VPN.ac Review

VPN.ac is a Romania-based VPN service that provides users with advanced encryption, very secure apps, and excellent performance. Their network consists entirely of dedicated bare-metal servers with self-hosted DNS and gigabit bandwidth channels. VPN.ac also provides you with unique encryption protocols, double-hop server configurations, and secure proxy browser extensions.

The one main drawback with VPN.ac is that they maintain minimal connection logs (no activity or session data). As they explain on their website, these logs are used for network security and support purposes and they are erased daily running a cron job. VPN.ac has an excellent track record and remains one of the leaders in VPN technology.

How much does VPN.ac cost?

For a premium VPN service that uses only dedicated servers and offers excellent, secure applications, VPN.ac is one of the best deals around.

VPN.ac is currently offering a discounted pricing plan for two-year subscriptions, which sinks the price down to only $3.75 per month.

This is about average in terms of pricing. It is more expensive than NordVPN, but cheaper than ExpressVPN.

Discounted one-week trial – VPN.ac also offers the option to get a discounted one-week trial subscription, which includes all features and full functionality. Simply go to the website here and click on the FAQ tab to get the trial.

Payment options – VPN.ac offers many payment options, including anonymous payment methods, such as Bitcoin and various gift cards:

  • PayPal
  • Bitcoin
  • Credit cards
  • Alipay
  • 100+ US gift cards
  • Mobile/SMS options and more…

Refund Policy – VPN.ac provides a 7 day money-back guarantee, which they clearly describe on the website:

7 days money back guarantee: We will refund your order if you can’t use our service or if you are not satisfied with it.

The refund policy is clear and does not contain any hidden exceptions or bandwidth clauses. See the details here on the website (under Legal).

Company information and jurisdiction

VPN.ac was created by a team of network security professionals in 2009.

They are transparent about the background of the company and their professional qualifications. From their website:

Each individual member of our team has over 14 years of experience in IT security, providing security audit and penetration testing services for both public and private customers, banks and military institutions.

Our experience in pentesting and security audit services is mainly what gives us an edge in keeping our infrastructure secure, because it is often the infrastructure implementation which is the weakest link of a VPN service.

Encryption/data security is something we are very familiar with, as a result of being a local supplier of some of most secure commercial encrypted storage devices, which are compliant with requirements for governmental and military use (FIPS 140-2 Level 3, Common Criteria EAL, NATO InfoSec, etc.)

They also provide the contact details and professional certifications of the parent company, Netsec Interactive Solutions, which is based in Sibiu, Romania.

vpn ac review romaniaJurisdiction – VPN.ac falls under the jurisdiction and laws of Romania. Romania appears to be a solid jurisdiction when it comes to privacy. It is not a member of the 14 Eyes surveillance alliance, or a close ally of any major spying regimes.

Private data is also protected in Romania, with data retention being officially declared unconstitutional by the Romania Constitutional Court in 2014.

Overall this appears to be a good setup to protect customer data and privacy.

Platforms and applications

VPN.ac supports many different devices and platforms. They offer VPN applications (clients) for Windows, Mac OS, iOS, and Android.

You can download the latest software directly from the website and also view the installation guides:

Connections – VPN.ac allows 6 connections per subscription. For comparison, this is double the number you get with ExpressVPN

Knowledge base – You can find many detailed guides in the knowledge base dealing with a variety of topics:

  • OpenVPN, IPSec/L2TP, IKEv2, and PPTP encryption protocols
  • Router installation guides
  • Secure proxy and Socks5 proxy setup
  • Online privacy tips
  • Troubleshooting guides

If you are interested in using a VPN on a router, VPN.ac is a solid choice because their premium network offers plenty of bandwidth, high security, and excellent speeds.

VPN.ac advanced encryption

VPN.ac offers numerous different encryption options. This allows you to select the best encryption strength depending upon how much privacy and security you are seeking, while also optimizing performance.

The default encryption protocol is OpenVPN ECC (Elliptic Curve Cryptography).  This provides a good combination of speed and security. The VPN.ac website further explains their different VPN protocols and encryption options:

  • PPTP: 128-bit MPPE (keep in mind that the protocol itself is broken so the encryption is pretty much useless per se)
  • L2TP/IPSec: 256-bit AES and RSA-2048 (with Maximum Strength Encryption enabled in manual setup or with our software)
  • OpenVPN 128-bit BF: 128-bit BF-CBC for data channel, RSA 2048 for keys and SHA1 HMAC (preferably to be used only on devices that do not currently support AES/custom OpenVPN settings, e.g. Synology NAS)
  • OpenVPN 128-bit AES: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA256 HMAC
  • OpenVPN 256-bit: 256-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC
  • OpenVPN ECC: 128-bit AES-CBC for data channel, Elliptic Curve using curve secp256k1 for keys and SHA512 HMAC
  • OpenVPN XOR: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC

Optimize performance – Having different encryption options helps you to optimize performance with your VPN. Testing out different encryption protocols and ports is a good idea if you are in an area where VPN use is restricted.

