM (The GCM operating mode will only be available in OpenVPN version 2.4.0)
  • Data Authentication: SHA1
  • Handshake Encryption: 4096-bit RSA handshake or a non-standard elliptic curve
  • * The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks.

* OpenVPN can use the HMAC packet authentication feature to add an additional layer of security to the connection - HMAC protects message's data integrity

VikingVPN also provides the option of using a 256-bit AES GCM encryption. Here you can find mode of operation GCM (Galios/Counter Mode). VikingVPN is the only VPN to have an alternate mode of operation for a block cipher.

As you know, different modes of operation for block ciphers exist, some more vulnerable than others, like ECB (Electronic Code Book). The most popular is CBC (Cipher-block chaining) qui provide only confidentiality. For this reason these encryption modes were specifically created to combine confidentiality and authentication: for example, GCM, CCM, CWC. VikingVPN chose GCM which efficiently provides both data authenticity (integrity) and confidentiality.


  • Protocol: OpenVPN
  • Port TCP or UDP

Their OpenVPN has a good level of encryption, especially when it comes to Handshake.

  • Data Encryption: AES-256-CBC Data Channel
  • Data Authentication:  SHA1 Control Channel
  • Handshake Encryption: 4096 bit RSA keys size


  • Protocol: OpenVPN
  • TCP - ports 80 (http), 443 (https), 992, 1194, 8888
  • UDP - ports 53 (dns), 80, 992, 1194 and 8888

EarthVPN has a more than reasonable level of encryption.

  • Data Encryption: AES-256-CBC
  • Data Authentication:  SHA1 Control Channel
  • Handshake Encryption: 2048 bit RSA keys size
But why should it be a paid extra to have AES for data encryption in 256-bit ($1.99) when this encryption level is common and free amongst the competition!