Alternative VPN Choices for You
AirVPN is based in Italy and offers servers in 15 countries, most of which are in Europe except for those in the US, Canada, and Hong Kong. Compared to some providers this is not a lot, but does cover the most popular locations. AirVPN only supports the OpenVPN protocol, regarding PPTP and even L2TP/IPsec as being too insecure (the jury is out on IPSec, but OpenVPN is defiantly secure, and is generally regarded as the best VPN protocol available for commercial use). Given that OpenVPN now runs on all major platforms (except Blackberry and Windows Mobile), this is unlikely to be a problem for most users. Users are allowed up to 5 simultaneous connections (perfect for connecting your PC, phone, tablet, and a couple more devices, all at once).
With more and more streaming services blocking users from bypassing their geo-restrictions by using VPN and other geo-spoofing technologies, AirVPN’s fancy DNS routing system that “double-hops” your connection through internal servers in order to bypass such censorship is very welcome. This is a great VPN for iPlayer and other streaming services such as Hulu. This means that even when connected to VPN servers outside the US or UK, this is a VPN that works with Hulu and BBC iPlayer (it is not even necessary to connect to a VPN server in the country which hosts the geo-restricted service!). In use I find this generally works well... but not always. In these situations simply connecting to a server located in the desired country has always worked for me. I should also note that visiting Netflix.com takes me a local version of the website (based on my VPN server’s IP address).
VPN through Tor
Along with BolehVPN
, AirVPN is the only service I know of to offer VPN through Tor, where you connect first to the Tor network, then to AirVPN. When also using an anonymous payment method (for example properly mixed Bitcoins), this means that AirVPN cannot know who you are, as it does not see your real IP address. VPN through Tor affords a very high level of true anonymity, something not usually possible with VPN. It is therefore usually regarded as the best way to combine the privacy benefits of VPN and Tor, although the fact that AirVPN presents a fixed point in the chain that could potentially be compromised is a point to bear in mind. AirVPN also provides instructions for using the Tor browser to achieve secure Tor through VPN (which is much more secure than the “transparent bridge” Tor through VPN feature offered by some providers).
Alternative ports, SSL and SSH tunneling
It is rare for VPNs to be blocked, but it happens in places such as China and Iran (although this is usually only partially effective). AirVPN allows you to counter such measures by running OpenVPN traffic over TCP port 443, which is the same port used by regular SSL traffic (the encryption standard used by the whole internet to make websites and internet services secure). This makes OpenVPN traffic look just like regular SSL traffic, which both hides it, and makes it very difficult to block (as doing so effectively breaks the internet!)
Port settings are easily changed in the client. In addition to TCP port 443, you can evade censorship by switching a variety of ports that are unlikely to be blocked
A very determined adversary, however, can perform sophisticated deep-packet inspection to discover that VPN protocols are being used (and places such as China are not above breaking the internet for users!).
AirVPN’s answer to this is to allow users to wrap their OpenVPN encrypted data inside yet another layer of encryption (SSL or SSH). This should foil pretty much any method employed to detect the use of VPN (the NSA may be able to decrypt the old SSH protocol, so I recommend SSL tunneling if required). SSL and SSH tunneling makes this a great VPN in China and more than capable of defeating the Great Firewall of China, but it should be noted that both require additional processing power for the additional layer of encryption, which will slow down your internet connection. Remote port forwarding is also available for users who require up to 20 open ports for incoming connections, which is useful for self-hosted websites and games servers.
Speed and performance
Speed tests were performed on a 50Mbps/3Mbps UK broadband connection.
As we can see, the results are pretty good, although (slightly oddly) it is quicker for me to connect to a server in the Netherlands than in the UK. US performance from the UK is very solid. Even without Network lock enabled I have never encountered DNS leak issue, and as noted previously, Eddie prevents IPv6 leaks and (if Network Lock is enabled) WebRTC leaks. Anecdotally, I very rarely suffer VPN dropouts when using AirVPN.
AirVPN charges €7 (approx. $8 USD) for a month’s subscription, with the usual discounts available for bulk purchases, going down to €4.50 (approx. $5 USD) if an annual subscription is purchased. A 3-day free trial is available upon written request, or if you are impatient, a 3-day subscription can be had for €1. /blog/29990/vpn-encryption-terms-explained-aes-vs-rsa-vs-sha-etc/
All subscriptions provide full access to all of AirVPN’s features, making AirVPN a fairly low-cost option when compared to many rival services.
AirVPN accepts payment via PayPal and an impressively wide range of payment processors, meaning that users in parts of the world otherwise often discriminated against when making international payments should encounter no problems when purchasing a subscription. It also accepts payment via not only Bitcoin, but also via almost any other cryptocurrency you care to name.
Ease of use
Signing up for AirVPN is easy and painless, with the only personal information requested being a valid email address (AirVPN actively encourages users to deploy a disposable email address for this). Bitcoin payments are made via CoinBase, while other cryptocurrency payments are handled through CoinPayments. Once payment is made you will receive a welcome email containing some useful links. Unlike some providers, no account details are sent via plaintext email – you choose your login name and password during signup.
The AirVPN Windows VPN client
AirVPN calls its custom desktop client (also available for Mac OSX Mavericks and Yosemite, and Linux) “Eddie”, and the first nothing to note it about is that Eddie is fully open source. This means that it can be independently audited to ensure nothing untoward is going on, and I wish that more VPN providers would open source their software. Eddie features DNS leak protection, dynamic server selection, and lots of stats to help you decide on the best server to connect to.
