Douglas Crawford

Douglas Crawford

Февраль 10, 2016

AirVPN is an Italian VPN provider, which proudly boasts how it was setup by “hacktivists and activists” pays an almost unrivaled concern to maintaining users’ privacy.I will start this review by noting that after using it as my personal VPN service for around two years, I am a bigger fan than ever of AirVPN. It also employs excellent encryption and security measures, and offers fantastic privacy enhancing features (such as VPN over SSL and VPN through Tor). In my experience, AirVPN is also almost certainly the fastest and most stable VPN service I have ever used. And yet…

BestVPN’s analytics show that while initial signup rates to AirVPN are quite high, most users do not renew their subscriptions. It therefore seems that many out there have tried the service, but simply don’t like it. I can’t argue with figures, and have kept this fact in mind while writing this review.

Pricing & Plans

AirVPN charges €7 (approx. $8 USD) for a month’s subscription, with the usual discounts available for bulk purchases, going down to €4.50 (approx. $5 USD) if an annual subscription is purchased. A 3-day free trial is available upon written request, or if you are impatient, a 3-day subscription can be had for €1.

AirVPN prices

 All subscriptions provide full access to all of AirVPN’s features, making AirVPN a fairly low-cost option when compared to many rival services.

AirVPN payment methods

AirVPN accepts payment via PayPal and an impressively wide range of payment processors, meaning that users in parts of the world otherwise often discriminated against when making international payments should encounter no problems when purchasing a subscription. It also accepts payment via not only Bitcoin, but also via almost any other cryptocurrency you care to name.


I liked

  • No logs
  • Strong encryption (including Perfect Forward Secrecy)
  • Open source client with DNS leak protection, killswich and WebRTC “bug” protection
  • VPN over Tor
  • SSL and SSH tunnelling
  • Port forwarding
  • Accepts Bitcoins (and other crypto-currency)
  • DNS routing to evade VPN blocks
  • 3-day free trial
  • Fast and stable
  • 3 simultaneous connections
  • Website is a fantastic repository of VPN knowledge
  • P2P: ok

I wasn’t so sure about

  • Not a huge number of server locations
  • Italy is not an ideal location

I hated

  • All aspects of the service suffer from assuming that users have a PhD in arcane VPN configuration lore


AirVPN is based in Italy and offers servers in 15 countries, most of which are in Europe except for those in the US, Canada, and Hong Kong. Compared to some providers this is not a lot, but does cover the most popular locations.

AirVPN only supports the OpenVPN protocol, regarding PPTP and even L2TP/IPsec as being too insecure (the jury is out on IPSec, but OpenVPN is defiantly secure, and is generally regarded as the best VPN protocol available for commercial use).  Given that OpenVPN now runs on all major platforms (except Blackberry and Windows Mobile), this is unlikely to be a problem for most users.

Users are allowed up to 3 simultaneous connections (perfect for connecting your PC, phone, and tablet all at once).

DNS Routing

With more and more streaming services blocking users from bypassing their geo-restrictions by using VPN and other geo-spoofing technologies, AirVPN’s fancy DNS routing system that “double-hops” your connection through internal servers in order to bypass such censorship is very welcome.

dns routing

This means that even when connected to VPN servers outside the US or UK, I can access services such as Hulu and BBC iPlayer (it is not even necessary to connect to a VPN server in the country which hosts the geo-restricted service!). In use I find this generally works well… but not always. In these situations simply connecting to a server located in the desired country has always worked for me.

I should also note that visiting takes me a local version of the website (based on my VPN server’s IP address).

VPN through Tor

Along with BolehVPN, AirVPN is the only service I know of to offer VPN through Tor, where you connect first to the Tor network, then to AirVPN. When also using an anonymous payment method (for example properly mixed Bitcoins), this means that AirVPN cannot know who you are, as it does not see your real IP address.

VPN through Tor affords a very high level of true anonymity, something not usually possible with VPN. It is therefore usually regarded as the best way to combine the privacy benefits of VPN and Tor, although the fact that AirVPN presents a fixed point in the chain that could potentially be compromised is a point to bear in mind.

AirVPN also provides instructions for using the Tor browser to achieve secure Tor through VPN (which is much more secure than the “transparent bridge” Tor through VPN feature offered by some providers). For a full discussion on this issue, please see 5 Best VPNs when using Tor.

Alternative ports, SSL and SSH tunneling

It is rare for VPNs to be blocked, but it happens in places such as China and Iran (although this is usually only partially effective). AirVPN allows you to counter such measures by running OpenVPN traffic over TCP port 443, which is the same port used by regular SSL traffic (the encryption standard used by the whole internet to make websites and internet services secure).

This makes OpenVPN traffic look just like regular SSL traffic, which both hides it, and makes it very difficult to block (as doing so effectively breaks the internet!)

AirVPN port settings

Port settings are easily changed in the client. In addition to TCP port 443, you can evade censorship by switching a variety of ports that are unlikely to be blocked

A very determined adversary, however, can perform sophisticated deep-packet inspection to discover that VPN protocols are being used (and places such as China are not above breaking the internet for users!).


AirVPN’s answer to this is to allow users to wrap their OpenVPN encrypted data inside yet another layer of encryption (SSL or SSH). This should foil pretty much any method employed to detect the use of VPN (the NSA may be able to decrypt the old SSH protocol, so I recommend SSL tunneling if required).

SSL and SSH tunneling should more than sufficient to defeat the Great Firewall of China, but it should be noted that both require additional processing power for the additional layer of encryption, which will slow down your internet connection.

Remote port forwarding is also available for users who require up to 20 open ports for incoming connections , which is useful for self-hosted websites and games servers.

Visit AirVPN »

Security & Privacy

As we can see on the table, AirVPN uses very strong encryption.*

OpenVPN Encryption
Data Auth
Control Auth
Forward Secrecy
Logs & Legal
It almost goes without saying that AirVPN keeps no logs and uses shared IP addresses, and is one of the very few VPN providers to implement Perfect Forward Secrecy (without which OpenVPN should not be considered particularly secure). For this it uses 4096-bit Diffie-Hellman keys, which are refreshed every 60 minutes (or can be set to more often via the client).

Thanks to this, AirVPN was always immune to the potential Logjam attacks exposed by researchers last year. It was also immune by the recent “port fail” vulnerability that affected many VPN services, thanks to its use of separate entry and exit IP addresses on each VPN server. Furthermore, AirVPN is one of the very few VPN providers to protect users against the WebRTC bug (and as we shall see, DNS leak protection and a killswitch are also provided courtesy the desktop client).

As discussed above, AirVPN also offers various (optional) technologies that make using VPN extremely secure and private (and thanks to VPN through Tor, potentially even truly anonymous – especially given the wealth of anonymous payment methods that AirVPN accepts).

In my view, in terms of both technical innovation and excellence, plus its attention to detail in protecting customers’ privacy, there is no other service out there that can touch AirVPN.

It is worth noting, however, that the language AirVPN uses to describe both the purpose of its technology, and how it should be setup, can best be described terse and laden jargon-laden. Looking through AirVPN’s documentation, it soon becomes clear why mainstream users might run away!

Another potential issue is that AirVPN is based in Italy, a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. This is defiantly not ideal, and Italy is also not very friendly when it comes to copyright piracy.

On the other hand, though, even before the EU EU Data Retention Directive was declared invalid by the European Court of Justice on human rights grounds, Italian VPN providers were not required to keep any logs.  AirVPN says if any such demands were ever made of it by any EU country it operates in, it would bring the case in front of the ECJ.

AirVPN is happy for users to P2P download from any of its servers.

The website

The AirVPN website looks functional rather than pretty, an impression not improved by the often very jargon-heavy language used, with terminology that only more advanced encryption junkies are likely to understand. This is almost certainly (and this is backed up comments from our readers) very off-putting to not just casual users, but even those with above-average technical understanding.

AirVPN stats 2

An exception to this general techies-only presentation style is the beautiful looking server statistics, which make it easy to see details such as load, number of users, ping times, routing and more at a glance.


Support is mainly provided via AirVPNs extensive forums. Unfortunately, the discussions tend towards the very techy, and it is not surprising that many users might find them highly intimidating (do you see a theme developing here?).

On the plus side, the forums provide a treasure-trove of VPN related knowledge, and the AirVPN team’s willingness to discuss intimate details of their operation (backed up by what is clearly strong technical knowledge) is a breath of fresh air in an industry where support often either only provides simple answers to complex questions, or even worse, does not seem to have a clue what its taking about!

In addition to posting questions for the forums, you can email (ticket system) the AirVPN team directly. I have tried this in the past, and found that it can take up to a day to receive a reply, but that the reply is invariably comprehensive.

The Process

Signing Up

Signing up for AirVPN is easy and painless, with the only personal information requested being a valid email address (AirVPN actively encourages users to deploy a disposable email address for this).

Bitcoin payments are made via CoinBase, while other cryptocurrency payments are handled through CoinPaymnents. Once payment is made you will receive a welcome email containing some useful links. Unlike some providers, no account details are sent via plaintext email – you choose your login name and password during signup.

The AirVPN Windows VPN client

AirVPN calls its custom desktop client (also available for Mac OSX Mavericks and Yosemite, and Linux) “Eddie”, and the first nothing to note it about is that Eddie is fully open source. This means that it can be independently audited to ensure nothing untoward is going on, and I wish that more VPN providers would open source their software.

