In this OneVPN Review we find a very basic service, but one which also shows some promise. It is a Hong Kong-based no-logs VPN service, which is also very fast. This means that it has a solid base, from which it has the potential to improve.
Based in Hong Kong
Great speed performance
3 simultaneous connections
Expensive given almost complete lack of useful features
OneVPN makes grand (and somewhat misleading) claims on its website. It also provides technical guides that simply don’t work, meaning that things such as DNS leaks are par the course. In reality, it is very basic VPN service that is simply not ready to compete in the current highly competitive VPN marketplace.
As we shall see in this OneVPN review, however, its speed test results impressed me. OneVPN is also a based in Hong Kong, which allows it to offer a completely no-logs service. These factors are not to be sniffed at. If OneVPN can develop its software further so that it offers the basic functionality expected. Read on for the full OneVPN review!
Pricing & Plans
OneVPN charges $7.95 per month, with reductions for longer term plans. This goes down to just $1 a month for a 4 year plan. In my opinion, this last is a rather ambitious offer on OneVPN’s part!
A 7-day money back guarantee is available, but it is worth checking the small print. In order to receive a refund you must state a reason for the refund claim. Even worse, a refund is not available if you have used more than 3GB of data.
Subscription gives you access to VPN servers located in 18 countries. These include all the usual suspects, plus some outliers such as Australia, New Zealand, Brazil, and Turkey. Up to 3 simultaneous connections are permitted.
Users can choose between the OpenVPN, L2TP, and PPTP VPN protocols. Unusually, OneVPN also supports the open source Cisco OpenConnect (CSTP) protocol. This is a SSL/TLS-based VPN protocol.
In theory, OpenConnect is faster than OpenVPN at the same encryption settings because it does not require a special kernel and supports multithreading. In practice, OpenConnect is still under development, and is an unproven technology in terms of security.
OneVPN recommends using OpenConnect because it is (supposedly) faster that OpenVPN. If security is a concern, however, then I strongly recommend sticking to OpenVPN. See performance test results later in this review for my finding with regards to this protocols’ real-world speed benefits.
The blurb on OneVPN’s website makes a big deal of it offering malware protection, ad-blocking, and a NAT Firewall. As far as I can tell, however, no ads whatsoever appeared to be blocked while using the service. OneVPN contacted me regarding this issue in order to say,
“We don’t offer ad-blocking via OpenVPN protocol. The feature is available on rest of the protocols.”
I retested using the L2TP protocol, but saw no reduction in the number of ads that could I see. Whether any malware was blocked is hard to say, but I strongly recommend not turning off your regular anti-malware protection!
To be honest, what “malware protection, ad-blocking, and a NAT Firewall” actually means is almost certainly simply that a NAT firewall is used. This may provide some very basic ad-blocking and anti-malware protection, but we are talking very basic. It is also worth noting there is a strong argument that using a NAT firewall is, in fact, bad for privacy. This is because a NAT firewall exposes your real IP address to the internet, and shared IPs are not used.
OneVPN’s blurb also makes a big deal its “Web TV” feature. Turns out this is simply the ability to geospoof your location by connecting to servers located in another country. This is one of the most basic features of any VPN service, and I find billing it as special “Web TV” “feature” to be disingenuous at best.
The truth is that OneVPN offers a very bare-bones service. “Features” such as Web TV are meaningless blurb, ad-blocking appears to be completely ineffective, and a NAT firewall is of dubious benefit (at best).
“We respect your privacy and it is very important to us. OneVPN commits to build a trustful relation with you and by all means respects the information you provide. OneVPN does not monitor online activities or record activity logs of any OneVPN users. We would also require your billing information in case of a refund request.”
So OneVPN claims to be a “no logs at all” VPN provider, which is excellent. The fact that it is based in Hong Kong, which has among the freest internet in the world and no mandatory data retention laws, gives strong credence to this claim.
Encryption and technical security
Based on what its technical support told me, plus an analysis of its .ovpn configuration files:
OpenVPN encryption uses an AES-256 cipher with an RSA-2048 handshake and SHA256 hash authentication.
This is pretty good. Unfortunately, support was unable to tell me if Perfect Forward Secrecy (ephemeral keys) is used. This “detail” is important, because if PFS is not used, then the same key is used each time you connect to the VPN server. This makes the connection much easier to hack.
OpenVPN is considered to be very secure (even against the NSA!), but only if Forward Secrecy is used.
An examination of the .ovpn configuration files shows client-side support for TLS-ciphers that support PFS using Diffie-Hellman key Exchanges (DHE). So PFS might be used. It is impossible to tell from the config files, however, whether one of these actually has been implemented server-side, as non-PFS ciphers are also supported. OneVPNs support team was unable to help me when I asked about this.
BestVPN reviews generally concentrated on OpenVPN encryption, as this is the only VPN protocol we really recommend using. It might be worth noting, however, that L2TP encryption uses a preshared key (123456789 !). This is not good.
OneVPN offers VPN servers located in 18 countries. Given the size and bare-bones nature of the service, however, these are almost certainly VPS instances rather than bare metal servers controlled directly by OneVPN. This is confirmed by a quick check on IPleak.net I do personally do not consider this a major security issue, but it may concern some users.
