What is a VPN? Why you should use one? What are the best VPN options out there?

What is a VPN?

A Virtual Private Network (VPN) allows the user to extend a private network over a public network thus allowing the users to send and receive data securely even on unsecured public connections.

VPN basically creates a tunnel between the user and the internet through which all the data is sent and received, thereby encrypting the data.

Why you should start using one?

1. It secures your computer’s internet connection to guarantee that all of the data you are sending and receiving is encrypted and secured from prying eyes.

      2. It gives the user complete privacy by hiding their real IP address.

     3. Some VPN services also provide DNS leakage protection which is actually one very good security feature to go for.

    4. It helps the user to  bypass Regional Restrictions on data, for example the user can watch netflix content of some other nation or he/she can open a website which he/she earlier was unable to.

   5. It keeps the user away from the prying eyes of the govt and ad agencies.

  6. Some VPN services provide NAT Firewall and DDos protection, which are very good features.

What makes a good VPN?

The best VPNs offer a solid balance of features, server location, connectivity protocols, and price. Some are great for occasional use, others are geared towards getting around the location restrictions companies put on their apps and services, and others are targeted at people who do heavy downloading and want a little privacy while they do it. Here’s what you should look for:-

• 1. Encryption Protocol: 
• When you’re researching a VPN, you’ll see terms like SSL/TLS (sometimes referred to as OpenVPN support,) PPTP, IPSec, L2TP, IKEv2.

PPTP

Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks, and as such has long been the standard protocol for internal business VPN. It is a VPN protocol only, and relies on various authentication methods to provide security (with MS-CHAP v2 being the most common). Available as standard on just about every VPN capable platform and device, and thus being easy to set up without the need to install additional software, it remains a popular choice both for businesses and VPN providers. It also has the advantage of requiring a low computational overhead to implement (i.e. it’s quick).

However, although now usually only found using 128-bit encryption keys, in the years since it was first bundled with Windows 95 OSR2 back in 1999, a number of security vulnerabilities have come to light, the most serious of which is the possibility of unencapsulated MS-CHAP v2 Authentication. Using this exploit, PPTP has been cracked within 2 days, and although Microsoft has patched the flaw (through the use of PEAP authentication), it has itself issued a recommendation that VPN users should use L2TP/IPsec or SSTP instead.

Knowing that PPTP was insecure anyway, it came as no surprise to anybody that the NSA almost certainly decrypts PPTP encrypted communications as standard. Perhaps more worrying is that the NSA has (or is in the process of) almost certainly decrypted the vast amounts of older data it has stored, which was encrypted back when even security experts considered PPTP to be secure.

– Client built-in to just about all platforms

– Very easy to set up

– Fast

– Not at all secure (the vulnerable MS CHAPv2 authentication is still the most common in use)

– Definitely compromised by the NSA

L2TP and L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that on its own does not provide any encryption or confidentiality to traffic that passes through it. For this reason it is usually implemented with the IPsec encryption suite (similar to a cipher, as discussed below) to provide security and privacy.

L2TP/IPsec is built-in to all modern operating systems and VPN capable devices, and is just as easy and quick to set up as PPTP (in fact it usually uses the same client). Problems can arise however, because the L2TP protocol uses UDP port 500, which is more easily blocked by NAT firewalls, and may therefore require advanced configuration (port forwarding) when used behind a firewall (this is  unlike SSL which can use TCP port 443 to make it indistinguishable from normal HTTPS traffic).

IPsec encryption has no major known vulnerabilities, and if properly implemented may still be secure. However, Edward Snowden’s revelations have strongly hinted at the standard being compromised by the NSA, and as John Gilmore (security specialist and founding member of the Electronic Frontier Foundation) explains inthis post, it is likely that it has been been deliberately weakened during its design phase.

L2TP/IPsec encapsulates data twice which slows things down, but this is offset by the fact that encryption/decryption occurs in the kernel and L2TP/IPsec  allows multi-threading (which OpenVPN does not.) The result is that L2TP/IPsec is theoretically faster than OpenVPN.