AirVPN Eddie 1

Eddie features DNS leak protection, dynamic server selection, and lots of stats to help you decide on the best server to connect to.

AirVPN Eddie 2

Lots of information!

AirVPN logs

Thanks to real-time logs, it is possible to keep an eye on exactly what Eddie is doing (if you have the knowledge to understand them!).

AirVPN Eddie 4

The lock to the top right indicates that “Network Lock” is enabled. This creates a firewall that prevents any traffic from entering or exiting the computer outside the VPN tunnel to AirVPN’s servers. AirVPN offers good DNS leak protection even without Network Lock enabled (I have never encountered a DNS leak using the service), but Network Lock should ensure DNS leaks are impossible, while also acting as a killswitch.

This setup should also prevent IP leaks due to the WebRTC “bug”, but on my system the Network Lock firewall conflicts with my regular firewall, preventing this feature from working. As this cannot be resolved without completely uninstalling my firewall (something I am not willing to do) I have been unable to check, but in theory this feature should work fine.

Eddie does not properly route IPv6 requests, but does disable IPv6 in order to prevent DNS leaks (it is difficult to slam AirVPN too hard over this, as other than Mullvad , no provider handles DNS requests properly).

The only real issue I have with Eddie is that it changes the Windows DNS settings. This is usually  a good thing as it ensures  all DNS requests are resolved by AirVPN’s servers, but if for any reason the client shuts down suddenly, I need to manually reset the DNS settings before I can connect to the internet again (Control Panel -> Network and Sharing Center -> Change adapter settings -> right-click connection -> Properties -> select Internet Protocol Version 4 -> Properties -> Preferred DNS server:

Eddie is probably the most fully featured VPN client I have ever used. As with most things related to AirVPN, though, it has a techy focus, and uses terms that even an experienced VPN user such as myself sometimes needs research in order to fully understand.

Performance (Speed, DNS, WebRTC and IPv6 Tests)

Speed tests were performed on a 50Mbps/3Mbps UK broadband connection.

AirVPN_upload b
Graphs show highest, lowest and average speeds for each server and location. See our full speed test explanation for more detail.

As we can see, the results are pretty good, although (slightly oddly) it is quicker for me to connect to a server in the Netherlands than in the UK. US performance from the UK is very solid.

Even without Network lock enabled I have never encountered DNS leak issue, and as noted previously, Eddie prevents IPv6 leaks and (if Network Lock is enabled) WebRTC leaks. Anecdotally, I very rarely suffer VPN dropouts when using AirVPN.

Other Platforms

In addition to the Eddie desktop client, AirVPN provides setup instructions for Android (using OpenVPN for Android, OpenVPN Client for Android and OpenVPN Connect) and iOS (using OpenVPN Connect) devices, and DD-WRT and Tomato routers.

Personally, I use OpenVPN for Android, and find that it works flawlessly. The app quickly reconnects when I move between routers or switch from mobile to WiFi connections, and I detect no DNS leaks. OpenVPN for Android can even be configured to act as a killswitch!

AirVPN Review Conclusion

I liked

  • No logs
  • Strong encryption (including Perfect Forward Secrecy)
  • Open source client with DNS leak protection, killswich and WebRTC “bug” protection
  • VPN over Tor
  • SSL and SSH tunnelling
  • Port forwarding
  • Accepts Bitcoins (and other crypto-currency)
  • DNS routing to evade VPN blocks
  • 3-day free trial
  • Fast and stable
  • 3 simultaneous connections
  • Website is a fantastic repository of VPN knowledge
  • P2P: ok

I wasn’t so sure about

  • Not a huge number of server locations
  • Italy is not an ideal location

I hated

  • All aspects of the service suffer from assuming that users have a PhD in arcane VPN configuration lore

Even describing what the myriad of AirVPN’s features do in this review amply demonstrates the strengths of this service, but also why many users struggle with it. In terms of dedication to privacy, cool features, and technical know-how, AirVPN is very impressive – in fact in my opinion no-one else on the market can touch it in these regards.

But (and this is big but!) AirVPN clearly fails to engage with a wider audience due to its impenetrably tech-heavy focus. In many ways this is unfair, as the AirVPN client is easy to use (just download and run!), and it seems churlish to criticize a service for its meticulous attention to detail and for offering a slew of features rarely available elsewhere (if at all).

If we take a quick look at the discussions on the forums, however, or even much of the documentation designed to help new users, or how options are presented in the client, it is easy to see why both visitors to the website and existing become intimidated!

As such (and great as I think it is), AirVPN should probably be regarded as a niche service aimed at tech-heads and privacy junkies, rather than one suitable for a mainstream VPN audience.

Visit AirVPN »

*The privacy and security section of this article has been updated following AirVPN contacting me to clear up some errors/confusion, the most notable of which  relate to the use of HMAC SHA1 authentication on data and control channels. I am now convinced that HMAC SHA1 is very secure. Please see the comments section of this article for AirVPN’s in-depth reasoning.

Douglas Crawford


Опубликовано: Февраль 10, 2016.

March 9th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

114 ответы на “AirVPN Review 2018

  1. Johnny :

    AirVPN didn’t allow me to log in with the password immediately after registering. I successfully reset the password 3 times, then tried to log in carefully checking it and it still wouldn’t let me in. The messed up thing is they won’t let me submit an inquiry to them without logging in! How am I supposed to get a refund?

  2. Iev :

    > Users are allowed up to 3 simultaneous connections (perfect for connecting your PC, phone, and tablet all at once).

    Review claims to be updated for 2018, but in fact it is somewhat out-of-date.

    Since November 2017 it is allowed to have 5 (five) simultaneous connections to AirVPN:

    Also the review is full of screenshots of the old client which has been redesigned more than a year ago. Worth updating in my opinion.

    Great review otherwise.

    1. Douglas Crawford :

      Hi lev,

      Well – the review claims to be updated only inasmuch as its publish date has been updated – its a Google results thing. That said, a full rewrite is due soon (and yeah – I use AirVPN as my personal VPN, so am aware of the changes :).)

  3. Fugadugadid :

    Wow if they are so willing and cared so much why did they open shop in Italy? Kind of reminds me of an anti-occupation human rights NGO housed in Tel Aviv. If they changed jurisdiction that would certainly be a leg-up in their commitment, and not look so much like controlled opposition. Given their vast knowledge and unsurpassed “consumer” tech, for all we know it could be run by the NSA (or partnered with them) running a compartmentalized top secret signals intelligence program with the expressed purpose of penetration testing in every form of encryption they offer; and using the ‘h@ktivizt’ meme as a selling point; never selling out their customers, not in the open anyway. We all hope this is not the case but…. nobody knows, so to wonder is just the way it is.

    1. Douglas Crawford :

      Hi Fugadugadid,

      I would guess AirVPN opened shop in Italy because that is where they live! I agree that there are better locations for a VPN to be based, but Italy is not a Five (or even Fourteen) Eyes member, and does not require VPNs foe keep logs.

  4. Bob :

    Hi Douglas,

    You wrote “No logs”, however we can read on their “Privacy” page:
    “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.”

    So, it seems they log our personnal IP address, am I wrong?

    1. Douglas Crawford :

      Hi Bob,

      As I discuss in 5 Best No Logs VPNs, every VPN must, as a function of VPN technology, keep real-time logs. AirVPN, however, only keeps such logs in RAM until the client disconnects, and all output is directed to /dev/null (meaning that is it not recorded). This is pretty much as close the definition of a no-logs VPN as it is possible to get. This exact question is addressed in this discussion.

      It is worth noting, however, that you can access quite detailed session history via your archive page. This includes stuff such as timestamps and connection duration, and is enabled by default (it can be disabled). I have asked for further clarification on how this squares with the above information, and will update this answer (and the article) when I receive an answer.

  5. Onanuga tobiloba emmanuel :

    love your page

  6. AnnoyedCitizen :

    Dear Mr. Crawford,
    Thanks for your various reviews and articles that have proved very helpful for someone finally getting more serious about privacy, and in particular for your AirVPN review. AirVPN seems the best for my purposes, with its tech orientation duly noted. I plan to sign up, via annonymous payment.

    First off my needed level of privacy is more general and in response to new laws allowing ISPs to sell personal net usage history. Also, I would like to feel free to excersize my free speech rights and publish satirical political commentary without fear of undue harrassemnt (for legal speech), particularly by thin skinnned and vindictive, high governent officials.

    I understand that if someone engages in activities that cause the government to really want you, they will probably find you. I looked at some deep web leaning security sites, which are way too head-spinning, disciplined and paranoia inducing on a daily basis for me to try to maintain something near anonymimity with with sandboxes, and an array of other measures. My goal is more modest, a VPN, firewall, and browser track-blocking set up that provides a baseline of privacy for an average joe, with a sometimes sharp tongue.

    Your articles raised a lot of questions, which I hope you can help out with. My basic set up plan is:

    A) Major ISP provided cable modem router, which has 4 LAN ports.
    B) 1 Modem Port: To run Non-VPN Wifi Router for guests, and smartTV/AppleTV over which to run Netflix and possibly other streaming services without speed hits, as i have no geolocation issues at this point.
    C) 2nd Modem Port: to run OpenVPN flashed Wifi Router running AirVPN for Mac Desktop (wired) and when home, Mac Laptop, iPad and iPhone (over wifi) for private home browsing and online activity.