Reading through one of the privacy guides on the website, they make an interesting argument for using a 128-bit cipher over a 256-bit cipher with their software:

OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don’t expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). Therefore, AES-128 is a very good choice over AES-256 which is mostly used for marketing claims (“bigger is better”).

Now we will examine the obfuscation features.

VPN.ac secure proxy for browsers

VPN.ac provides secure proxy browser extensions for Firefox, Chrome, and Opera browsers.

vpn.ac secure proxy
VPN.ac offers three different secure proxy browser extensions.

VPN.ac describes the benefits of their secure browser as follows:

  • Strong encryption for all browsing activity using TLS (pure HTTPS traffic)
  • Stealth against Firewall/DPI (deep packet inspection): when inspected using DPI technologies, the connections using the SecureProxy don’t trigger alerts like a classic VPN would usually do
  • There is no need to tunnel all your PC traffic through the VPN: you can have the browser tunneling the traffic through our servers and all other traffic sent via your regular ISP connection. You can call it “a VPN inside the browser”

This is a great feature for people who don’t want to encrypt all traffic on their computer via a VPN, but seek a secure solution for browsing with more privacy. More information can be found on the website.

Note: For more information on browsers and security, check out the secure browser guide and also the Firefox privacy guide.

Obfuscation to defeat network restrictions

VPN.ac offers an excellent lineup of obfuscation features, which allow you to break through any network restrictions. This can hide VPN traffic, which may be getting blocked, as standard HTTPS encrypted traffic. Obfuscation usually entails a small performance tradeoff, but this can be minimal.

As a brief reminder, obfuscation features are necessary in countries such as China and Saudi Arabia, which implement censorship and strict network restrictions. This is also the case with many work or school networks that block VPNs or implement other restrictions. There are also reports of internet service providers interfering with VPN traffic – another reason to use obfuscation.

This is very easy to do because VPN.ac offers different VPN protocols (OpenVPN XOR) and port selection options, as they explain on their site:

OpenVPN XOR is similar to OpenVPN 256-bit in terms of key strength and HMAC as the same are used, it is just the symetric cipher that is different, AES 128-bit being faster and less CPU intensive than AES 256-bit. We recommend to use it only when other OpenVPN types do not work, such as within networks that block other connections than outgoing over ports 80 and 443. Running OpenVPN XOR over port TCP-443 should by-pass most firewalls/web-filtering engines.

Implementing this in the application is very easy, simply select the OpenVPN XOR protocol, then select port TCP-443, and then you can connect to any server you want:

vpn obfuscation stealth
XOR protocol + TCP port 443 will break through network restrictions.

As an extra stealth VPN feature, VPN.ac also provides a lineup of servers that are generally configured for China or other restricted countries. These are labeled in the VPN.ac client as “China Optimized” servers.

Multi-hop VPN configurations (cascades)

This feature adds a higher level of security and anonymity by putting two encrypted servers between you and the unencrypted internet.

As targeted surveillance practices and tracking continue to advance throughout the world, these advanced privacy features are becoming more important.

Double-hop – VPN.ac currently offers 18 double-hop VPN server configurations. This is a great selection when compared to other providers. Here are a few of the double-hop servers available:

double hop vpn server vpnac
VPN.ac gives you 18 different double-hop VPN server configurations.

Performance – With multi-hop VPN configurations you can typically expect a performance reduction simply due to increased latency (distance your traffic must travel).

However, VPN.ac offers some of the best double-hop speeds I have tested. The test results are further below. When testing a Germany – Canada double-hop connection I hit download speeds of nearly 82 Mbps.

Self-configurable multi-hop – For those seeking a higher level of anonymity, one great option is a self-configurable multi-hop configuration. In other words, the server network and applications allow you to create your own unique multi-hop chains.

VPN.ac connection logs

The one main drawback in terms of privacy is that VPN.ac keeps connection logs – but these logs are erased daily. Here’s the exact explanation on logs from the VPN.AC website:

Do you log/monitor my activity? What logs do you keep on servers?

No, we do not log/monitor any kind of user activity such as visited web-sites, emails, files transferred, instant messages, DNS queries etc.

We do, however, keep some connection logs (to our VPN service) for security and support purposes. These are kept on a separate, encrypted server (located in an undisclosed location) and are automatically erased on a daily basis. We don’t keep any logs on servers, not even common Linux daemon logs.

Keeping these logs also help us in identifying potential attacks against our service, such as brute-force and even some MiTM attack vectors.

Note: As stated above, it is important to note that all connection logs are automatically erased daily. From the website:

All logs on this server are permanently deleted on a daily basis running a cron job. We do not log or store any sensitive data such as what you actually transfer during the session.