– Usually considered very secure but see cons

– Easy to set up

– Available on all modern platforms Cons

– Faster than OpenVPN

– May be compromised by the NSA (unproven)

– Likely deliberately weakened by the NSA ( unproven)

– Can struggle with restrictive firewalls

OpenVPN

OpenVPN is a fairly new open source technology that uses the OpenSSL library andSSLv3/TLSv1 protocols, along with an amalgam of other technologies, to provide a strong and reliable VPN solution.  One of its major strengths is that it is highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes traffic on it impossible to tell apart from traffic using standard HTTPS over SSL (as used by for example Gmail), and it is therefore extremely difficult to block.

Another advantage of OpenVPN is that the OpenSSL library used to provide encryption supports a number of cryptographic algorithms (e.g. AES, Blowfish, 3DES,  CAST-128, Camellia and more), although VPN providers almost exclusively use either AES or Blowfish. 128-bit Blowfish is the default cipher built into OpenVPN, and although generally considered secure, it does have known weaknesses, and even its creator was quoted in 2007 as saying ‘at this point, though, I’m amazed it’s still being used. If people ask, I recommend Twofish instead’.

AES is the newer technology, has no known weaknesses, and thanks to its adoption by the US government for use in protecting ‘secure’ data, is generally considered the ‘gold standard’ when it comes to encryption.  The fact that it has a 128-bit block size rather than Blowfish’s 64-bit block size also means that it can handle larger (over 1 GB) files better than Blowfish. However, both ciphers are NIST certified, which while not widely recognized as problem, we have issues with. See below for a discussion about this.

How fast OpenVPN performs depends on the level of encryption employed, although technically speaking IPSec is faster than OpenVPN because encryption/decryption is performed in the kernel, and because it allows for multi-threading, which OpenVPN does not.

OpenVPN has become the default VPN connection type, and while natively supported by no platform, is widely supported on most through third party software (including  both iOS and Android).

Compared to PPTP and L2TP/IPsec, OpenVPN can be a bit fiddly to set up (although this is a very very subjective judgement.) When using generic OpenVPN software in particular (such as the standard open source OpenVPN client for Windows), it is necessary to not only download and install the client, but also to download and setup additional configuration files. Many VPN providers get around this configuration problem by supplying customized VPN clients.

Although no-one knows the full capabilities of the NSA for sure, both the evidence and the mathematics strongly point to OpenVPN, if used in conjunction with a strong cipher and ephemeral keys, being the only VPN protocol that can be considered truly secure. Unfortunately, not all VPN providers use PFS when implementing OpenVPN…

– Highly configurable

– Very secure (probably even against the NSA, if Perfect Forward Secrecy is used)

– Can bypass firewalls

– Can use a wide range of encryption algorithms

– Open source (and can therefore be readily vetted for back doors and other NSA style tampering)

– Needs third party software

– Can be fiddly to set up

– Support on mobile devices is improving, but is not as good as on the desktop

SSTP

Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows-only platform (and there is a snowball’s chance in hell of it ever appearing on an Apple device!*). SSTP uses SSL v3, and therefore offers similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall issues), and because it is integrated into Windows may be easier to use and more stable.

However unlike OpenVPN, SSTP is a proprietary standard owned by Microsoft. This means that the code is not open to public scrutiny, and Microsoft’s history of co-operating with the NSA, and on-going speculation about possible backdoors built-in to the Windows operating system, do not inspire us with confidence in the standard.

– Very secure  (depends on cypher, but usually very strong AES)

– Completely integrated into  Windows (Windows Vista SP1, Windows 7, Windows 8)

– Microsoft support

– Can bypass most firewalls

– Only really works in a Windows only environment

– Proprietary standard owned by Microsoft so cannot be independently audited for back doors and suchlike

IKEv2

Internet Key Exchange (version 2) is an IPSec based tunnelling protocol that was jointly developed by Microsoft and Cisco, and which is baked into Windows 7 and above. The standard is supported by Blackberry devices, and independently developed (and largely compatible) versions of IKE have been developed for Linux (through various open source implementations) and other operating systems. As always, we are wary of anything developed by Microsoft, but if open source versions are used then there should be no problem.