    QUESTIONS, mostly from general to specific
    1) Is this dual router set up, 1 non-VPN and 1 VPN router, secure if set up properly? Will the non-vpn one give up the VPN one somehow?

    2) Will the insecure nature of mobile devices when used over the VPN router (iphone and ipad with GPS chip) make my real IP address vulnerable to someone interested in corrolating the IP with my mobile device locations? Meaning that the mobile iOS devices should use the OpenVPN Connect software, rather than depend on the VPN router. Or would I still be susceptable to that kind of identification? though this kind of thing mostly done by government law enforcement agencies than by criminals or malicious hackers?

    3) Probably revealing my ignorance here, but could one run AirVPN desktop and/or OpenVPN Connect software at the same time as running over the VPN enabled router? Or would that cause conflicts, speed or looping issues?
    3b) Would there be an advantage to running the router on a 2nd AirVPN account, or from another VPN provider and the AirVPN desktop / OpenVPN Connect software for each device. Or would that make things super slow?

    4) You note in one of the comments that its better to use desktop VPN software, rather than over a router as you would lose some AirVPN features, notably the Kill Switch (“e.g. “network lock DNS leak protection and kill switch, port selection etc.”).

    This seems sound advice, but then I found some router code that enables you to “install” a Kill switch on a flashed router:
    Go to the Administration > Scripts > Firewall section and paste in the following script:
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    Click Save and then reboot your router.
    This is pretty simple to impliment, assumiing this code is correct.

    I am wondering if there are other OpenVpn router level script tweeks like this to fill in some of the other lost AirVPN features like network lock DNS leak, or simply by using Little Snitch/VPN Monitor as you mention in other articles?

    4b) As above, you mention port selection as another feature lost via router set up (which seems to be good for gaming, which i don’t need). But what are the other “etc.” features I might not want to miss in a router set up?

    5) Since I will need to install the desktop VPN software on my laptop and iOS devices anyway, for when away from my vpn router, was it really premature to buy and flash the OpenVPN enabled router?

    Thanks for any and all comments on the above!

    1. Douglas Crawford :

      Hi AnnoyedCitizen,


      1) That should be a secure setup. I like it!

      2) The biggest problem with mobile devices is that both the OS and individual apps tend to send a lot of information back to their publishers (including Apple). This information gets sent regardless of whether a VPN is used. This can only be countered to a limited extent by clamping down on app’s permissions (which may prevent them from working correctly). So it’s really private companies rather than the government which are the danger here (although Apple did cooperate with the NSA…). Criminal hackers are not a big problem for home users, as your WiFi connection to the router will be encrypted (with WPA/WPA2). Using a VPN will, however, protect you when using an iOS device on public hotspots.

      3) Yes, you can do this, but as I discuss in this article, I think the advantages are limited if both VPNs connect to the same provider. Using two different providers has greater privacy benefit, but will cost more and be slow.

      4) That script is a good find. If you implement it, I’d be interested in hearing how it works out. You can certainly use IP tables on your router to prevent DNS leaks (see also here for instructions on configuring Little Snitch to work as a kill switch/ DNS leak protection).

      4b) VPN through SSH or SSL tunnels, VPN through Tor. But I’m guessing you probably aren’t interested in these features, anyway!

      5) Well, you can now connect all devices to AirVPN at once (AirVPN permits 3 simultaneous connections). Other family members and guests can also benefit from using the VPN.

  7. Orwellian :

    2 questions:
    1) Does the AirVPN setup in particular, and VPN setups in general, play well with cable TV modem routers?

    2) Does AirVPN have an open source IOS setup or app for Iphones?

    1 comment:
    Cisco Jupiter routers were compromised by the NSA, and for high-priority honeypot operations, it is SOP to target, intercept & re-direct shipments of computer component hardware in transit to engineer backdoor code insertions through chip-sets, so short of building your own servers and also visually monitoring them 24/7/365, it is very appropriate to ask the question whether servers manufactured in the UK, or anywhere else for that matter, are being competently inspected by VPN providers at the hardware, firmware & software level to detect similar compromises by GCHQ, NSA or any other hackers through code insertions into the server. After looking at the descriptions of your best 5 logless & encryption VPN providers, each of them describe a minimum of one or more glaring attack vectors for data interception or insertion by players operating at the level of the 5 Eyes Alliance.
    Even though yet to be reviewed by you, OVPN is the only commercial VPN service I am aware of which has demonstrably established functional design security all the way down to the bare metal level. As a result they have effectively eliminated all covert vectors of undetectable server-side SIGINT. So much so, I am confident of their ability to handle the targeted scrutiny that will come their way due to publicly raising their profile. Besides, they could use the business to setup more servers in more countries, lol! Of course, they remain exposed to the risk of HUMINT penetration & compromise, but as Edward Snowden has spectacularly demonstrated, everyone is exposed to that risk, even the NSA.

    1. Douglas Crawford :

      Hi Orwellian,

      1. Being based in the UK, I am not really familiar with cable routers (cable is not a thing here). But if it is a modem/router, then I see no reason why any VPN would not play well with it.

      2. No. AirVPN does not have any custom mobile apps. It instead provides the OpenVPN files necessary to manually configure OpenVPN Connect. This is the official app from OpenVPN Technologies, Inc. It is not 100% open source, but is the closest you will get for iOS.

      3. If the NSA is really out to get you (specifically), it probably will. It would be safer to use Tor than a VPN, but even then… If running OpenVPN in software, then it doesn’t matter if the router has been compromised, as the data is encrypted before and decrypted after it passes through the router. And a VPN router (or server will be able to resist almost all port attacks as long as strong handshake authentication is used (e.g. RSA-2048).

      4. Looking at the website, I am indeed impressed by the fact that it runs all of its own bare-metal servers, and does so without using any type of storage media. I am very busy at the moment, but when I have the time I would love to investigate this service more closely. Thank you for bringing it to my attention.

  8. R :

    I’m still enjoying AirVPN for a month now. No hiccups. I also couldn’t resist buying a very inexpensive Lifetime subscription to (also reviewed on this site). They both seem comparable, although doesn’t have as many servers and does not support Perfect Forward Secrecy. It does have a killswitch now.

    One odd thing: warns with “We have determined that you work under a proxy server with a low level of anonymity. Proxy servers are intended to increase the speed of your connection with the help of caching. Your IP replacement in the process is just a sideway action rather than a main purpose of proxies, and they can be easily detected. Please use other means, for example VPN. Open ports 80, 11080, 1723 [cached]. AirVPN give no such warning. Both are running OpenVPN.’s response was: “There are more ports open on our servers because we run multiply protocols, but this not means that its not secure.”

    Is this something to be concerned about?

    1. Douglas Crawford :

      Hi R,

      I must admit that I have not come across this issue before. But I think’s response sounds valid, and there is nothing to worry about. Do you get any such warnings when you visit

      1. R :

        Douglas, reports: “No forwarded IP detected. If you are using a proxy, it’s a transparent proxy.” for both AirVPN and

        With my provider-direct connection there are no errant open ports. (Shields Up! stealth mode) I was expecting the same with VPN’s (both Fail). So, if some of these ports must be open to support various protocols doesn’t that put the VPN at risk for attack?

        1. Douglas Crawford :

          Hi R,

          – I’m afraid that I don’t really understand why you are saying “I was expecting the same with VPN’s (both Fail).” detected no issues, while only reported an issue with Perhaps I am getting a little confused?

          – All VPN servers must open some ports, or else there would be no way for traffic to go in or out! The L2TP protocol, for example, uses UDP port 500, while by default OpenVPN uses UDP
          port 1194 (although it is common to run OpenVPN over TCP port 443 in order to mimic HTTPS traffic). It therefore stands to reason that the more VPN protocols a server supports, the more ports it must open.

          – It is my understanding that a strong authentication certificate (e.g. RSA-2048) will prevent a VPN server from being hacked via any open ports. In addition to this, any VPN worth its salt will employ failsafe mitigation measures. It is common practice, for example, to create log files to log any invalid authentications. The VPN provider can then filter these logs with a firewall named fail2ba. If there is X number of failed auths from one ip, fail2ban will enter the ip in iptable and the server will not respond to any a packets sent from that IP.

  9. Mike M :

    I signed up with AirVPN about 18 months ago. I am not a techie, but am not tech averse. I signed up on the recommendation of a former military guy I know who is well versed in this topic, personally and professionally.

    It took a while to work through the nuances or AirVPN and Open VPN but if you’re patient, and refer back and forth between the instructions and the apps, it will happen.

    I also like their site for checking your IP address, It shows the IP you’re using, plus shows any leakage, and helps you plug that leakage.

  10. Scott :

    In one of your replies to my questions you suggested I go with express vpn but I replied with a concern of setting the VPN for my android tablet (amazon fire) and you gave me instructions on AirVPN so which one do you like most for: privacy and streaming video on such providers as kodi, Netflix, and Hulu. Oh do both VPNs provide set up instructions on their sites. Sorry I am full of questions.

