AirVPN Review 2016

AirVPN has excellent encryption and security. Features such as VPN through Tor, OpenVPN support, and 3 simultaneous connections are just a few reasons why AIrVPN is a superb VPN service. Read my AirVPN review to see why!
Visit AirVPN
Disclosure: compensated affiliate: click here for more information
Review of: AirVPN
VPN by:

Reviewed by:
On February 10, 2016
Last modified:October 14, 2016


In this in-depth AirVPN review I consider why, despite technical excellence and a reputation for caring about privacy, AirVPN remains unpopular with VPN users.

I will start this review by noting that after using it as my personal VPN service for around two years, I am a bigger fan than ever of AirVPN. This Italian VPN provider, which proudly boasts how it was setup by “hacktivists and activists” pays an almost unrivaled concern to maintaining users’ privacy. It also employs excellent encryption and security measures, and offers fantastic privacy enhancing features (such as VPN over SSL and VPN through Tor). In my experience, AirVPN is also almost certainly the fastest and most stable VPN service I have ever used. And yet…

BestVPN’s analytics show that while initial signup rates to AirVPN are quite high, most users do not renew their subscriptions. It therefore seems that many out there have tried the service, but simply don’t like it. I can’t argue with figures, and have kept this fact in mind while writing this review.

Pricing & Plans

AirVPN charges €7 (approx. $8 USD) for a month’s subscription, with the usual discounts available for bulk purchases, going down to €4.50 (approx. $5 USD) if an annual subscription is purchased. A 3-day free trial is available upon written request, or if you are impatient, a 3-day subscription can be had for €1.

AirVPN prices

 All subscriptions provide full access to all of AirVPN’s features, making AirVPN a fairly low-cost option when compared to many rival services.

AirVPN payment methods

AirVPN accepts payment via PayPal and an impressively wide range of payment processors, meaning that users in parts of the world otherwise often discriminated against when making international payments should encounter no problems when purchasing a subscription. It also accepts payment via not only Bitcoin, but also via almost any other cryptocurrency you care to name.


I liked

  • No logs
  • Strong encryption (including Perfect Forward Secrecy)
  • Open source client with DNS leak protection, killswich and WebRTC “bug” protection
  • VPN over Tor
  • SSL and SSH tunnelling
  • Port forwarding
  • Accepts Bitcoins (and other crypto-currency)
  • DNS routing to evade VPN blocks
  • 3-day free trial
  • Fast and stable
  • 3 simultaneous connections
  • Website is a fantastic repository of VPN knowledge
  • P2P: ok

I wasn’t so sure about

  • Not a huge number of server locations
  • Italy is not an ideal location

I hated

  • All aspects of the service suffer from assuming that users have a PhD in arcane VPN configuration lore


AirVPN is based in Italy and offers servers in 15 countries, most of which are in Europe except for those in the US, Canada, and Hong Kong. Compared to some providers this is not a lot, but does cover the most popular locations.

AirVPN only supports the OpenVPN protocol, regarding PPTP and even L2TP/IPsec as being too insecure (the jury is out on IPSec, but OpenVPN is defiantly secure, and is generally regarded as the best VPN protocol available for commercial use).  Given that OpenVPN now runs on all major platforms (except Blackberry and Windows Mobile), this is unlikely to be a problem for most users.

Users are allowed up to 3 simultaneous connections (perfect for connecting your PC, phone, and tablet all at once).

DNS Routing

With more and more streaming services blocking users from bypassing their geo-restrictions by using VPN and other geo-spoofing technologies, AirVPN’s fancy DNS routing system that “double-hops” your connection through internal servers in order to bypass such censorship is very welcome.

dns routing

This means that even when connected to VPN servers outside the US or UK, I can access services such as Hulu and BBC iPlayer (it is not even necessary to connect to a VPN server in the country which hosts the geo-restricted service!). In use I find this generally works well… but not always. In these situations simply connecting to a server located in the desired country has always worked for me.

I should also note that visiting takes me a local version of the website (based on my VPN server’s IP address).

VPN through Tor

Along with BolehVPN, AirVPN is the only service I know of to offer VPN through Tor, where you connect first to the Tor network, then to AirVPN. When also using an anonymous payment method (for example properly mixed Bitcoins), this means that AirVPN cannot know who you are, as it does not see your real IP address.

VPN through Tor affords a very high level of true anonymity, something not usually possible with VPN. It is therefore usually regarded as the best way to combine the privacy benefits of VPN and Tor, although the fact that AirVPN presents a fixed point in the chain that could potentially be compromised is a point to bear in mind.

AirVPN also provides instructions for using the Tor browser to achieve secure Tor through VPN (which is much more secure than the “transparent bridge” Tor through VPN feature offered by some providers). For a full discussion on this issue, please see 5 Best VPNs when using Tor.

Alternative ports, SSL and SSH tunnelling

It is rare for VPNs to be blocked, but it happens in places such as China and Iran (although this is usually only partially effective). AirVPN allows you to counter such measures by running OpenVPN traffic over TCP port 443, which is the same port used by regular SSL traffic (the encryption standard used by the whole internet to make websites and internet services secure).

This makes OpenVPN traffic look just like regular SSL traffic, which both hides it, and makes it very difficult to block (as doing so effectively breaks the internet!)

AirVPN port settings

Port settings are easily changed in the client. In addition to TCP port 443, you can evade censorship by switching a variety of ports that are unlikely to be blocked

A very determined adversary, however, can perform sophisticated deep-packet inspection to discover that VPN protocols are being used (and places such as China are not above breaking the internet for users!).


AirVPN’s answer to this is to allow users to wrap their OpenVPN encrypted data inside yet another layer of encryption (SSL or SSH). This should foil pretty much any method employed to detect the use of VPN (the NSA may be able to decrypt the old SSH protocol, so I recommend SSL tunneling if required).

SSL and SSH tunneling should more than sufficient to defeat the Great Firewall of China, but it should be noted that both require additional processing power for the additional layer of encryption, which will slow down your internet connection.