Dubbed VPN Connect by Microsoft, IKEv2 is particularly good at automatically re-establishing a VPN connection when users temporarily lose their internet connections (such as when entering or leaving a train tunnel).

Mobile users in particular, therefore, benefit the most from using IKEv2, which, because of its support for the Mobility and Multihoming (MOBIKE) protocol, also makes it highly resilient to changing networks. This is great news for cell phone users, for example, who connect their smart phones to a WiFi network while at home, but switch to mobile data use when out and about, or who regularly switch between hotspots.

IKEv2 is even more useful to Blackberry users, as it is one of the few VPN protocols supported by Blackberry devices.

It is not as ubiquitous as IPSec (it is supported on much fewer platforms), but is IKEv2 is considered at least as good as, if not superior to, L2TP/IPsec in terms of  security, performance (speed), stability and the ability to establish (and re-establish) a connection.

IKEv2 is also a very good (secure and fast) protocol, especially for mobile users who may even prefer it to OpenVPN thanks to its improved ability to reconnect when an internet connection is interrupted. For Blackberry users, it is pretty much the only option available.

– Faster than PPTP, SSTP and L2TP, as it does not involve the overhead associated with Point-to-Point protocols (PPP)

– Very stable – especially when switching network or reconnecting after a lost internet connection

– Very secure – supports AES 128, AES 192, AES 256 and 3DES ciphers

– Easy to setup (at least at the user-end!)

– Protocol is supported on Blackberry devices

– Uses Perfect Forward Secrecy

– Not supported on many platforms

– Implementing IKEv2 at the server-end is tricky, which is something that could potentially result in issues developing

• 2. Corporate and Exit Locations: Depending on what you’re using a VPN for, your service’s location—and the exit locations you can choose—are important to consider. If you want to get around a location restriction and watch live TV in the UK, for example, you want to make sure your VPN service provider has servers in the UK. If you’re concerned about privacy or state-sponsored snooping, you may want to pick a service operated outside of your home country. Similarly, if the service is based on the US, they’re subject to US laws, and may be forced to turn over usage data to the authorities upon request. Many people make more of this than they should (we’ve seen overseas services turn over their data to friendly governments without any hesitation repeatedly), but it’s important to make sure a VPN has servers in multiple locations—or at least the location you’re interested in—when shopping.
• 
  
• 3. Logging: When you connect to a VPN, you’re trusting the VPN service provider with your data. Your communications may be secure from eavesdropping, but other systems on the same VPN—especially the operator—can log your data if they choose. If this bothers you (e.g., you’re the privacy/security advocate or the downloader), make absolutely sure you know your provider’s logging policies before signing up. This applies to location as well—if your company doesn’t keep logs, it may not matter as much where it’s located. (There’s a popular rumor that US-based VPN providers are required to log, in case the government wants them. This isn't true but the government can always request whatever data they have if they do log.) For a good list of VPN providers that don’t log your activities when connected (and many that do), check out this TorrentFreak article.

• 
  
• Anti-Malware/Anti-Spyware Features: Using a VPN doesn’t mean you’re invulnerable. You should still make sure you’re using HTTPS whenever possible, and you should still be careful about what you download. Some VPN service providers—especially mobile ones—bundle their clients with anti-malware scanners to make sure you’re not downloading viruses or trojans. When you’re shopping, see if the providers you’re interested in offer anti-malware protection while you’re connected. For example, previously mentioned Hotspot Shield offers malware protection to its premium users. It may not be a dealbreaker for you, but it’s always good to have someone watching your back.
• Mobile Apps: If you’re going to spend money on a VPN service provider (or even if you use a free one, frankly), you should be able to get a consistent experience across all of your devices. Most prominent providers offer desktop and mobile solutions for individual users, and while corporate and school networks may be a bit behind the curve here, they’re catching up too. Make sure you don’t have to use two different VPNs with two different policies and agreements just because you want to secure your phone along with your laptop.
• Price: Finally, go into your user agreement with both eyes open. You should read the privacy policy for the service you’re interested in, and be very aware of the differences between free and paid services. For example:
• Free VPN Providers are more likely to log your activities and serve contextual ads while you’re connected. They’re also more likely to use your usage habits to tailor future ads to you, have fewer exit locations, and weak commitments to privacy. They may offer great features, but if logging and privacy are important to you, you may want to avoid them. However, if you just need quick, painless security while traveling on a budget, they’re a great option.
• Subscription VPN Providers usually take your privacy a bit more seriously, since you’re paying for the service. It’s unusual for them to show ads, although whether they do logging or store data about your usage varies from company to company. They usually offer free trials so you can give the service a shot first, but remember: just because you’re paying for a service doesn’t mean you shouldn’t do your homework.