    1. Douglas Crawford :

      Hi Scott,

      I persoanlly use AirVPN for reasons discussed in this review. But it is a service aimed more at techies, and can be a little rough around the edges. It also has no dedicated Android app. This is not a much of a problem for me, as the third-party OpenVPN for Android app is very good. But it does require a little setting up. I recommend ExpressVPN for you because it is a very professional service that offers an easy-to-use Android app which requires almost no setting-up at all (just install and run). Both services provide setup instructions on their websites, however, so neither should be too hard to get up and running. Note that AirVPN will give you a 3-day free trial if you email them about it, so you can always just give it try to see how you get on.

  11. Scott :

    So one more thing…what about my concern for the VPN gaining access to my desk top PC when I use my tablet at home. Can and will they? You suggested express vpn due to it being user friendly and having good android mobile apps. You said they keep some logs but they are aggregated. Sorry for my ignorance but what does aggregated mean as it relates to the VPN service Can I feel secure using kodi with Express VPN as I would assume most inforcment is interested in things more significant.

    1. Douglas Crawford :

      Hi Scott,

      – Using a VPN does not give anyone access to your PC or tablet. It’s simply not how they work.

      – Aggregated means that things such as connection times to the VPN server and length of session are logged, but these logs are not associated with an individual IP address (user). They are therefore useful for troubleshooting purposes, but pose a minimal privacy threat.

      – ExpressVPN has no problem with people using P2P or Kodi etc. on its service, and will protect you wile doing so.

  12. R :

    I just wanted to let you know that, after months of reading reviews here and a lot of procrastination, I finally signed up for airVPN and couldn’t be more pleased. I found the signup process easy and had no problems getting setup quickly and online. Everything works fine – no leaks of any kind, straight VPN, VPN over TOR, TOR over VPN. Although there is variability in server latency and speed I have found a few that give me fantastic throughput on my 150mbps connection. I would say my first VPN experience has been a very good one.

    Many Thanks!

  13. Se55iE :

    AirVPN is not so good now. All last new servers in Switzerland, Belgium, Austria, Czech Republic they buy at M 247 Ltd. But M247 is UK company. And you know what is going on now with privacy in UK.
    I don’t understand what is the point to buy CH and other servers at UK company ? Airvpn doing bad things.

    1. Douglas Crawford :

      Hi Se55iE,

      Interesting find. You are correct about AirVPN using M 247 Ltd servers. In this article AirVPN argues that it is irrelevant who owns the servers, but I will reach out to it for further comment on the situation.

      1. Douglas Crawford :

        Hi Se55iE,

        AirVPN has responded to my query about this (which cited the IPB) with the following,

        “The Investigatory Powers Act scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016).

        The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2012 about partition of trust to deal with this problem):

        Note that with M247 we have various servers in various countries, not only in the UK. The applicable law is the law of the country the servers phyisically is located, as clarified by Art. 29 Working Party in the EP.

        Also please note that the Act has not yet been implemented operatively for data retention, not even at ISP level at the moment, and chances are that it will never be operative for datacenters (in regard to indiscriminate retention). About this last important point (data retention), our policy does not change and any interference with that will cause us to discontinue any server in the UK, just like we already did in France.”

        So what I take from this is that it does not matter whether M247 Ltd is a UK company, as long as you avoid UK servers (which is always a good idea anyway).

      2. Roger Garos :

        Hi Doug- I’m pretty much of a total novice re VPNs, etc., but was wondering if I could enhance the privacy of my telephone contacts by using a VPN with a VOIP service. Since I understand there can be compatibility issues, is AirVPN compatible with VOIP services?, and, if so, which one(s). Also,if not, which VPN would you recommend that would afford maximum privacy and VOIP compatibility? TIA Roger

        1. Douglas Crawford :

          Hi Roger,

          Using any VPN service (including AirVPN) will prevent your VoIP conversations being listened into by hackers when using public WiFi hotspots. But that is pretty much it. Your best option to improve phone/VoIP security would be to use Signal.

          1. Roger Garos :

            Thanks for the Signal tip Doug-Actually though,(vs hack protection),I’m at least as concerned with Voip as a vehicle to maintain my anonymity when I make calls to regular phone numbers. Was assuming that if I started using a VPN(like AirVPN),if I then set up a Voip account like Skype over that VPN, that 1)all location tags would be blocked, and, 2)Only indication of my identity would be the name that shows up on caller ID. Assuming these are both true, which Voip providers afford the best protection of subscriber personal information(since I don’t believe Skype does). If such a Voip exists, would assume that would solve all my problems. Any suggestions? TAIA

          2. Douglas Crawford :

            Hi Roger,

            Well, if using a VoIP though a VPN (such as AirVPN), then your IP address will appear to be that our the VPN server you are connected to. So yes, it should work for you in this context.

  14. Erwin Schulze :

    Without a doubt an excellent VPN! 5 Stars with praise! ?????

    1. Falco :

      I have been using Air VPN for years, it’s the best choice for me. Defiantly 5 stars. Very prompt customer service.

  15. Eng. Tarek Herik :

    Is this airvpn service gives every user different public ip addresses ?

    1. Douglas Crawford :

      Hi Eng. Tarek,

      With AirVPN (as with most VPN services) you are assigned an IP address that is shared with many other AirVPN users (usually 50-100) . This is good privacy as it makes it very hard to determine which of the IP addresses many users is responsible for what action on the internet.

  16. Sim :


    1) Is there any possibility of choosing the encryption type for each server?

    2) Any feature(s) that AirVPN would charge for extra like choosing PFS over Cipher?

    3) The issue of Kaspersky Internet Security’s firewall conflicting with AirVPN’s firewall anyway to resolve it? I’m thinking of using Kasperskey on my PC.



    1. Douglas Crawford :

      Hi Sim,

      1. AirVPN only supports the OpenVPN protocol. Given that this is the most secure (as long as PFS is used) and flexible VPN protocol available, I believe this to be sensible and principled decision.
      2. PFS is used in addition to the cipher. All AirVPN connections use PFS (for an explanation of what PFS is, lease see here).
      3. I’m afraid that I don’t use Kaspersky Internet Security’s firewall, so I can’t comment. The best place to ask about this is probably on AirVPN’s forums. You can, of course always use AirVPN without Network Lock (the firewall) enabled. I have never suffered DNS leaks even when Network Lock is turned off, although it does mean kill switch functionality is not available. There may well be other, better, solutions.

    2. Anonymous :

      I use both Kaspersky and Air and have had no problems at all.

  17. Terry :

    I need your help if possible .
    I just discovered Air VPN and started to use it now for one month.
    I was award of privacy while surfing but it was not easy to to decide which way to go and which tool to use but after reading alot on this site it gave me my answer,I’m in for a full year and even if there’s a lot of stuff I don’t get while looking at the logs I feel safer.
    My questions are regarding 2 points.
    I was using services from “Returnil Quietzone”and still do and I was wondering if the 2 softwares are complementary ? I have it not working on for now .
    My second questions is regarding the use of the ALFA R-36 router in my configuration,feels like I’m experiencing slower speeds while going through the router,I don’t know what should I change in the router’s settings.
    For infos,my 2 testing configs are: (connecting to my friends’s Wi-Fi whit her approbation).
    – A 14dB panel antenna directly to the AWUS036NH with an active 5m USB cable to my PC,it works fine,looking at the logs after a full day,no connexion breaks.
    – Same installation but going to the R-36 to have a my personnal wi-fi in the house is a different story,lots of connexion breaks but returns after these messages,’Disconnecting’, ‘Authorzation check failed,continue anyway’,after the 4 th try it connect back to a server and keeps on.
    Not sure if I’m at the right place for that and hope I did explain my little problem not to confusing.
    Thank you for your great work,I learned alot .

    1. Douglas Crawford :

      Hi Terry,

      1) Quietzone sandboxes your web sessions as well as connecting you to the internet via the Tor Network. It is closed source proprietary software, so for simple sandboxing your browser I would use free and open source Sandboxie instead. You can also use Sandboxie to sandbox the Tor Browser, which will achieve pretty much same thing as Quietzone, while being more secure (the Tor Browser is hardened, and you are not trusting a third party to make your VPN connection for you).

      Using Quietzone and a VPN together will dramatically slow down your internet connection (thanks to Tor). Sandboxing your browser does have complimentary function, but whether this is worth the extra hassle depends on your threat model. Personally I wouldn’t bother, but that is up to you to decide.

      2) The main problem with using a router for VPN is that processing a VPN connection is very processor-intensive (especially for OpenVPN). This means that all but the beefiest routers struggle with the job, resulting in poor internet performance.

  18. Wilton :

    Hi douglas, can you help me to configure my airvpn for best surfing websites ? how to activate dns leak protection and killswitch, i always see on i see that is no airvpn exit activate, i just see my country i think because of dns leak ? thank you, sorry about my poor english.

    1. Wilton :

      ….and i aways connect in recommended server, and aways is Canada. in this site aways show my real ip, because of dns leak.

      1. Wilton :

        …ops sorry, no my real ip, my real DNS ip.

    2. Douglas Crawford :

      Hi Wilton,

      In order to enable DNS leak protection and the kill switch in the AirVPN client you must enable the “Network Lock” feature. This creates a firewall that only allows internet connections that go through the VPN. When you first start the client up, and before you hit “Connect”, you are offered the chance to enable Network Lock (see screenshot). The option can also be turned on and off in Preferences -> General.