Remote port forwarding is also available for users who require up to 20 open ports for incoming connections , which is useful for self-hosted websites and games servers.

Visit AirVPN »

Security & Privacy

As we can see on the table, AirVPN uses very strong encryption.*

OpenVPN Encryption
Data Auth
Control Auth
Forward Secrecy
Logs & Legal
It almost goes without saying that AirVPN keeps no logs and uses shared IP addresses, and is one of the very few VPN providers to implement Perfect Forward Secrecy (without which OpenVPN should not be considered particularly secure). For this it uses 4096-bit Diffie-Hellman keys, which are refreshed every 60 minutes (or can be set to more often via the client).

Thanks to this, AirVPN was always immune to the potential Logjam attacks exposed by researchers last year. It was also immune by the recent “port fail” vulnerability that affected many VPN services, thanks to its use of separate entry and exit IP addresses on each VPN server. Furthermore, AirVPN is one of the very few VPN providers to protect users against the WebRTC bug (and as we shall see, DNS leak protection and a killswitch are also provided courtesy the desktop client).

As discussed above, AirVPN also offers various (optional) technologies that make using VPN extremely secure and private (and thanks to VPN through Tor, potentially even truly anonymous – especially given the wealth of anonymous payment methods that AirVPN accepts).

In my view, in terms of both technical innovation and excellence, plus its attention to detail in protecting customers’ privacy, there is no other service out there that can touch AirVPN.

It is worth noting, however, that the language AirVPN uses to describe both the purpose of its technology, and how it should be setup, can best be described terse and laden jargon-laden. Looking through AirVPN’s documentation, it soon becomes clear why mainstream users might run away!

Another potential issue is that AirVPN is based in Italy, a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. This is defiantly not ideal, and Italy is also not very friendly when it comes to copyright piracy.

On the other hand, though, even before the EU Data Retention Direction was declared invalid by the European Court of Justice on human rights grounds, Italian VPN providers were not required to keep any logs.  AirVPN says if any such demands were ever made of it by any EU country it operates in, it would bring the case in front of the ECJ.

AirVPN is happy for users to P2P download from any of its servers.

The website

The AirVPN website looks functional rather than pretty, an impression not improved by the often very jargon-heavy language used, with terminology that only more advanced encryption junkies are likely to understand. This is almost certainly (and this is backed up comments from our readers) very off-putting to not just casual users, but even those with above-average technical understanding.

AirVPN stats 2

An exception to this general techies-only presentation style is the beautiful looking server statistics, which make it easy to see details such as load, number of users, ping times, routing and more at a glance.


Support is mainly provided via AirVPNs extensive forums. Unfortunately, the discussions tend towards the very techy, and it is not surprising that many users might find them highly intimidating (do you see a theme developing here?).

On the plus side, the forums provide a treasure-trove of VPN related knowledge, and the AirVPN team’s willingness to discuss intimate details of their operation (backed up by what is clearly strong technical knowledge) is a breath of fresh air in an industry where support often either only provides simple answers to complex questions, or even worse, does not seem to have a clue what its taking about!

In addition to posting questions for the forums, you can email (ticket system) the AirVPN team directly. I have tried this in the past, and found that it can take up to a day to receive a reply, but that the reply is invariably comprehensive.

The Process

Signing Up

Signing up for AirVPN is easy and painless, with the only personal information requested being a valid email address (AirVPN actively encourages users to deploy a disposable email address for this).

Bitcoin payments are made via CoinBase, while other cryptocurrency payments are handled through CoinPaymnents. Once payment is made you will receive a welcome email containing some useful links. Unlike some providers, no account details are sent via plaintext email – you choose your login name and password during signup.

The AirVPN Windows VPN client

AirVPN calls its custom desktop client (also available for Mac OSX Mavericks and Yosemite, and Linux) “Eddie”, and the first nothing to note it about is that Eddie is fully open source. This means that it can be independently audited to ensure nothing untoward is going on, and I wish that more VPN providers would open source their software.

AirVPN Eddie 1

Eddie features DNS leak protection, dynamic server selection, and lots of stats to help you decide on the best server to connect to.

AirVPN Eddie 2

Lots of information!

AirVPN logs

Thanks to real-time logs, it is possible to keep an eye on exactly what Eddie is doing (if you have the knowledge to understand them!).

AirVPN Eddie 4

The lock to the top right indicates that “Network Lock” is enabled. This creates a firewall that prevents any traffic from entering or exiting the computer outside the VPN tunnel to AirVPN’s servers. AirVPN offers good DNS leak protection even without Network Lock enabled (I have never encountered a DNS leak using the service), but Network Lock should ensure DNS leaks are impossible, while also acting as a killswitch.

This setup should also prevent IP leaks due to the WebRTC “bug”, but on my system the Network Lock firewall conflicts with my regular firewall, preventing this feature from working. As this cannot be resolved without completely uninstalling my firewall (something I am not willing to do) I have been unable to check, but in theory this feature should work fine.

Eddie does not properly route IPv6 requests, but does disable IPv6 in order to prevent DNS leaks (it is difficult to slam AirVPN too hard over this, as other than Mullvad , no provider handles DNS requests properly).

The only real issue I have with Eddie is that it changes the Windows DNS settings. This is usually  a good thing as it ensures  all DNS requests are resolved by AirVPN’s servers, but if for any reason the client shuts down suddenly, I need to manually reset the DNS settings before I can connect to the internet again (Control Panel -> Network and Sharing Center -> Change adapter settings -> right-click connection -> Properties -> select Internet Protocol Version 4 -> Properties -> Preferred DNS server:

Eddie is probably the most fully featured VPN client I have ever used. As with most things related to AirVPN, though, it has a techy focus, and uses terms that even an experienced VPN user such as myself sometimes needs research in order to fully understand.

Performance (Speed, DNS, WebRTC and IPv6 Tests)

Speed tests were performed on a 50Mbps/3Mbps UK broadband connection.

AirVPN_upload b
Graphs show highest, lowest and average speeds for each server and location. See our full speed test explanation for more detail.