Lots of information!
Thanks to real-time logs, it is possible to keep an eye on exactly what Eddie is doing (if you have the knowledge to understand them!).
The lock to the top right indicates that “Network Lock” is enabled. This creates a firewall that prevents any traffic from entering or exiting the computer outside the VPN tunnel to AirVPN’s servers. AirVPN offers good DNS leak protection even without Network Lock enabled (I have never encountered a DNS leak using the service), but Network Lock should ensure DNS leaks are impossible, while also acting as a killswitch. This setup should also prevent IP leaks due to the WebRTC “bug”, but on my system the Network Lock firewall conflicts with my regular firewall, preventing this feature from working. As this cannot be resolved without completely uninstalling my firewall (something I am not willing to do) I have been unable to check, but in theory this feature should work fine. Eddie does not properly route IPv6 requests, but does disable IPv6 in order to prevent DNS leaks (it is difficult to slam AirVPN too hard over this, as other than Mullvad, no provider handles DNS requests properly). The only real issue I have with Eddie is that it changes the Windows DNS settings. This is usually a good thing as it ensures all DNS requests are resolved by AirVPN’s servers, but if for any reason the client shuts down suddenly, I need to manually reset the DNS settings before I can connect to the internet again (Control Panel -> Network and Sharing Center -> Change adapter settings -> right-click connection -> Properties -> select Internet Protocol Version 4 -> Properties -> Preferred DNS server: 126.96.36.199). Eddie is probably the most fully featured VPN client I have ever used. As with most things related to AirVPN, though, it has a techy focus, and uses terms that even an experienced VPN user such as myself sometimes needs research in order to fully understand.
Support is mainly provided via AirVPNs extensive forums. Unfortunately, the discussions tend towards the very techy, and it is not surprising that many users might find them highly intimidating (do you see a theme developing here?). On the plus side, the forums provide a treasure-trove of VPN related knowledge, and the AirVPN team’s willingness to discuss intimate details of their operation (backed up by what is clearly strong technical knowledge) is a breath of fresh air in an industry where support often either only provides simple answers to complex questions, or even worse, does not seem to have a clue what it's talking about! In addition to posting questions for the forums, you can email (ticket system) the AirVPN team directly. I have tried this in the past and found that it can take up to a day to receive a reply, but that the reply is invariably comprehensive.
Privacy and security
AirVPN uses very strong encryption. It almost goes without saying that AirVPN keeps no logs and uses shared IP addresses, and is one of the very few VPN providers to implement Perfect Forward Secrecy (without which OpenVPN should not be considered particularly secure). For this it uses 4096-bit Diffie-Hellman keys, which are refreshed every 60 minutes (or can be set to more often via the client). Thanks to this, AirVPN was always immune to the potential Logjam attacks exposed by researchers last year.
It was also immune to the recent “port fail” vulnerability that affected many VPN services, thanks to its use of separate entry and exit IP addresses on each VPN server. Furthermore, AirVPN is one of the very few VPN providers to protect users against the WebRTC bug (and as we shall see, DNS leak protection and a killswitch are also provided courtesy the desktop client). As discussed above, AirVPN also offers various (optional) technologies that make using VPN extremely secure and private (and thanks to VPN through Tor, potentially even truly anonymous - especially given the wealth of anonymous payment methods that AirVPN accepts). In my view, in terms of both technical innovation and excellence, plus its attention to detail in protecting customers’ privacy, there is no other service out there that can touch AirVPN.
It is worth noting, however, that the language AirVPN uses to describe both the purpose of its technology, and how it should be set up, can best be described terse and laden jargon-laden. Looking through AirVPN’s documentation, it soon becomes clear why mainstream users might run away! Another potential issue is that AirVPN is based in Italy, a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. This is definitely not ideal, and Italy is also not very friendly when it comes to copyright piracy. On the other hand, though, even before the EU EU Data Retention Directive was declared invalid by the European Court of Justice on human rights grounds, Italian VPN providers were not required to keep any logs. AirVPN says if any such demands were ever made of it by any EU country it operates in, it would bring the case in front of the ECJ. AirVPN is happy for users to P2P download from any of its servers.
Even describing what the myriad of AirVPN’s features do in this review amply demonstrates the strengths of this service, but also why many users struggle with it. In terms of dedication to privacy, cool features, and technical know-how, AirVPN is very impressive - in fact in my opinion no-one else on the market can touch it in these regards. But (and this is big but!) AirVPN clearly fails to engage with a wider audience due to its impenetrably tech-heavy focus. In many ways this is unfair, as the AirVPN client is easy to use (just download and run!), and it seems churlish to criticize a service for its meticulous attention to detail and for offering a slew of features rarely available elsewhere (if at all). If we take a quick look at the discussions on the forums, however, or even much of the documentation designed to help new users, or how options are presented in the client, it is easy to see why both visitors to the website and existing become intimidated! As such (and great as I think it is), AirVPN should probably be regarded as a niche service aimed at tech-heads and privacy junkies, rather than one suitable for a mainstream VPN audience.
*The privacy and security section of this article has been updated following AirVPN contacting me to clear up some errors/confusion, the most notable of which relate to the use of HMAC SHA1 authentication on data and control channels. I am now convinced that HMAC SHA1 is very secure. Please see the comments section of this article for AirVPN's in-depth reasoning.