      1. Wilton :

        Oh yeah! thank you very much, now everything works perfectly!

  19. Hugh Mungus :

    Hello, thanks for the review I’m just letting you know that your “visit AirVPN” links redirect to the NordVPN website, haha.

    1. Douglas Crawford :

      Hi Hugh,

      Thanks for pointing this out! I have alerted our tech team to get this fixed asap!

  20. Mark :

    I have been living on this site for the past few days. I’m going to purchase a VPN very soon. I travel extensively and I don’t go to “adult” sites or anything like that.
    However, I do a lot of online banking and Amazon purchases.
    I, obviously, want to keep all of that info encrypted since I’m in hotels and airports.
    Would AirVPN be the best choice for me?
    I’ve been swayed back and forth a good bit lately between ExpressVPN and AirVPN.
    Thank you for your hard work and time. This is a great educational site!

    1. Douglas Crawford :

      Hi Mark,

      For simply visiting your banking website and Amazon, etc., you do not really need a VPN, as your connection is protected by HTTPS. In many ways ExpressVPN and AirVPN straddle opposite ends of the VPN spectrum. ExpressVPN is arguably the best provider around in terms of newbie-friendly software, great customer service, and a genuine no quibble 30-day money-back guarantee. AirVPN, on the other hand, is arguably the best VPN service out there in terms of dedication to privacy and technical know-how. But it is not newbie-friendly and customer orientated in the way that ExpessVPN is. So it’s a bit like chalk and cheese. Personally I use AirVPN, but I fully understand why many others prefer ExpressVPN’s more approachable service.

      1. Mark J :

        Is there anyway I can email you with a few questions? I would rather do that than have everyone see our questions.
        If you can see my email address that’s needed to post, please send me an email there.
        I signed up for AirVPN for a few days and I just have a few questions.
        Thank you.

        1. Douglas Crawford :

          Hi Mark,

          I am employed by BestVPN, so please direct your questions here. We do not check whether the email address you enter is valid, so feel free to make one up and post your questions anonymously.

          1. scott :

            I am so frustrated! I am not computer savvy and have been fretting over VPNs for days now. I want one where privacy is of first importance and do not keep logs. I just want kodi covered. I want the VPN to only work on my tablet and not have access to my personal desk top pc and the info that is on it. I want one that is not going to cause lag in streaming. I was going to go with private internet access but then there was tons of complaints. Then I was thinking AirVPN but the UK kind of freaks me out. I have seen a lot of youtube vids that say go with IPvannish and other say private internet access. Im also worried that when I pick one that im not going to set it up right and my tablet is not going to function as I need it to. Just an FYI my tab is 32gb with 28gb available. HELP ME PLEASE!

          2. Douglas Crawford :

            Hi scott,

            Any decent VPN will do what you ask. I would suggest ExpressVPN because it has very easy-to-use mobile apps (perfect for your tablet). It does keep some minimal connection logs, but even these are aggregated.Not that AirVPN is based in Italy, not the UK (still 14-Eyes, so not perfect, but where is?) IPVanish and PIA are based in the US, and so are not recommended for privacy. NordVPN is based in Panama, keeps no logs at all, and has a mobile app, but can be slow. Another good option is Gibraltar-based IVPN, but this has no mobile apps.

          3. scott :

            Oh I just want it to automatically be working when I power up my tablet!

          4. Douglas Crawford :

            Hi scott,

            In the OpenVPN for Android app select the Settings tab. Tick “Connect on boot”, then touch “VPN used on boot and for Always-On” and select the AirVPN profile you want to use. If you are not already using AirVPN then you will find a provider that offers an Android app much easier to configure for your tablet.

  21. happy user :

    i have used air for 2 years when i have money i have air thay are he very best vpn for xbox live that you can getand 7 bucks lol i love my air

  22. Jochen :

    Nice review Douglas, I’m another of those totally satisfied customers (using it for 1 year, just renewed for another one).
    But yes, it is definitely for the more tech-savy crowd, nothing you point your mother at and just say “use that” 😉
    Two issues can get really frustrating the mentioned DNS problem when Eddy crashes, which they really should just give a prominent posting at their website as I needed some hours to find the root of the problem and resolve it.
    The other problem (general VPN problem not AirVPN related) is what I’ll call the MTU-Problem. I was at my mothers home who uses Unitymedia cable as a provider and I just couldn’t get a stable VPN connection, it worked for a short time and then just failing to transfer anything and sometimes even taking the router with it so I had to reset the router. That took me a lot of time resolving including reading a lot of VPN documentation and all sorts of partially related hints, postings,…
    You have to lower the maximum MTU-size then it works (eg link-mtu=1300 in the openVPN manual settings). Still don’t fully understood how to calculate the optimum MTU-size but playing around with the size should get you a working connection. If I sometimes decide to delve really deep into this topic and finally really understand the parameters (there is the fragment parameter to set and the correct mss-size to get the optimal throughput) then I really have to write a FAQ on this as there is not one easy explanation on the Web.
    But this is NOT an AirVPN problem, this is related to the provider!

    So, sorry for the long entry, just wanted to help other people having this problem, as I had big problems finding the cause and solution (and I’m very good at searching the web).


    PS: Just adding this for Search Engines to find it, remove if unwanted:
    Unitymedia VPN problems disconnection

    1. Douglas Crawford :

      Hi Jochen,


      – In fairness, the DNS issue affects just about any VPN client that uses a firewall for DNS leak protection and kill switch. I totally agree that AirVPN should do more to flag up the problem and explain how to fix it.
      – I must admit that I have never heard of or encountered this “MTU-Problem before. Thanks for flagging it up, and for what sounds like the sterling work you have put into researching it. Do you know if it is just a Unitymedia (a German ISP) issue, or can it affect customers of other ISPs? If/when you do write a FAQ, please do contact me or post a link to it here.

  23. Phillski :

    I’m a rookie. This info sounds like a good choice. I have a new ASUS dual band router. How does this work? The software is to be installed on my router?

    1. Douglas Crawford :

      Hi Phillski,

      You can either install the AirVPN software client on your computers or configure your router (AirVPNs instructions for doing this using Asus-WRT are available here). Note that if you run the VPN from your router, you do not benefit from the additional functionality provided by AirVPN’s desktop software (e.g. “network lock DNS leak protection and kill switch, port selection etc.). It is also worth noting that the processor in even high-end routers can struggle to cope with the demands of processing OpenVPN, so your internet connection when using VPN will likely be faster using desktop or mobile VPN software.

      1. Phillski :

        this is more great information. Thank You very much

  24. Leon :

    Hi Douglas,

    Just a few words of feedback on my 1-week journey with AirVPN. Well, in fact I’m satisfied with the speeds I get, when connected to their 1-Gigabit servers with the minimum latency.
    What I don’t really like is that Network Lock feature simply does not work when Kaspersky Internet Security is installed and operating. Whenever I disconnect from whatever AirVPN VPN-server, the software is telling me: “Network is locked” or something like that. So, I assume, I shouldn’t be able to browse Internet anymore, right? Not a chance. The internet is still working as it has always been working.
    I need to shut down Kaspersky to make this feature work. Not good!

    Second issue is that AirVPN broke my Wi-Fi connection on the very same computer, when I utilized AirVPN through it. I have no idea what the software changed, but now Wi-Fi simply does not work — there is still a normal connection, but no connection to the Internet. I need to switch AirVPN back to browse internet while on wi-fi (I have a TP-Link 300mbps n-type USB adapter and I’m getting the internet from my smartphone, which is able to create a wi-fi hotspot).
    Guess I need to go and browse their forums for some info, I’m not sure I’m the only one with these problems.
    So, these are the facts, which kinda preventing me from purchasing a one-year package.
    I don’t like these facts and I’m really not very enthusiastic as to investigating these issues myself. Maybe you can advise anything? Overall it seems like they don’t have competitors on the VPN-market offering the same features and general stability. Correct?
    Thanks a lot.

    1. Douglas Crawford :

      Hi Leon,

      Thanks for the feedback.

      1) AirVPN’s “Network Lock” is in fact a firewall that prevents all connections outside the VPN. The Kaspersky Internet Security suite also uses a firewall. The 2 firewalls clearly have conflicting rules, and the Kapersky one is blocking Network Lock from functioning correctly. This is annoying, to be sure, but I don’t think really fair to blame AirVPN for the issue.
      2) As with most good VPN services, AirVPN routes DNS requests to its own servers (rather than your ISP performing this function). What you are experiencing is almost certainly due to your DNS settings not returning to default values after quitting AirVPN. Please see my How to Change your DNS Settings guide on how to fix this.
      3) When it comes to VPN technology, AirVPN is in a class of its own. But as noted in this review, user-friendliness is not one of its strengths.

  25. nik :

    hi Douglas,

    Im using PIA (private internet access) vpn. i use viber alot. on viber what ever vpn you use it always shows your exact location (i mean your true location). you can change to hundred location on vpn but it never change on viber. why is that? how can tweak the settings so it could show my vpn location?

    1. Douglas Crawford :

      Hi nic,

      The problem with Viber is that it is a mobile app, and mobile apps use information other than your IP address to determine your location (for example your GPS location data , network provider information, and IMEI number). Using a VPN cannot help with this, and unfortunately there is very little else you can do about it.