As we can see, the results are pretty good, although (slightly oddly) it is quicker for me to connect to a server in the Netherlands than in the UK. US performance from the UK is very solid.

Even without Network lock enabled I have never encountered DNS leak issue, and as noted previously, Eddie prevents IPv6 leaks and (if Network Lock is enabled) WebRTC leaks. Anecdotally, I very rarely suffer VPN dropouts when using AirVPN.

Other Platforms

In addition to the Eddie desktop client, AirVPN provides setup instructions for Android (using OpenVPN for Android, OpenVPN Client for Android and OpenVPN Connect) and iOS (using OpenVPN Connect) devices, and DD-WRT and Tomato routers.

Personally, I use OpenVPN for Android, and find that it works flawlessly. The app quickly reconnects when I move between routers or switch from mobile to WiFi connections, and I detect no DNS leaks. OpenVPN for Android can even be configured to act as a killswitch!

AirVPN Review Conclusion

I liked

  • No logs
  • Strong encryption (including Perfect Forward Secrecy)
  • Open source client with DNS leak protection, killswich and WebRTC “bug” protection
  • VPN over Tor
  • SSL and SSH tunnelling
  • Port forwarding
  • Accepts Bitcoins (and other crypto-currency)
  • DNS routing to evade VPN blocks
  • 3-day free trial
  • Fast and stable
  • 3 simultaneous connections
  • Website is a fantastic repository of VPN knowledge
  • P2P: ok

I wasn’t so sure about

  • Not a huge number of server locations
  • Italy is not an ideal location

I hated

  • All aspects of the service suffer from assuming that users have a PhD in arcane VPN configuration lore

Even describing what the myriad of AirVPN’s features do in this review amply demonstrates the strengths of this service, but also why many users struggle with it. In terms of dedication to privacy, cool features, and technical know-how, AirVPN is very impressive – in fact in my opinion no-one else on the market can touch it in these regards.

But (and this is big but!) AirVPN clearly fails to engage with a wider audience due to its impenetrably tech-heavy focus. In many ways this is unfair, as the AirVPN client is easy to use (just download and run!), and it seems churlish to criticize a service for its meticulous attention to detail and for offering a slew of features rarely available elsewhere (if at all).

If we take a quick look at the discussions on the forums, however, or even much of the documentation designed to help new users, or how options are presented in the client, it is easy to see why both visitors to the website and existing become intimidated!

As such (and great as I think it is), AirVPN should probably be regarded as a niche service aimed at tech-heads and privacy junkies, rather than one suitable for a mainstream VPN audience.

Visit AirVPN »

*The privacy and security section of this article has been updated following AirVPN contacting me to clear up some errors/confusion, the most notable of which  relate to the use of HMAC SHA1 authentication on data and control channels. I am now convinced that HMAC SHA1 is very secure. Please see the comments section of this article for AirVPN’s in-depth reasoning.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


62 responses to “AirVPN Review 2016

  1. Hello, thanks for the review I’m just letting you know that your “visit AirVPN” links redirect to the NordVPN website, haha.

  2. I have been living on this site for the past few days. I’m going to purchase a VPN very soon. I travel extensively and I don’t go to “adult” sites or anything like that.
    However, I do a lot of online banking and Amazon purchases.
    I, obviously, want to keep all of that info encrypted since I’m in hotels and airports.
    Would AirVPN be the best choice for me?
    I’ve been swayed back and forth a good bit lately between ExpressVPN and AirVPN.
    Thank you for your hard work and time. This is a great educational site!

    1. Hi Mark,

      For simply visiting your banking website and Amazon, etc., you do not really need a VPN, as your connection is protected by HTTPS. In many ways ExpressVPN and AirVPN straddle opposite ends of the VPN spectrum. ExpressVPN is arguably the best provider around in terms of newbie-friendly software, great customer service, and a genuine no quibble 30-day money-back guarantee. AirVPN, on the other hand, is arguably the best VPN service out there in terms of dedication to privacy and technical know-how. But it is not newbie-friendly and customer orientated in the way that ExpessVPN is. So it’s a bit like chalk and cheese. Personally I use AirVPN, but I fully understand why many others prefer ExpressVPN’s more approachable service.

      1. Douglas,
        Is there anyway I can email you with a few questions? I would rather do that than have everyone see our questions.
        If you can see my email address that’s needed to post, please send me an email there.
        I signed up for AirVPN for a few days and I just have a few questions.
        Thank you.

        1. Hi Mark,

          I am employed by BestVPN, so please direct your questions here. We do not check whether the email address you enter is valid, so feel free to make one up and post your questions anonymously.

  3. i have used air for 2 years when i have money i have air thay are he very best vpn for xbox live that you can getand 7 bucks lol i love my air

    Nice review Douglas, I’m another of those totally satisfied customers (using it for 1 year, just renewed for another one).
    But yes, it is definitely for the more tech-savy crowd, nothing you point your mother at and just say “use that” 😉
    Two issues can get really frustrating the mentioned DNS problem when Eddy crashes, which they really should just give a prominent posting at their website as I needed some hours to find the root of the problem and resolve it.
    The other problem (general VPN problem not AirVPN related) is what I’ll call the MTU-Problem. I was at my mothers home who uses Unitymedia cable as a provider and I just couldn’t get a stable VPN connection, it worked for a short time and then just failing to transfer anything and sometimes even taking the router with it so I had to reset the router. That took me a lot of time resolving including reading a lot of VPN documentation and all sorts of partially related hints, postings,…
    You have to lower the maximum MTU-size then it works (eg link-mtu=1300 in the openVPN manual settings). Still don’t fully understood how to calculate the optimum MTU-size but playing around with the size should get you a working connection. If I sometimes decide to delve really deep into this topic and finally really understand the parameters (there is the fragment parameter to set and the correct mss-size to get the optimal throughput) then I really have to write a FAQ on this as there is not one easy explanation on the Web.
    But this is NOT an AirVPN problem, this is related to the provider!