Best VPN options for you

proXPN

Supports: Windows, OS X, iOS
Protocols: SSL, PPTP.
Home Country: United States, with exit servers in the US, The Netherlands, Singapore, and the UK.
Logging Policies: proXPN keeps minimal logs of your activity. proXPN collects your email address, payment information (if you’re a premium user,) bandwidth usage, connection duration, and login/logout times. They’ve committed to only keeping those logs for 14 days or less, and promise to never share their logs with anyone, period.
Price: proXPN has a free plan, which limits your transfer speeds to 300kpbs and restricts you to one exit location (Miami) in the United States. Premium accounts unlock support for PPTP (if you want to connect a mobile device or a router,) remove the transfer cap, and allows you to choose from any of the company’s other exit locations. Premium plans start at $10/mo, and you can read more about their pricing and plans here.

PureVPN

PureVPN gives you VPN access through more than 750 servers in over 140 countries, and, according to their privacy policy, keeps zero traffic logs for maximum anonymity. It works for Windows, Mac, Android, iOS, and Chrome users, and even lets you use your account on up to five device at the same time.

Like other VPN services, PureVPN supports unlimited server switching and access to every server available without reservation, regardless of the plan you're paying for. It also has a kill switch so that the whole connection is dropped if the VPN disconnects.

You can also split the VPN tunneling, which is helpful for having encryption on specific parts of your web habits while still using your regular network connection for other things. 

Something else unique that should be mentioned is their Virtual Router feature that lets you "convert" your Windows desktop or laptop into a virtual router so that up to 10 devices can connect to it for their VPN needs.

Visit PureVPN

Cost: PureVPN is much more affordable than most providers and gives a myriad of payment options, like gift cards, Alipay, PayPal, Bitpay, and more. The cheapest payment plan is their two year option for just $2.95/month (which is a one-time payment of around $70). Or, you can buy six months for what's equal to $8.95/month, or pay monthly for $10.95/month.

NordVPN

NordVPN is a unique VPN service because it encrypts all your traffic twice and claims to have the "tightest security in the industry." It also has a strict no-log policy and a kill switch that can automatically disconnect you from the internet if the VPN disconnects, to make sure your information isn't exposed.

Some other notable features supported by this VPN company is a DNS leak resolver, servers in over 50 countries, no bandwidth throttling of P2P traffic, and dedicated IP addresses.

You can use your NordVPN account on six devices at once, which is more than what most VPN services support. The VPN can be used on a number of devices, including Windows, Mac, Linux, BlackBerry, iPhone and Android.

Visit NordVPN

Cost: To pay for NordVPN on a monthly basis will cost you $11.95/month. However, you can get it cheaper at $7.00/month or $5.75/month if you buy six or twelve months at once for $42.00 or $69.00, respectively. There's a 30 day money back guarantee and a free trial option.

You can pay for NordVPN by Bitcoin, PayPal, credit card, Mint, and other methods. 

VyprVPN by Golden Frog

VyprVPN is a quality VPN service with over 700 servers spanning six continents. Unlike some VPN services, you won't find any download or server switching caps. 

Being an offshore company incorporated in the Bahamas and based in Switzerland, there is less likelihood of the VyprVPN server logs being examined under the US PATRIOT Act. VyprVPN even claims to defeat high-censorship controls like in China because of their proprietary Chameleon technology.

Plus, their VyprDNS service provides encrypted, zero-knowledge DNS to their users. 

VyprVPN also supports OpenVPN, L2TP/IPsec, and PPTP protocols, a NAT firewall, and 24/7 support. Users with iPads and Android devices will definitely appreciate the VyprVPN mobile VPN apps. 