The OneVPN website looks good, and is easy enough to navigate. I do find the blurb on it rather overblown, however, to the point of being misleading. The English used on website is clearly not written by a native speaker, but is generally clear enough to understand
There is a blog, which deals mainly with how to watch various sports events using OneVPN.
A fairly detailed FAQ is provided, as are good setup guides. A knowlegbase is also provided, which contains some interesting articles. These include subjects such as “How to configure Internet Kill Switch”, and “How to avoid [sic] DNS leak”.
Unfortunately, these guides appear to be very basic. “How to configure Internet Kill Switch”, for example, does not cover subjects as WebRTC leaks. Even worse, the “How to avoid DNS leak” instructions (and provided netsh script for Windows Firewall) not only failed to work, but blocked all internet connections in to and out of my PC.
Luckily, I am a tech-head and knew how to fix this issue, but most users won’t have a clue. And even if the kill switch had worked, no instructions are provided for reversing the kill switch should you decide not to continue using OneVPN…
Edit: OneVPN has contacted me to say that it has fixed problems with the guides, and that they now “work flawlessly.” I have not tested this.
A ticketed email system and 24/7 Live Chat are available to provide personal assistance. The Live Chat staff member I talked to was friendly and keen to be of assistance, but was unable to answer more technical questions.
This is fairly usual with Live support, but even when the technical support team was consulted, it was unable to offer much help. For example, it confused the AES-256 cipher used for OpenVPN with the hash authentication.
During signup a name and email are required. But I can see nothing preventing the use of a disposable email address etc. Obviously, paying via credit card or PayPal will give your real details to OneVPN.
It is possible, however, to pay in Bitcoins, and OneVPN accept a selection of US gift cards. These can be purchased online, and so can provide a high degree of anonymity when paying for a VPN service. Do remember, however, that as with all VPN services, OneVPN will still know your real IP address.
Once you have signed up, you will be emailed confirmation and links to OneVPN’s setup pages.
The OneVPN Windows VPN client
The OneVPN client is Windows-only, and is listed as a Beta App. During installation it becomes clear that this mainly a fairly simple wrapper for the official open source OpenVPN client. This is not necessarily a bad thing, though, as the official OpenVPN client is rather good (if basic).
In addition to OpenVPN TCP and UDP, the client supports PPTP and L2TP. It is beyond me, however, why anyone would want to use these protocols when OpenVPN is available. The Cisco OpenConnect VPN protocol not available using this client, and requires downloading a special AnyConnect client.
Interestingly, the custom client supports port forwarding. This is a nice feature
The custom Windows client is not very fully featured. But it does the job well enough, and port forwarding is a nice surprise. As noted earlier, guides are provided for manually adding features such as DNS leak protection and a kill switch, but these are very problematic (i.e. they don’t work).
Performance (Speed, DNS, WebRTC and IPv6 Tests)
Tests were performed on a 50 Mbs/3 Mbps UK fiber connection (using an AC1200 powerline adapter). OpenVPN tests were performed using UDP (faster but less reliable than TCP).
As we can see, OpenVPN speed performance is very good. Color me impressed! Cisco OpenConnect (CSTP) performance is not bad either, but is not as good as OpenVPN for downloads. The upload results are puzzling, though, as I only pay for a 3 Mbps upload connection! I suggest sticking to OpenVPN. This is not a problem, as OpenVPN performance is excellent.
The custom client does nothing to prevent DNS leaks or WebRTC leaks, however. I did follow the steps listed in the Knowledgebase article “How to avoid DNS leak”. Disabling IPv6 does, of course, work, but I otherwise continued to see DNS leaks after modifying the OpenVPN configuration file used by the client as instructed.
OneVPN offers 2 US-based “Netflix servers,” but these were both blocked by Netflix in my tests. BBC iPlayer, however, was accessible using OneVPN’s UK servers.
OneVPN provides good manual setup guides for Windows (L2TP, PPTP, AnyConnect, OpenVPN), MacOSX (L2TP, PPTP, AnyConnect, OpenVPN/Viscocity), Linux (PPTP, OpenVPN), iOS (L2TP, PPTP, AnyConnect), and Android ( PPTP, AnyConnect, OpenVPN). It also provides manual setup guides for a number of other devices, such as routers, streaming boxes, and PlayStations.
A custom Android (5.0+) app also available. This can be downloaded as an .apk file and sideloaded, or is available via the Play Store. It wanted permissions to use my phone, and to access photos, media, and files in order to work, however. I was not willing to grant this, so I have not tested the app.
Based in Hong Kong
Great speed performance
3 simultaneous connections
I wasn’t so sure about
Encryption might be good if Perfect Forward Secrecy is used
7-day money back guarantee is undermined by 3GB data limit
24/7 support was eager to please but lacked knowledge
Expensive given almost complete lack of features
Knowledgebase guides omit important information
As this OneVPN review shows, OneVPN is about as bare-bones as a VPN service gets. You get a simple VPN connection, and that’s it. It claims to offer important features such as DNS leak protection and a kill switch through its guides, but these simply don’t work.
In its current state, it is therefore hard to recommend OneVPN. That said, not all is bad. OneVPN is a Hong-based no logs provider, and its performance is excellent. This actually means that OneVPN has a strong base on which to build and improve its service in the future. It might, therefore, be worth keeping an eye on.