    So, sorry for the long entry, just wanted to help other people having this problem, as I had big problems finding the cause and solution (and I’m very good at searching the web).


    PS: Just adding this for Search Engines to find it, remove if unwanted:
    Unitymedia VPN problems disconnection

    1. Hi Jochen,


      – In fairness, the DNS issue affects just about any VPN client that uses a firewall for DNS leak protection and kill switch. I totally agree that AirVPN should do more to flag up the problem and explain how to fix it.
      – I must admit that I have never heard of or encountered this “MTU-Problem before. Thanks for flagging it up, and for what sounds like the sterling work you have put into researching it. Do you know if it is just a Unitymedia (a German ISP) issue, or can it affect customers of other ISPs? If/when you do write a FAQ, please do contact me or post a link to it here.

  4. I’m a rookie. This info sounds like a good choice. I have a new ASUS dual band router. How does this work? The software is to be installed on my router?

    1. Hi Phillski,

      You can either install the AirVPN software client on your computers or configure your router (AirVPNs instructions for doing this using Asus-WRT are available here). Note that if you run the VPN from your router, you do not benefit from the additional functionality provided by AirVPN’s desktop software (e.g. “network lock DNS leak protection and kill switch, port selection etc.). It is also worth noting that the processor in even high-end routers can struggle to cope with the demands of processing OpenVPN, so your internet connection when using VPN will likely be faster using desktop or mobile VPN software.

  5. Hi Douglas,

    Just a few words of feedback on my 1-week journey with AirVPN. Well, in fact I’m satisfied with the speeds I get, when connected to their 1-Gigabit servers with the minimum latency.
    What I don’t really like is that Network Lock feature simply does not work when Kaspersky Internet Security is installed and operating. Whenever I disconnect from whatever AirVPN VPN-server, the software is telling me: “Network is locked” or something like that. So, I assume, I shouldn’t be able to browse Internet anymore, right? Not a chance. The internet is still working as it has always been working.
    I need to shut down Kaspersky to make this feature work. Not good!

    Second issue is that AirVPN broke my Wi-Fi connection on the very same computer, when I utilized AirVPN through it. I have no idea what the software changed, but now Wi-Fi simply does not work — there is still a normal connection, but no connection to the Internet. I need to switch AirVPN back to browse internet while on wi-fi (I have a TP-Link 300mbps n-type USB adapter and I’m getting the internet from my smartphone, which is able to create a wi-fi hotspot).
    Guess I need to go and browse their forums for some info, I’m not sure I’m the only one with these problems.
    So, these are the facts, which kinda preventing me from purchasing a one-year package.
    I don’t like these facts and I’m really not very enthusiastic as to investigating these issues myself. Maybe you can advise anything? Overall it seems like they don’t have competitors on the VPN-market offering the same features and general stability. Correct?
    Thanks a lot.

    1. Hi Leon,

      Thanks for the feedback.

      1) AirVPN’s “Network Lock” is in fact a firewall that prevents all connections outside the VPN. The Kaspersky Internet Security suite also uses a firewall. The 2 firewalls clearly have conflicting rules, and the Kapersky one is blocking Network Lock from functioning correctly. This is annoying, to be sure, but I don’t think really fair to blame AirVPN for the issue.
      2) As with most good VPN services, AirVPN routes DNS requests to its own servers (rather than your ISP performing this function). What you are experiencing is almost certainly due to your DNS settings not returning to default values after quitting AirVPN. Please see my How to Change your DNS Settings guide on how to fix this.
      3) When it comes to VPN technology, AirVPN is in a class of its own. But as noted in this review, user-friendliness is not one of its strengths.

  6. hi Douglas,

    Im using PIA (private internet access) vpn. i use viber alot. on viber what ever vpn you use it always shows your exact location (i mean your true location). you can change to hundred location on vpn but it never change on viber. why is that? how can tweak the settings so it could show my vpn location?

    1. Hi nic,

      The problem with Viber is that it is a mobile app, and mobile apps use information other than your IP address to determine your location (for example your GPS location data , network provider information, and IMEI number). Using a VPN cannot help with this, and unfortunately there is very little else you can do about it.

  7. Douglas

    Your review of AirVPN is much appreciated. I have come close to signing up with others by reading comments as held me back. The only value I see from using VPN is to keep each persons ISP or local government off their back. If one only used VPN when needed it might make sense.

    I used VPN years ago through HMA. It was almost okay at the time but had no kill switch that worked. A lot has changed since then so I am back to the newbie level.

    Paranoia in the war with the three letter guys is not misplaced. They are very good at what they do. Experience with these guys tells me that they know almost everything about us they want to know. The new $1B+ NSA complex in Utah is coupled with a new Adobe complex across the road with direct fibers interconnecting. One of the prime principles of surveillance is to hide things in plain sight. Nobody thinks to look there. I have blocked all Adobe connections on my computer and do not use Flash or Adobe reader. The first thing they do when activated is to call home. I don’t know how much or what information is sent but the one thing that rarely changes is my MAC address. You might say the MAC address does not go past my router but that is only when it is in the header. If it is sent as part of the payload then all bets are off.

    I can see the effects of my blocking Adobe and AddThis by the number of connections the system tries to establish and are rejected by the firewall. Standard procedure is for them to keep incrementing port numbers looking for a way out.

    So why do I go into such detail? I want my life back only to myself about what I do on the internet. With all of this software calling home, with who knows what or how much information, I wonder if using the best VPN available will help if when I start my browser, my identity is revealed. When Firefox came out with a recent update they included a black box (no longer open source) for the DRM people. I found the DRM module was calling home every time FF loaded. I don’t use any DRM material on my machine. I chose to install the non-DRM version. Most people don’t even know it exists.

    I see VPN as only a partial solution. A solid firewall with Adobe, AddThis, and others blocked helps. NoScript is another good weapon.