Overall this isn’t too concerning in my opinion. They are clearly being honest and transparent about their policies, explaining their need for logs, and also how the data is erased daily. Most VPNs need to maintain some form of logs to enforce connection or bandwidth limitations.

Server network

VPN.ac’s server network is both secure and fast, with a clear emphasis on server quality (dedicated bare-metal servers).

One of the biggest issues affecting speed is the number of people using the VPN server at a given time. Many VPNs oversell their services, resulting in congestion, slow speeds, and dropped connections.

You can clearly see this is not the case with VPN.ac by looking at their server network bandwidth stats in real time. (Simply select “VPN Nodes Status” at the top of their website.)

As a VPN.ac user, I have yet to find their servers overloaded with users. Here is a screenshot I took illustrating bandwidth at various VPN server locations.

vpn.ac-server-bandwidth
VPN server bandwidth is one of the most overlooked issues when choosing a VPN – but it’s important. This is what great bandwidth looks like – see the real-time bandwidth stats on the website under “VPN Nodes Status” at the top.

No virtual private servers (VPS) – Another important aspect when examining VPN servers is whether they’re using virtual private servers (VPS), or dedicated (bare metal) servers for their VPN nodes. Here is VPN.ac’s server explanation from the website:

We use dedicated servers on our VPN nodes, mostly consisting of powerful E3 and E5 Xeons with hardware AES crypto acceleration. Running VPN gateways on VPS/cloud instances is a security risk. Moreover, running VPN nodes on dedicated hardware can be as 10x or even 20x times more expensive than running on virtual servers, hence the reason why we don’t advertise ‘hundreds’ of locations but focus on fewer, where security is done properly and the bandwidth capacity is enough to ensure a fast and reliable service.

The security and privacy benefits of using dedicated servers cannot be overstated.

No fictitious server locations – I also tested a number of VPN.ac servers to verify their true locations. Every server I tested checked out. (Many of the larger VPN providers utilize fictitious “virtual” server locations.

VPN.ac with Netflix – Although they don’t advertise it, VPN.ac does continue to work with American Netflix on some servers.

Privacy and security

In terms of leak-testing results, VPN.ac passed without any leaks or issues to report.

I tested the Windows, Mac OS and Android clients using the basic testing procedures outlined here.

Here I’m testing a Norway server. Notice, my DNS requests are being picked up by three different secure servers in VPN.ac’s network. The IPv4 address matches the server, IPv6 is blocked, and there are no leaks to be found:

Here is the VPN.ac Windows client:

vpnac leak test

Here is a test with the Mac OS client and a server in Canada:

vpnac mac os leak test

The test results for the mobile clients (Android and iOS) were the same: no leaks.

As you can see from these test results, VPN.ac offers high-quality applications that are secure and will protect your privacy.

DNS leak protection – VPN.ac also does a great job of ensuring there are no DNS leaks by using their own secure DNS resolvers. From their website:

We protect DNS queries against MitM hijacking and snooping, wiretapping. We have our own, private DNS resolvers outside of US and UK. All DNS queries sent by VPN users are forwarded by our VPN servers to the private resolvers, through encrypted tunnels.

We are using an unique and clever way to overcome this risk [of 3rd party DNS resolver monitoring], by running a query generator service on each DNS resolver. Specifically, We are generating over 10 million DNS queries to existing domains each day. Those queries are generated randomly, at a high rate, and are mixed with the DNS queries of our customers. Basically, we are generating “noise” and it’s virtually impossible to match a user’s DNS queries within the “flood” of queries sent by us to DNS root servers directly. Therefore, if a 3rd party is ever going to wiretap our DNS resolvers, it will be totally ineffective.

While most VPN users may not pay much attention to issues such as server quality and securing DNS queries, these details have a major impact on your privacy and security.

Website and support

The VPN.ac website is informative and straight-forward. It includes:

  • Useful VPN information
  • Privacy and security tips
  • Server status page
  • Detailed setup tutorials for different devices and platforms

Support – The support team is also top-notch based on all my interactions with them. They do not outsource support and handle all requests internally with their own professional staff.

vpn ac review support

Support is handled through tickets (email) and reply times were fast with all my inquiries (under 24 hours).

VPN.ac Review Conclusion

VPN.ac may just be one of the best-kept secrets in the VPN market. As a smaller provider that puts minimal emphasis on marketing, it does not get the attention it deserves. Nonetheless, VPN.ac is a very advanced VPN service that is built on a premium network of dedicated servers, giving you both security and high performance.

Despite being a less-known provider, VPN.ac offers an excellent service and will remain among the top VPNs recommended. You can also pick up a discounted subscription by selecting the two-year plan to save 62% off the monthly rate. All plans come with a 7 day money-back guarantee.

 

More VPN reviews

NordVPN Review

Leave a Reply

Your email address will not be published. Required fields are marked *