  26. John Varga :


    Your review of AirVPN is much appreciated. I have come close to signing up with others by reading comments as held me back. The only value I see from using VPN is to keep each persons ISP or local government off their back. If one only used VPN when needed it might make sense.

    I used VPN years ago through HMA. It was almost okay at the time but had no kill switch that worked. A lot has changed since then so I am back to the newbie level.

    Paranoia in the war with the three letter guys is not misplaced. They are very good at what they do. Experience with these guys tells me that they know almost everything about us they want to know. The new $1B+ NSA complex in Utah is coupled with a new Adobe complex across the road with direct fibers interconnecting. One of the prime principles of surveillance is to hide things in plain sight. Nobody thinks to look there. I have blocked all Adobe connections on my computer and do not use Flash or Adobe reader. The first thing they do when activated is to call home. I don’t know how much or what information is sent but the one thing that rarely changes is my MAC address. You might say the MAC address does not go past my router but that is only when it is in the header. If it is sent as part of the payload then all bets are off.

    I can see the effects of my blocking Adobe and AddThis by the number of connections the system tries to establish and are rejected by the firewall. Standard procedure is for them to keep incrementing port numbers looking for a way out.

    So why do I go into such detail? I want my life back only to myself about what I do on the internet. With all of this software calling home, with who knows what or how much information, I wonder if using the best VPN available will help if when I start my browser, my identity is revealed. When Firefox came out with a recent update they included a black box (no longer open source) for the DRM people. I found the DRM module was calling home every time FF loaded. I don’t use any DRM material on my machine. I chose to install the non-DRM version. Most people don’t even know it exists.

    I see VPN as only a partial solution. A solid firewall with Adobe, AddThis, and others blocked helps. NoScript is another good weapon.

    What I don’t understand, as a newbie, is if I install AirVPN will I still have access to my network printers and other computers on my LAN that I share files with? I don’t want to be trashed by the wizards at AirVPN for asking these types of simple questions. If I have to change some ports, configure something, or edit the register I am okay with that. The problem is I don’t know what to do and don’t have their experience.

    One thing AirVPN could do is provide help files or links to simple information a non-wizard needs. Forgive me, Mr. Wizard, if I offend you by asking what you think are dumb questions. I have my specialties and you have yours. Please guide me in the right direction. I am willing to dig for it and learn. I just don’t know where to look.

    1. Douglas Crawford :

      Hi John,

      Offend? Ha ha. That’s what I’m here for!

      – I completely agree that using a VPN is a only partial privacy/security solution. I think you should view internet privacy and security as a complex problem, and to have any chance of addressing the problem, you need the right tools. A VPN is one such tool, and if implemented well (as it is by AirVPN), a very good one.

      – If the NSA is after you in particular, then you are probably fucked. A VPN, however, is very effective at hiding your internet activity from blanket surveillance measures.

      – Please see my article on Firefox to incorporate DRM (reluctantly). Note that DRM can be turned off in Firefox (Settings -> Content).

      – To stop online tracking, browser extensions such as Privacy Badger, uBlock Origin, and (if you want to go nuclear) NoScript are better than VPN (or more accurately, should be used in combination with a VPN – see “toolbox” comments above).

      – As with almost all VPN clients, AirVPN exempts LAN connections from its firewall, allowing you to use local resources such network printers and NSA drives as normal. The only problem I have ever encountered is connecting to my Chromecast from my PC when AirVPN is running (although, strangely enough, Casting from my Android phone with AirVPN running works just fine).

      1. Crispin :

        Ublock Origin with Dynamic Blocking enabled is better than NoScript, as it prevents your browser from sending requests to the server in the first place.

        1. Douglas Crawford :

          Hi Crispin,

          Thanks. When I have the time I will investigate this more.

  27. Matthias :

    Hi Douglas,

    very helpful review, thanks! I am in China, using two vpn …just in case. The Air VPN set-up took some time as the user interface requires some understanding, which I do not have. But there was a good explanation on the website and I managed. Now I am able to use google and watch you tube videos. It also works during times of increased blocking activities (during public holidays and party congresses).



  28. nobody :

    Save your money by reading this! Being AirVPN user for 3+ months, I can say – run away as fast as you can!

    Their servers worked well enough for 2+ months, then connection problems started occurring more and more often. Today I posted a message on their forum telling that service is down again, and called it a “great service”. Do you know what happened? They instantly banned me on the forum, closed my VPN account (I paid for 12 months of service) and this is it!

    Needless to say, they ignore all my emails and refund requests, so stay away from this “company”! Otherwise, your account will be closed and they will keep all your money in case you complain about their service.

    1. Douglas Crawford :

      Hi nobody,

      Ouch! That’s not good! I must say, however, that my experience has been somewhat different, and that AirVPN’s support has always tried to help when I’ve had an issue..

    2. VYI01 :

      @nobody (Poster)
      Well with the tone in which you write, I can understand why they might ban you, as you were probably quite indignant. By the sound of it, you appeared on the forum and cried like a baby, no offence. “Your servers are down! Nothing works!!!” and not even bothering to:

      – Describe the problem
      – Describe your setup and/or show relevant client logs
      – Describe things in a civil way
      – Describe the results of using AirVPNs OWN TESTING SERVICES such as the Route Checking feature, that lets you check all servers at once, to see if only 1 server is the problem or not:

      If that’s the case, then you kinda deserve a ban IMO, because honestly, there’s no telling legitimate users from spammers and trolls a lot of the time. What’s the result? Clean forums, where information isn’t obscured by emotional outbursts and senseless slurs. Because you know what? There’s a 99.99999% chance that the servers were not down that day; if so, more users than simply you, would’ve been on the forums reporting the issue. So what likely happened (and I did try look for your post), is that you appeared on the forums, moaned about problems in a lazy and unhelpful way (even downright rudely, if that “great service” remark was sarcasm) and then tried to pin the problem on the service itself, before checking and getting feedback on your own setup. This is basic 101 stuff.

      There’s also many helpful people on the forums. Just check this new-user guide that an AirVPN member made:

      So if anything, you could ask him personally or post in the thread. The point is, you didn’t try to solve the problem like an adult, it seems, so why should anyone treat you like one?


      Otherwise it’s an excellent review Douglas. You put out some great stuff.
      The location of AirVPN doesn’t make a huge difference, because in a way, there’s not many viable countries in the world for this stuff. A lot of VPN providers they fake their Geo-IP, to make it appear that they’re located in a different country for instance. I think you should mention something about VPS instances:

      Namely that some services, such as PIA, offer many locations officially. But in reality, a lot of these locations are fake and run on a VPS. Running a VPS setup can be okay if users are informed as such; but most aren’t. This means people think you run “bare metal” servers in country X or Y, but in reality those servers are in country A, pretending to look like they’re in country X and Y. This then lets the VPN provider “add another flag” to their front-page. My point is, that AirVPN doesn’t do this. They’re very honest. In fact, they care so much about security and privacy, that they simply won’t setup servers in countries deemed bad for them. So it’s not because they don’t *want* to set up more servers or are physically unable to, it’s because they have a mission to protect the privacy of their users. That, and they make actual cost-benefit analysis about server locations: for instance, the Middle-East is an expensive place to set up a connection. If you could even get a good-quality one in the first place. But many other VPN providers don’t mention this. Just like they don’t mention that using a VPS means you can log everything the virtual “servers” are doing.

      I think you should’ve given it 5 stars for pricing, considering you get so much for your money. No over-selling, no lies or attempts at deceiving people. Oh well.

      I do agree their customer service could be a little better however, as well as making things more user-friendly for newcomers; but then there’s members who’ve already posted guides, like the one I linked to, as you said.

      Thank you.

      1. Douglas Crawford :

        Hi v13,

        Thanks! 🙂 As you will know if you have read this review, I am a big of fan of AirVPN. In fact, I think it runs both the most principled and technically capable VPN service on the market. As for the star rating, these are are not decided by me, or even by the BestVPN staff. They are derived from the ratings entered by readers when they post comments here.

      2. WA Family :

        I disagree that you can infer accurately from someone’s tone what type of client she/he’s been in the past. Several large publications on the psychology of complaining point out that many people don’t want to invest the effort and time in complaining–especially in a compliants-averse culture like that of the US, so by the time they do, often the issue they’re confronting has gone on for so long or has become so critical that tempers easily flare. If someone’s already tried diplomatically to handle the matter but has been ignored or mistreated, she/he’s likely to become significantly more agitated. Even tacitly censoring these individuals in other forums is counterproductive, as we should all know if companies whose services we’re paying for can be unprofessional. And ad hominem certainly doesn’t resolve anything (“…cried like a baby…”). Your own argument would have been much more credible without it.

        We, at least, appreciate Nobody’s heads-up as we look for a replacement VPN for our at-home browsing needs.

      3. Smellysocks :

        Firstly, and I’ll comment on your post vyl01, I’m a basic user and have used airvpn for over a yr now…and it’s fantastic! I had some connection issues to start which were quickly solved by a polite email to support.