    What I don’t understand, as a newbie, is if I install AirVPN will I still have access to my network printers and other computers on my LAN that I share files with? I don’t want to be trashed by the wizards at AirVPN for asking these types of simple questions. If I have to change some ports, configure something, or edit the register I am okay with that. The problem is I don’t know what to do and don’t have their experience.

    One thing AirVPN could do is provide help files or links to simple information a non-wizard needs. Forgive me, Mr. Wizard, if I offend you by asking what you think are dumb questions. I have my specialties and you have yours. Please guide me in the right direction. I am willing to dig for it and learn. I just don’t know where to look.

    1. Hi John,

      Offend? Ha ha. That’s what I’m here for!

      – I completely agree that using a VPN is a only partial privacy/security solution. I think you should view internet privacy and security as a complex problem, and to have any chance of addressing the problem, you need the right tools. A VPN is one such tool, and if implemented well (as it is by AirVPN), a very good one.

      – If the NSA is after you in particular, then you are probably fucked. A VPN, however, is very effective at hiding your internet activity from blanket surveillance measures.

      – Please see my article on Firefox to incorporate DRM (reluctantly). Note that DRM can be turned off in Firefox (Settings -> Content).

      – To stop online tracking, browser extensions such as Privacy Badger, uBlock Origin, and (if you want to go nuclear) NoScript are better than VPN (or more accurately, should be used in combination with a VPN – see “toolbox” comments above).

      – As with almost all VPN clients, AirVPN exempts LAN connections from its firewall, allowing you to use local resources such network printers and NSA drives as normal. The only problem I have ever encountered is connecting to my Chromecast from my PC when AirVPN is running (although, strangely enough, Casting from my Android phone with AirVPN running works just fine).

  8. Hi Douglas,

    very helpful review, thanks! I am in China, using two vpn …just in case. The Air VPN set-up took some time as the user interface requires some understanding, which I do not have. But there was a good explanation on the website and I managed. Now I am able to use google and watch you tube videos. It also works during times of increased blocking activities (during public holidays and party congresses).



  9. Save your money by reading this! Being AirVPN user for 3+ months, I can say – run away as fast as you can!

    Their servers worked well enough for 2+ months, then connection problems started occurring more and more often. Today I posted a message on their forum telling that service is down again, and called it a “great service”. Do you know what happened? They instantly banned me on the forum, closed my VPN account (I paid for 12 months of service) and this is it!

    Needless to say, they ignore all my emails and refund requests, so stay away from this “company”! Otherwise, your account will be closed and they will keep all your money in case you complain about their service.

    1. Hi nobody,

      Ouch! That’s not good! I must say, however, that my experience has been somewhat different, and that AirVPN’s support has always tried to help when I’ve had an issue..

    2. @nobody (Poster)
      Well with the tone in which you write, I can understand why they might ban you, as you were probably quite indignant. By the sound of it, you appeared on the forum and cried like a baby, no offence. “Your servers are down! Nothing works!!!” and not even bothering to:

      – Describe the problem
      – Describe your setup and/or show relevant client logs
      – Describe things in a civil way
      – Describe the results of using AirVPNs OWN TESTING SERVICES such as the Route Checking feature, that lets you check all servers at once, to see if only 1 server is the problem or not:

      If that’s the case, then you kinda deserve a ban IMO, because honestly, there’s no telling legitimate users from spammers and trolls a lot of the time. What’s the result? Clean forums, where information isn’t obscured by emotional outbursts and senseless slurs. Because you know what? There’s a 99.99999% chance that the servers were not down that day; if so, more users than simply you, would’ve been on the forums reporting the issue. So what likely happened (and I did try look for your post), is that you appeared on the forums, moaned about problems in a lazy and unhelpful way (even downright rudely, if that “great service” remark was sarcasm) and then tried to pin the problem on the service itself, before checking and getting feedback on your own setup. This is basic 101 stuff.

      There’s also many helpful people on the forums. Just check this new-user guide that an AirVPN member made:

      So if anything, you could ask him personally or post in the thread. The point is, you didn’t try to solve the problem like an adult, it seems, so why should anyone treat you like one?


      Otherwise it’s an excellent review Douglas. You put out some great stuff.
      The location of AirVPN doesn’t make a huge difference, because in a way, there’s not many viable countries in the world for this stuff. A lot of VPN providers they fake their Geo-IP, to make it appear that they’re located in a different country for instance. I think you should mention something about VPS instances:

      Namely that some services, such as PIA, offer many locations officially. But in reality, a lot of these locations are fake and run on a VPS. Running a VPS setup can be okay if users are informed as such; but most aren’t. This means people think you run “bare metal” servers in country X or Y, but in reality those servers are in country A, pretending to look like they’re in country X and Y. This then lets the VPN provider “add another flag” to their front-page. My point is, that AirVPN doesn’t do this. They’re very honest. In fact, they care so much about security and privacy, that they simply won’t setup servers in countries deemed bad for them. So it’s not because they don’t *want* to set up more servers or are physically unable to, it’s because they have a mission to protect the privacy of their users. That, and they make actual cost-benefit analysis about server locations: for instance, the Middle-East is an expensive place to set up a connection. If you could even get a good-quality one in the first place. But many other VPN providers don’t mention this. Just like they don’t mention that using a VPS means you can log everything the virtual “servers” are doing.

      I think you should’ve given it 5 stars for pricing, considering you get so much for your money. No over-selling, no lies or attempts at deceiving people. Oh well.

      I do agree their customer service could be a little better however, as well as making things more user-friendly for newcomers; but then there’s members who’ve already posted guides, like the one I linked to, as you said.

      Thank you.

      1. Hi v13,

        Thanks! 🙂 As you will know if you have read this review, I am a big of fan of AirVPN. In fact, I think it runs both the most principled and technically capable VPN service on the market. As for the star rating, these are are not decided by me, or even by the BestVPN staff. They are derived from the ratings entered by readers when they post comments here.