Visit VyprVPN

Cost: There's a 500 MB free trial you can grab without needing a credit card. Otherwise, you can pay for VyprVPN every month for $9.95 /month (or buy a year at once to bring that down to $5.00/month). Additional, there's a Premium plan for $12.95 /month (or $6.67/month when billed annually) that lets you use your account on up to five devices at once, plus it supports Chameleon.

You can pay for VyprVPN with a credit card, PayPal, or Alipay.

Avast SecureLine VPN

Avast is well known for its extremely popular antivirus program, and even offers one for free, that protects computers against malware. It's no surprise, then, that they have a VPN service to encrypt and secure internet traffic.

Some of the server locations supported with this VPN service includes Australia, Germany, Czech Republic, Mexico, Russia, several US states, Turkey, the UK, and Poland.

Because of the variety of supported servers, it easy to bypass location-based restrictions often seen when streaming online video or accessing certain websites. Also, P2P traffic is supported on some of them.

The software is available for Windows, Mac, Android and iOS platforms. It uses AES 256-bit encryption with OpenSSL certificate authentication and does not display ads while you browse the internet. Avast does not keep track of the online activity that its SecureLine subscribers partake in.

Visit Avast SecureLine VPN

Cost: There's a free 7 day trial of Avast's VPN service, after which you must pay for it by month or year. The monthly cost is $7.99 while a one year payment is $59.99, which comes out to be around $5.00/month. Pay $109.99 for two years up front to make that monthly equivalent drop down to around $4.60, or three years for $4.44/month (when you pay $159.99).

To use SecureLine on more than one computer is cheaper if you pay for those additional devices up front. For example, paying for one PC for one year is $59.99, but adding just two additional computers to the mix makes is just a ten dollar per year increase.

You must use a credit card or PayPal account to buy this VPN service.

TunnelBear VPN

TunnelBear is an interesting Canadian VPN service for a couple of philosophical reasons. For one, they believe that "user logging is evil,"  and that setup and daily use should be as easy and automated as possible.

To deliver on their first promise, TunnelBear employs a policy of no-logging for all their users, free and paid. They don't collect IP addresses of people who visit their site nor do they store information on the applications, services, or websites that subscribers connect to through TunnelBear.

As for their second belief, Tunnelbear employs very simple interfaces and automated settings (decorated with cute bears, of course) that make installing and using their VPN software very easy and non-intimidating to the average user.

TunnelBear also offers some interesting tech features that users will find helpful for additional privacy protection:

• Vigilant Mode is a safeguard against those small windows of exposure when your Wi-Fi or VPN connection drops. The program can block traffic until the connection is restored.
• The closest VPN server will connect you to the TunnelBear service if you're not sure which one to choose.
• You don't have to worry about reconnected at startup because TunnelBear will start with your computer.
• Intellibear lets you selectively VPN into websites you want to be private, while browsing with no-VPN on other sites
• Maul Trackers offers ongoing blacklisting of known trackers from ever seeing your signal.   

TunnelBear's speed performance is in the range of 6-9 Mbps, which is pretty good for a VPN service. It supports PPTP and has servers in more than 15 countries, and apps are available for both desktop and mobile devices.

Visit TunnelBear

Cost: The free plan gives you 500 MB of data each month while TunnelBear Giant and Grizzly offer unlimited data. The two plans are identical except that with Giant, you can pay on a monthly basis for $9.99/month while Grizzly comes out to be $4.17/month (but you have to pay a whole year in advance).

Credit cards and Bitcoin are the supported payment options.

MY PERSONAL FAVOURITE VPN SERVICE

NORD VPN

Pros

    Multiple device support

    Responsive customer support

    Unlimited bandwidth

    DNS leak solver

    Zero logging policy

Final Verdict

I hope you found my NordVPN review useful.

I truly think this VPN service can be a great tool in your virtual armory by keeping yourself anonymous and safe.

I have tried it and found good. If you want to try it out, you can ask for a 3 days trial period through their live chat feature.

Also currently it has a discount period going on in which you can get it's world class service for 2 years at just 79 dollars(billed once in two years) or 3.29 dollars per month.

For more information visit here.