        Secondly. I completely agree with your suggested comment about the previous post, the manner in which we conduct ourselves or the impression we portray…not to mention publicly degrade a very high service, I agree will be met with severe consequences

    3. Drasmorg :

      I have been using AirVPN for 3 years, the only problem I have ever encountered was with P2P slowing WAY down. The help desk, as stated, is very techie and did not help me at all fix the solution but for some reason it fixed itself. This was about 1 year ago and everything went back to good speeds after about a week, not sure why and it wasn’t anything I did. My subscription finished 4 days ago and I have been spending all that time searching for another provider but so far AIRVPN is still tops, even if all the vpn review sites don’t show it as. Once setup, which is just an install really, everything works out of the box. I renewal for a year, with a 10% coupon, will be $4.05 per month, slightly more than the cheaper vpns charge but far better product.

      I use Windows 8.1 firewall and the network lock works as advertised for me. I run IPLEAK test and nothing ever points to my real location. Sometimes when you shut down AIR the lock won’t reset your IP4 address, then you have to go in and change it from their DNS number to default, but that is it.

      As stated, I am buying their service again for the 4th year right now.

  29. Michael :

    AirVPN accept a wide range of payment options but beware if you are using a prepaid credit card. Their card processor Avangate does not always respond nicely to users of prepaid giftcards.

  30. Marco :

    Hello Douglas,

    can you explain why Italy is not an ideal loc?
    Cause I’m from Italy and I’m looking for a vpn to use here.

    Specifically, I work in an italian university, so the athenaeum network managing office assigned an IP to me, but I know they can (and probabily do) monitoring my traffic.

    Can you tell me if a vpn can allow me to safety dl with utorrent even in this circumstance and are there specific risks using an italian based vpn in Italy?


    1. Douglas Crawford :

      Hi Marco,

      Italy is a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. I have provided a couple of links in the article to demonstrate that this is more than a theoretical problem. Despite this issue, I still regard AirVPN as the most secure and privacy-conscious provider on the market. You can download safely using AirVPN (or any torrent-friendly VPN provider) – the NSA etc. does not care about this. As a precaution, however, I would suggest using a server based in Switzerland, as copyright piracy for personal use is not illegal there.

      1. Marco :

        Thanks for your ready answer!
        In truth, I don’t care at all about NSA spying activities, i fear much more the university network manager.

        Well I’ll try out airvpn, thanks again.

  31. Dario :

    Worst service ever!

    I was happily signed in the web site and then i decide to log out.
    Then i was not able to sign in again! I asked for a password reset and after several trials i finally decided to change the password to the most difficult one: 1111.

    NOTHING, always the same message: “username or password incorrect”

    They do not support anything else than OpenVPN. I wander why everyone is surprised by the fact that many potential users seem to be put off by AirVPN.

    Only few top routers support this protocol, and even less xDSL modem router do.

    Thank God i was smart enough to spend only 7 Euros in this junk.

    1. Douglas Crawford :

      Hi Dario,

      Support is not AirVPN’s strongest point, but I am surprised if it didn’t offer some assistance with this issue. As for support only for OpenVPN – it is the most secure and flexible VPN protocol, and I admire AirVPN’s decision to use only it. I agree, however, that AirVPN is not for everyone.

      1. Dario :

        They quickly solved the problem.
        Stupid encoding problem in my username not notified during registration!

  32. coen :

    Perfect working! Installation full automatic, nice working on my iMac.

  33. K :

    A quick follow-up regarding AirVPN. It appears one of the main founders of AivVPN is Mr. Paolo Brini. He is also a spokesperson for ScambioEtico, an Italian group that campaigns for civil liberties and copyright reform.

    This bit of info fills in, for me, the statement on AirVPN’s website that:
    “Air VPN was originally founded in 2010, by a group of ‘hacktivists’ and lawyers, both of which were willing to donate their time to a cause that they believed in. The AirVPN system was originally created for the Pirate Party festival in Rome, which shows just how involved they are in the pro-privacy and anonymity scene.”

    This gives me additional confidence and comfort in using AirVPN. Thank you Mr. Brini.

    1. Douglas Crawford :

      Hi K,

      That is a great bit of detective work – thanks for sharing!

  34. K :

    One of the interesting and recurring questions that comes up in the 15 years I’ve been using vpns is how can you decide which ones to trust? Are there some sort of “inside” forums or IRC channels where ‘those who know” know who runs various vpns? A simple statement on a vpn’s website of their good intentions really isn’t worth its screen space. For example Perfect Privacy, which provides a very good quality vpn service with easy triple hopping would seem to be a trustworthy operation based on their statement that they are a group of “privacy advocates”. Until you find out that this group of “privacy advocates” is founded and run by serious neo-Nazis. It seems very hard to determine who is actually behind many of the vpns so you could make a best judgement about their likely trustworthiness. Are there any recognized persons respected in the privacy community that vouch for particular vpns? (similar in principle to reviewing public encryption code). There ought to be. Does EFF for example vouch for the bona fides of any vpns?

    I would like to hear some trusted person vouch for AirVPN for example. I’ve found it very hard to find out anything about who is behind Air, just as it was hard to find out who was behind Perfect Privacy. It would seem nearly dereliction of duty for TLOs not to be operating some vpn honey pots, but how would you identify them? Without some kind of a web of trust, choosing a vpn is nothing more than a crap shoot.

    1. Douglas Crawford :

      Hi K,

      A web of trust to vouch for VPN providers is an excellent idea (especially if supported by the likes of the EFF)! Unfortunately no such thing currently exists, and I have no idea how it might be implemented, but BestVPN would be very happy to support such an initiative.

      With refernece to Perfect Privacy, could you please explain this statement and provide references? Thanks. Edit. ah… this. Ouch, not nice. Thanks for bringing it to my atention.

      1. K :

        Yes, this is a very distressing accusation against Perfect Privacy. And I wouldn’t say it if there weren’t definitive proof. In this case I will take a conviction by German courts as definitive. Below are two links to publications detailing the German court case against three neo-Nazis, and their relationship to PP. The third link is Wikipedia about one of those convicted. No doubt some further drilling down would reveal many additional connections.

        In 2012 a reference to the above arrests and trial appeared in the Perfect Privacy forums, but very quickly disappeared. I imagine a large percentage of PP users do not know that their (rather high) subscription fees go toward supporting people who advocate this kind of hateful and disgraced ideology. I seem to remember that I stumbled on some web references connecting the convicted neo-Nazis above and Stormfront, one of the largest American and European neo-Nazi groups. But I would encourage anyone interested to verify this independently.

        Re: web of trust for vpns, in the next few days, I’ll try contacting some of the privacy advocacy organizations listed here,, to see if they can offer some advice on how to go about creating a web of trust for vpns. I’d be happy to collaborate with you and some small group on such a project. Perhaps we can build a critical momentum to make this happen :). Feel free to contact me at my email below. Cheers.

        1. Douglas Crawford :

          Hi K,

          Thanks for tipping us off about this, we have now updated our Perfect Privacy review to include mention of the issue. It is entirely possible that Perfect Privacy was always unaffiliated with the vile political views of some of its staff, or even if it was, that this may no longer be true. We do, however, feel it an issue customers should be aware of, as many would be horrified to think thier subscription fees might contribute to propagating such extremist views. I have emailed you about your web of trust ideas.

        2. NG :

          One of the best comments on the site. I would try AirVPN but I’m afraid it’s too expensive. I’m sticking to PIA now that they’re offering a discount after my account expired 🙁

  35. Dave :

    How much processing power would you recommend for the additional layer of SSL?

    I was thinking of buying the Netgear R7000 Nighthawk DD-WRT FlashRouter with 1 GHz.

    1. Douglas Crawford :

      Hi Dave,

      I’m afraid that I can’t give you a definitive answer on this one, but when Peter reviewed this router he encountered no slowdown when using it for regular VPN. I would guess that it is powerful enough to deal with the extra layer of SSL, but it might be a good idea to ask AirVPN’s own forums just to be sure.

  36. K :

    Hi, Douglas
    I have to agree with all the previous posters that your review is excellent and IMHO, spot on! I’ve been using Air for about a year, it’s the 5th vpn I’ve used in the last 15 years. The functionality is superb and, as you said, it’s actually very easy (and reliable) to use.

    But, as again you put very nicely, the sort of icy ubertech can be at times frustrating. And I’m pretty tech savvy. At the moment I’m felling frustrated that some forum posts there were blocked because they weren’t sufficiently tech focused. God forbid you should talk about the political environment of privacy. Well, with Air it seems warm n fuzzy isn’t an option, you have to be satisfied with technical expertise par excellence. Which is what I’ve chosen by re-upping. As a future improvement to their service I would really like to see them add selectable multihop to Eddie. But they don’t seem well disposed to considering suggestions. Perhaps it’s just as well that they remain a smaller niche provider…increasing size often deteriorates quality. It does worry me that the group and all its severs (but one) are located in 15 Eyes countries. It would be comforting to be able to multihop (easily) through non-cooperating political jurisdictions. Cheers.

    1. Douglas Crawford :

      Hi K,

      Thanks! I will just note that I am dubious about the value of mulit-hop connections. The VPN still routes the signal, and so a) adversaries will be easily able to trace a user to the the VPN provider, and b) the provider still does the routing, so knows exactly who is connected to what. I am happy, however, for someone to explain why I’m wrong about this.