      2. I disagree that you can infer accurately from someone’s tone what type of client she/he’s been in the past. Several large publications on the psychology of complaining point out that many people don’t want to invest the effort and time in complaining–especially in a compliants-averse culture like that of the US, so by the time they do, often the issue they’re confronting has gone on for so long or has become so critical that tempers easily flare. If someone’s already tried diplomatically to handle the matter but has been ignored or mistreated, she/he’s likely to become significantly more agitated. Even tacitly censoring these individuals in other forums is counterproductive, as we should all know if companies whose services we’re paying for can be unprofessional. And ad hominem certainly doesn’t resolve anything (“…cried like a baby…”). Your own argument would have been much more credible without it.

        We, at least, appreciate Nobody’s heads-up as we look for a replacement VPN for our at-home browsing needs.

    3. I have been using AirVPN for 3 years, the only problem I have ever encountered was with P2P slowing WAY down. The help desk, as stated, is very techie and did not help me at all fix the solution but for some reason it fixed itself. This was about 1 year ago and everything went back to good speeds after about a week, not sure why and it wasn’t anything I did. My subscription finished 4 days ago and I have been spending all that time searching for another provider but so far AIRVPN is still tops, even if all the vpn review sites don’t show it as. Once setup, which is just an install really, everything works out of the box. I renewal for a year, with a 10% coupon, will be $4.05 per month, slightly more than the cheaper vpns charge but far better product.

      I use Windows 8.1 firewall and the network lock works as advertised for me. I run IPLEAK test and nothing ever points to my real location. Sometimes when you shut down AIR the lock won’t reset your IP4 address, then you have to go in and change it from their DNS number to default, but that is it.

      As stated, I am buying their service again for the 4th year right now.

  10. AirVPN accept a wide range of payment options but beware if you are using a prepaid credit card. Their card processor Avangate does not always respond nicely to users of prepaid giftcards.

    Hello Douglas,

    can you explain why Italy is not an ideal loc?
    Cause I’m from Italy and I’m looking for a vpn to use here.

    Specifically, I work in an italian university, so the athenaeum network managing office assigned an IP to me, but I know they can (and probabily do) monitoring my traffic.

    Can you tell me if a vpn can allow me to safety dl with utorrent even in this circumstance and are there specific risks using an italian based vpn in Italy?


    1. Hi Marco,

      Italy is a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. I have provided a couple of links in the article to demonstrate that this is more than a theoretical problem. Despite this issue, I still regard AirVPN as the most secure and privacy-conscious provider on the market. You can download safely using AirVPN (or any torrent-friendly VPN provider) – the NSA etc. does not care about this. As a precaution, however, I would suggest using a server based in Switzerland, as copyright piracy for personal use is not illegal there.

      1. Thanks for your ready answer!
        In truth, I don’t care at all about NSA spying activities, i fear much more the university network manager.

        Well I’ll try out airvpn, thanks again.

    Worst service ever!

    I was happily signed in the web site and then i decide to log out.
    Then i was not able to sign in again! I asked for a password reset and after several trials i finally decided to change the password to the most difficult one: 1111.

    NOTHING, always the same message: “username or password incorrect”

    They do not support anything else than OpenVPN. I wander why everyone is surprised by the fact that many potential users seem to be put off by AirVPN.

    Only few top routers support this protocol, and even less xDSL modem router do.

    Thank God i was smart enough to spend only 7 Euros in this junk.

    1. Hi Dario,

      Support is not AirVPN’s strongest point, but I am surprised if it didn’t offer some assistance with this issue. As for support only for OpenVPN – it is the most secure and flexible VPN protocol, and I admire AirVPN’s decision to use only it. I agree, however, that AirVPN is not for everyone.

    Perfect working! Installation full automatic, nice working on my iMac.

    A quick follow-up regarding AirVPN. It appears one of the main founders of AivVPN is Mr. Paolo Brini. He is also a spokesperson for ScambioEtico, an Italian group that campaigns for civil liberties and copyright reform.

    This bit of info fills in, for me, the statement on AirVPN’s website that:
    “Air VPN was originally founded in 2010, by a group of ‘hacktivists’ and lawyers, both of which were willing to donate their time to a cause that they believed in. The AirVPN system was originally created for the Pirate Party festival in Rome, which shows just how involved they are in the pro-privacy and anonymity scene.”

    This gives me additional confidence and comfort in using AirVPN. Thank you Mr. Brini.

    One of the interesting and recurring questions that comes up in the 15 years I’ve been using vpns is how can you decide which ones to trust? Are there some sort of “inside” forums or IRC channels where ‘those who know” know who runs various vpns? A simple statement on a vpn’s website of their good intentions really isn’t worth its screen space. For example Perfect Privacy, which provides a very good quality vpn service with easy triple hopping would seem to be a trustworthy operation based on their statement that they are a group of “privacy advocates”. Until you find out that this group of “privacy advocates” is founded and run by serious neo-Nazis. It seems very hard to determine who is actually behind many of the vpns so you could make a best judgement about their likely trustworthiness. Are there any recognized persons respected in the privacy community that vouch for particular vpns? (similar in principle to reviewing public encryption code). There ought to be. Does EFF for example vouch for the bona fides of any vpns?

    I would like to hear some trusted person vouch for AirVPN for example. I’ve found it very hard to find out anything about who is behind Air, just as it was hard to find out who was behind Perfect Privacy. It would seem nearly dereliction of duty for TLOs not to be operating some vpn honey pots, but how would you identify them? Without some kind of a web of trust, choosing a vpn is nothing more than a crap shoot.

    1. Hi K,

      A web of trust to vouch for VPN providers is an excellent idea (especially if supported by the likes of the EFF)! Unfortunately no such thing currently exists, and I have no idea how it might be implemented, but BestVPN would be very happy to support such an initiative.

      With refernece to Perfect Privacy, could you please explain this statement and provide references? Thanks. Edit. ah… this. Ouch, not nice. Thanks for bringing it to my atention.

      1. Yes, this is a very distressing accusation against Perfect Privacy. And I wouldn’t say it if there weren’t definitive proof. In this case I will take a conviction by German courts as definitive. Below are two links to publications detailing the German court case against three neo-Nazis, and their relationship to PP. The third link is Wikipedia about one of those convicted. No doubt some further drilling down would reveal many additional connections.

        In 2012 a reference to the above arrests and trial appeared in the Perfect Privacy forums, but very quickly disappeared. I imagine a large percentage of PP users do not know that their (rather high) subscription fees go toward supporting people who advocate this kind of hateful and disgraced ideology. I seem to remember that I stumbled on some web references connecting the convicted neo-Nazis above and Stormfront, one of the largest American and European neo-Nazi groups. But I would encourage anyone interested to verify this independently.

        Re: web of trust for vpns, in the next few days, I’ll try contacting some of the privacy advocacy organizations listed here,, to see if they can offer some advice on how to go about creating a web of trust for vpns. I’d be happy to collaborate with you and some small group on such a project. Perhaps we can build a critical momentum to make this happen :). Feel free to contact me at my email below. Cheers.

        1. Hi K,

          Thanks for tipping us off about this, we have now updated our Perfect Privacy review to include mention of the issue. It is entirely possible that Perfect Privacy was always unaffiliated with the vile political views of some of its staff, or even if it was, that this may no longer be true. We do, however, feel it an issue customers should be aware of, as many would be horrified to think thier subscription fees might contribute to propagating such extremist views. I have emailed you about your web of trust ideas.

    How much processing power would you recommend for the additional layer of SSL?

    I was thinking of buying the Netgear R7000 Nighthawk DD-WRT FlashRouter with 1 GHz.

    1. Hi Dave,

      I’m afraid that I can’t give you a definitive answer on this one, but when Peter reviewed this router he encountered no slowdown when using it for regular VPN. I would guess that it is powerful enough to deal with the extra layer of SSL, but it might be a good idea to ask AirVPN’s own forums just to be sure.

    Hi, Douglas
    I have to agree with all the previous posters that your review is excellent and IMHO, spot on! I’ve been using Air for about a year, it’s the 5th vpn I’ve used in the last 15 years. The functionality is superb and, as you said, it’s actually very easy (and reliable) to use.

    But, as again you put very nicely, the sort of icy ubertech can be at times frustrating. And I’m pretty tech savvy. At the moment I’m felling frustrated that some forum posts there were blocked because they weren’t sufficiently tech focused. God forbid you should talk about the political environment of privacy. Well, with Air it seems warm n fuzzy isn’t an option, you have to be satisfied with technical expertise par excellence. Which is what I’ve chosen by re-upping. As a future improvement to their service I would really like to see them add selectable multihop to Eddie. But they don’t seem well disposed to considering suggestions. Perhaps it’s just as well that they remain a smaller niche provider…increasing size often deteriorates quality. It does worry me that the group and all its severs (but one) are located in 15 Eyes countries. It would be comforting to be able to multihop (easily) through non-cooperating political jurisdictions. Cheers.

    1. Hi K,

      Thanks! I will just note that I am dubious about the value of mulit-hop connections. The VPN still routes the signal, and so a) adversaries will be easily able to trace a user to the the VPN provider, and b) the provider still does the routing, so knows exactly who is connected to what. I am happy, however, for someone to explain why I’m wrong about this.

      1. Hi, Douglas

        What you have said is correct if you assume that the vpn provider is compromised, i.e. giving your information to some government organization. If they are protecting your information as they have promised, then it seems it would be much harder for lets say, the NSA to do backtracking traffic analysis through Russia to China to its originator in i.e. Venezuela. If the vpn is compromised, then 1 or 100 hops is irrelevant. But the same holds true for Tor or any vpn service, if it’s compromised, game over. If the vpn is not compromised, just multi-hopping itself makes traffic analysis exponentially harder with each hop, i.e 100 users on hop one X 100 users on hop two X 100 users on hop three…now you have to sort through 1 million sources for the source of the signal, not 100.

        Also not having the cooperation of the governments where the servers are located would seem to make the problem even harder than having that cooperation which might allow for example physical access to the servers.

        1. Hi K,

          Interesting points, thanks. This only seems to be true, however, if you locate double-hop servers in countries where your primary adversary (say the NSA for argument’s sake) has no reach, which is itself problematic. Russia, for example, is hardly a place where I would want servers protecting my privacy to be located, and China actively tries to block VPN traffic. If we are going to assume the VPN provider is not compromised, then use of shared IPs and Perfect Forward Privacy should thwart all but the most advanced traffic analysis (and if someone capable of this e.g. the NSA is targeting you in this way, then you are probably in big trouble anyway).

          I also think that “the same holds true for Tor” seems wrong, as Tor connections are routed through at least 3 random nodes, and are re-encrypted each time. This makes it all but impossible to trace the route from beginning to end (a very powerful adversary such as the NSA, if it was willing to throw insane resources at pwning enough Tor nodes across the world, might be able to pull this off, but even then, it would be a long shot).

          1. I agree with most of your first paragraph. Actually the reach of 5 Eyes within Russia or China is probably only known to 5 Eyes. But it seems at least a bit comforting to think about triple hopping through non-cooperating jurisdictions. But it would depend on who you thought the threat was from; a Russian or Chinese dissident obviously wouldn’t want to use servers in their own countries. Also it would seem logical that a foreign government would be less invested in determining one’s political views, for example.

            As I understand Perfect Forward Secrecy, it wouldn’t really impact on traffic analysis as it only changes keys frequently, but traffic patterns wouldn’t change. But multihopping gives exponential improvements in defeating traffic analysis.

            There are several vpns that offer multihop. Do you know if it’s a sort of common practice to re-encrypt at each hop?

            A real weakness in TOR is that some percent (sometimes a very large percent) of volunteer nodes are controlled by government or hacker groups (sometimes a large percent, especially exit nodes). Also compromising a small number of administrative nodes could give a TOR attacker control over the routing of all TOR traffic. As far as I know this is not known to have happened, but is a theoretical weakness.