      1. K :

        Hi, Douglas

        What you have said is correct if you assume that the vpn provider is compromised, i.e. giving your information to some government organization. If they are protecting your information as they have promised, then it seems it would be much harder for lets say, the NSA to do backtracking traffic analysis through Russia to China to its originator in i.e. Venezuela. If the vpn is compromised, then 1 or 100 hops is irrelevant. But the same holds true for Tor or any vpn service, if it’s compromised, game over. If the vpn is not compromised, just multi-hopping itself makes traffic analysis exponentially harder with each hop, i.e 100 users on hop one X 100 users on hop two X 100 users on hop three…now you have to sort through 1 million sources for the source of the signal, not 100.

        Also not having the cooperation of the governments where the servers are located would seem to make the problem even harder than having that cooperation which might allow for example physical access to the servers.

        1. Douglas Crawford :

          Hi K,

          Interesting points, thanks. This only seems to be true, however, if you locate double-hop servers in countries where your primary adversary (say the NSA for argument’s sake) has no reach, which is itself problematic. Russia, for example, is hardly a place where I would want servers protecting my privacy to be located, and China actively tries to block VPN traffic. If we are going to assume the VPN provider is not compromised, then use of shared IPs and Perfect Forward Privacy should thwart all but the most advanced traffic analysis (and if someone capable of this e.g. the NSA is targeting you in this way, then you are probably in big trouble anyway).

          I also think that “the same holds true for Tor” seems wrong, as Tor connections are routed through at least 3 random nodes, and are re-encrypted each time. This makes it all but impossible to trace the route from beginning to end (a very powerful adversary such as the NSA, if it was willing to throw insane resources at pwning enough Tor nodes across the world, might be able to pull this off, but even then, it would be a long shot).

          1. K :

            I agree with most of your first paragraph. Actually the reach of 5 Eyes within Russia or China is probably only known to 5 Eyes. But it seems at least a bit comforting to think about triple hopping through non-cooperating jurisdictions. But it would depend on who you thought the threat was from; a Russian or Chinese dissident obviously wouldn’t want to use servers in their own countries. Also it would seem logical that a foreign government would be less invested in determining one’s political views, for example.

            As I understand Perfect Forward Secrecy, it wouldn’t really impact on traffic analysis as it only changes keys frequently, but traffic patterns wouldn’t change. But multihopping gives exponential improvements in defeating traffic analysis.

            There are several vpns that offer multihop. Do you know if it’s a sort of common practice to re-encrypt at each hop?

            A real weakness in TOR is that some percent (sometimes a very large percent) of volunteer nodes are controlled by government or hacker groups (sometimes a large percent, especially exit nodes). Also compromising a small number of administrative nodes could give a TOR attacker control over the routing of all TOR traffic. As far as I know this is not known to have happened, but is a theoretical weakness.


          2. Douglas Crawford :

            Hi K,

            1) I think you do have a good point. If the double-hop server is located in a country hostile to your adversary, then it might be useful (but if it is located anywhere else, then I don’t think it is).
            2) True, PFS won’t prevent traffic analysis per se, but it does make it pretty much impossible to compromise an OpenVPN connection (my bad for being unclear).
            3) I know that NordVPN does encrypt data each time it leaves a double-hop server, but then most of its double-hop servers are located in countries friendly to the NSA and most international police forces…
            4) To effetely deanonymise someone on the Tor network the NSA would need to run a lot of those nodes… as I noted earlier, this might be possible, but would require a very large effort.

  37. AirVPN :

    Hi Douglas,

    very nice review, thanks.

    I would just like to point out a bad mistake in it that you might like to fix. You write: “As we can see on the table, AirVPN uses very strong encryption, although it is probably about time to move away from SHA1 data authentication to something stronger (SHA1 is still considered secure, but may not be for long)”

    The main problem is that you assume that SHA1 is the cipher for packets authentication, either on the Data or the Control Channel. But that was never the case, the cipher is HMAC SHA1 in the Data Channel (or HMAC SHA384 in the Control Channel).

    Let’s assume that collision methods against SHA can be routinely performed: even if that were true, that would not allow an attacker not knowing the HMAC key to make an undetected change in a packet (and therefore inject packets in the flow surreptitiously).

    To bring on the collision attacks on SHA-1 you need to know the state of the SHA-1 chaining variable. The key enters both extremities of the iteration of rounds in which the message (the packet, in our case) stands in HMAC. A much deeper break of SHA-1’s round function would be needed to break HMAC and then starting SHA1 collisions attempts.

    For a mathematical proof that HMAC (and NMAC) provide security without needing collision resistance of the underlying hash algorithm please see this very important paper:

    “This paper proves that HMAC is a PRF under the sole assumption that the compression function is a PRF. This recovers a proof based guarantee since no known attacks compromise the pseudorandomness of the compression function, and it also helps explain the resistance-to-attack that HMAC has shown even when implemented with hash functions whose (weak) collision resistance is compromised. We also show that an even weaker-than-PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal, where again the value lies in the fact that known attacks do not invalidate the assumptions made. ”

    Kind regards and thank you again for the great review.


  38. Sebastian :

    Hi Douglas

    Very nice review, it stands apart from many other VPN reviews i have read.
    I’am a Air-VPN user for the 4’th year now and love there service.
    Not long ago i renewed it for the next to years.
    I can agree to your “heavy tech focus” when discribing the language and the forum, but there are many nice people writing how to’s and torturials.
    The three simultaneous connections come very handy when you try to utilize all your broadband bandwidth. I use them in a simultaneous loadbalancing setup with opnsense firewall.
    Keep up the good work!


  39. sangy :

    AirVPN is surely the best VPN I’ve ever used. The speeds are damn good, it never felt like I was using a VPN. The only problem I faced was with the client. The client often crashed while minimizing the tab. But when it comes to privacy, this is the best

  40. Max :

    Hi Douglas, one quesiton,

    I see airvpn has servers in Canada. Is safest to download/p2p from them? I read this

    “Canada has enacted mandatory data logging and monitoring by Internet Providers and VPN service providers based in Canada”.

    Don’t know if this apply to all vpn providers located in Canada, or to all servers no matter where the vpn provider is located (i understand airvpn headquarters are in italy)


    1. Douglas Crawford :

      Hi Max,

      If AirVPN says it’s safe to download then it will be safe. I think the mandatory logging situation in Canada is very “grey” at the moment, and no-one is really sure what is going on (including providers).

      1. Max :

        Hi Douglas, thanks for your answer.
        Anyone has a good coupon to use (20% o 35% off) for 1 year with airvpn?

      2. Max :

        Hi Douglas, one more question about AirVpn, do you know if protect us from protected copyright holders just in case?

        1. Douglas Crawford :

          Hi Max,

          Yes it will. Not only is it dedicated to protecting users’ privacy, but it uses shared IPs and keeps no logs, so it would be almost impossible to hand over users’ details, even somehow if forced to. Note that pretty much all VPN services who permit P2P also protect their customers in the same way.

  41. Mark Stubbs :

    Hi Douglas,

    Excellent review. I was quite surprised at the low renewal stats that you mentioned. Perhaps as a somewhat regular contributor on the AirVPN forum I/we could perhaps be a little more aware that newbies could be treated with a little more due care and attention. I for one can tend to be a little terse and impatient with what I deem to be ‘daft’ questions or comments from some.

    However, the general feeling is that we point or nudge people to look up stuff for themselves and therefore learn more about the subject by doing so. Need to be somewhere in the middle I guess!

    Best Regards

  42. Artur :


    As I happy AirVPN user I mostly agree with Your review. Mostly except, Air DNS double-hop. It’s at best patchy. For example BBC iPlayer just doesn’t work on most server locations outside UK. I’m currently on Netherlands servers and can’t connect to iPlayer. This is important, because some people may have false expectations that they can connect to fast, nearby server and stream content from all over the world. This just not work. However You may, as with any other VPN provider connect to given country and bypass geo-blocking.

    Another important information is that with their subscription You may have up to three simultaneous connections.

    Just my $0,02.

    1. Douglas Crawford :

      Hi Artur,

      I totally meant to include info about simultaneous connections, but simply forgot. I generally find that the “double-hop routing! works well, but you are right that it is not perfect. Thanks for your input, and I have updated the article accordingly.

  43. Guy Haiar :

    What part of Airvpn is the most confusing for people who sign up for it?

    1. Douglas Crawford :

      Hi Guy,

      TBH I don’t find anything that difficult (just download and install the software as per normal), but based on reader’s comments and our market analytics, many potential users seem to be put off by AirVPN very techy and jargon heavy focus.

  44. Rick :

    Nice Review Douglas and as always I learned something new. So who are some other VPN providers that provide ‘ Perfect Forward Secrecy’?
    I just finished a 1 year sub with PIA and sign-up with NordVPN. Nord’s servers are noticeably slower and do drop-out quite often. In your opinion which provider has better security features? Do either of them offer Perfect Forward Secrecy? it’s not mentioned anywhere on their website, I assume it’s something their marketing departments would splash on their website. Thanks.

    1. Douglas Crawford :

      Hi Rick,

      Thanks! To be honest, I don’t know which other services use PFS, but will include this information in any future reviews I do. As for PIA and NordVPN, it is probably best to ask them – I suspect they don’t implement PFS (or as you say, they would shout about it), but asking may encourage them (and other providers) top pull their socks up in this regard!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

Хотите добавить звездный рейтинг в свой комментарий? Нажмите сюда
Служба поддержки клиентов