          2. Hi K,

            1) I think you do have a good point. If the double-hop server is located in a country hostile to your adversary, then it might be useful (but if it is located anywhere else, then I don’t think it is).
            2) True, PFS won’t prevent traffic analysis per se, but it does make it pretty much impossible to compromise an OpenVPN connection (my bad for being unclear).
            3) I know that NordVPN does encrypt data each time it leaves a double-hop server, but then most of its double-hop servers are located in countries friendly to the NSA and most international police forces…
            4) To effetely deanonymise someone on the Tor network the NSA would need to run a lot of those nodes… as I noted earlier, this might be possible, but would require a very large effort.

  11. Hi Douglas,

    very nice review, thanks.

    I would just like to point out a bad mistake in it that you might like to fix. You write: “As we can see on the table, AirVPN uses very strong encryption, although it is probably about time to move away from SHA1 data authentication to something stronger (SHA1 is still considered secure, but may not be for long)”

    The main problem is that you assume that SHA1 is the cipher for packets authentication, either on the Data or the Control Channel. But that was never the case, the cipher is HMAC SHA1 in the Data Channel (or HMAC SHA384 in the Control Channel).

    Let’s assume that collision methods against SHA can be routinely performed: even if that were true, that would not allow an attacker not knowing the HMAC key to make an undetected change in a packet (and therefore inject packets in the flow surreptitiously).

    To bring on the collision attacks on SHA-1 you need to know the state of the SHA-1 chaining variable. The key enters both extremities of the iteration of rounds in which the message (the packet, in our case) stands in HMAC. A much deeper break of SHA-1’s round function would be needed to break HMAC and then starting SHA1 collisions attempts.

    For a mathematical proof that HMAC (and NMAC) provide security without needing collision resistance of the underlying hash algorithm please see this very important paper:

    “This paper proves that HMAC is a PRF under the sole assumption that the compression function is a PRF. This recovers a proof based guarantee since no known attacks compromise the pseudorandomness of the compression function, and it also helps explain the resistance-to-attack that HMAC has shown even when implemented with hash functions whose (weak) collision resistance is compromised. We also show that an even weaker-than-PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal, where again the value lies in the fact that known attacks do not invalidate the assumptions made. ”

    Kind regards and thank you again for the great review.


  12. Hi Douglas

    Very nice review, it stands apart from many other VPN reviews i have read.
    I’am a Air-VPN user for the 4’th year now and love there service.
    Not long ago i renewed it for the next to years.
    I can agree to your “heavy tech focus” when discribing the language and the forum, but there are many nice people writing how to’s and torturials.
    The three simultaneous connections come very handy when you try to utilize all your broadband bandwidth. I use them in a simultaneous loadbalancing setup with opnsense firewall.
    Keep up the good work!


  13. AirVPN is surely the best VPN I’ve ever used. The speeds are damn good, it never felt like I was using a VPN. The only problem I faced was with the client. The client often crashed while minimizing the tab. But when it comes to privacy, this is the best

  14. Hi Douglas, one quesiton,

    I see airvpn has servers in Canada. Is safest to download/p2p from them? I read this

    “Canada has enacted mandatory data logging and monitoring by Internet Providers and VPN service providers based in Canada”.

    Don’t know if this apply to all vpn providers located in Canada, or to all servers no matter where the vpn provider is located (i understand airvpn headquarters are in italy)


    1. Hi Max,

      If AirVPN says it’s safe to download then it will be safe. I think the mandatory logging situation in Canada is very “grey” at the moment, and no-one is really sure what is going on (including providers).

        1. Hi Max,

          Yes it will. Not only is it dedicated to protecting users’ privacy, but it uses shared IPs and keeps no logs, so it would be almost impossible to hand over users’ details, even somehow if forced to. Note that pretty much all VPN services who permit P2P also protect their customers in the same way.

  15. Hi Douglas,

    Excellent review. I was quite surprised at the low renewal stats that you mentioned. Perhaps as a somewhat regular contributor on the AirVPN forum I/we could perhaps be a little more aware that newbies could be treated with a little more due care and attention. I for one can tend to be a little terse and impatient with what I deem to be ‘daft’ questions or comments from some.

    However, the general feeling is that we point or nudge people to look up stuff for themselves and therefore learn more about the subject by doing so. Need to be somewhere in the middle I guess!

    Best Regards

  16. Douglas

    As I happy AirVPN user I mostly agree with Your review. Mostly except, Air DNS double-hop. It’s at best patchy. For example BBC iPlayer just doesn’t work on most server locations outside UK. I’m currently on Netherlands servers and can’t connect to iPlayer. This is important, because some people may have false expectations that they can connect to fast, nearby server and stream content from all over the world. This just not work. However You may, as with any other VPN provider connect to given country and bypass geo-blocking.

    Another important information is that with their subscription You may have up to three simultaneous connections.

    Just my $0,02.

    1. Hi Artur,

      I totally meant to include info about simultaneous connections, but simply forgot. I generally find that the “double-hop routing! works well, but you are right that it is not perfect. Thanks for your input, and I have updated the article accordingly.

    1. Hi Guy,

      TBH I don’t find anything that difficult (just download and install the software as per normal), but based on reader’s comments and our market analytics, many potential users seem to be put off by AirVPN very techy and jargon heavy focus.

  17. Nice Review Douglas and as always I learned something new. So who are some other VPN providers that provide ‘ Perfect Forward Secrecy’?
    I just finished a 1 year sub with PIA and sign-up with NordVPN. Nord’s servers are noticeably slower and do drop-out quite often. In your opinion which provider has better security features? Do either of them offer Perfect Forward Secrecy? it’s not mentioned anywhere on their website, I assume it’s something their marketing departments would splash on their website. Thanks.

    1. Hi Rick,

      Thanks! To be honest, I don’t know which other services use PFS, but will include this information in any future reviews I do. As for PIA and NordVPN, it is probably best to ask them – I suspect they don’t implement PFS (or as you say, they would shout about it), but asking may encourage them (and other providers) top pull their socks up in this regard!

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to add a star rating to your comment? Click here
Customer Service