In this approach, the firewall must be configured with input and output filters on its Internet and perimeter network interfaces to allow the passing of tunnel maintenance traffic and tunneled data to the VPN server. Additional filters can allow the passing of traffic to Web servers, FTP servers, and other types of servers on the perimeter network. As an added layer of security, the VPN server should also be configured with PPTP or L2TP/IPSec packet filters on its perimeter network interface as described in “VPN Server in Front of a Firewall” in this section.

Final Verdict – NordVPN is easily one of the best all-around providers. I would especially recommend this VPN for users that value their privacy. The encryption protocols, jurisdiction, and logging policies of NordVPN make it the perfect VPN for users concerned about their privacy. And its Double VPN feature makes it stand out from the crowd, something I have covered in detail in NordVPN review.


It is our business to make safety and caution for our free VPN service the number one priority. We are constantly working to understand and develop new technology that keeps our users safe, without requiring costly fees or lengthy sign-up features. We want to keep you and your family safe without you having to give up any freedom. We would never limit these rights and don’t believe in setting limits. That is not our business.

Some VPNs offer great service or pricing but little to no insight into who exactly is handling them. We considered feedback from security experts, including the information security team at The New York Times (parent company of Wirecutter), about whether you could trust even the most appealing VPN if the company wasn’t willing to disclose who stood behind it. After careful consideration, we decided we’d rather give up other positives—like faster speeds or extra convenience features—if it meant knowing who led or owned the company providing our connections. Given the explosion of companies offering VPN services and the trivial nature of setting one up as a scam, having a public-facing leadership team—especially one with a long history of actively fighting for online privacy and security—is the most concrete way a company can build trust.
If you’re on a heavily managed Internet connection, be it government censored or just college Wi-Fi, standard VPN connections may be blocked or throttled due to deep packet inspection, a way for providers to analyze what type of traffic is passing over a network even when they can’t see the actual contents. IVPN’s desktop apps include a checkbox for Obfsproxy, which disguises your traffic as more ho-hum data to get it past those types of blocks—like kids stacked in a trenchcoat to pass as an adult, but more convincing. Our budget pick, TorGuard, and competitor ExpressVPN use different methods to disguise traffic, but we couldn’t find documentation on equivalent features from our other top performers.
We always advise our readers to take speed tests with a grain of salt; too many factors are at play but believe me there’s no such thing as the “fastest VPN,” no matter how many companies claim. While reviewing VPNs, we test the internet speed using different tools that measure three essential elements; latency, download speeds, and upload speeds. We compare VPNs, keeping these three areas into mind.
Using a VPN is a little trickier for ChromeOS users, however. While Google has worked to make it easier to use a VPN with a Chromebook or Chromebox, it's not always a walk in the park. Our guide to how to set up a VPN on a Chromebook can make the task a bit easier, however. In these cases, you might find it easier to install a VPN plug-in for the Chrome browser. This will only secure some of your traffic, but it's better than nothing.
Even if none of the above really sound right to you, you can still benefit from using a VPN. You should definitely use one when you travel or work on an untrusted network (read: a network you don’t own, manage, or trust who manages.) That means opening your laptop at the coffee shop and logging in to Facebook or using your phone’s Wi-Fi to check your email at the airport can all potentially put you at risk.
The sheer amount of VPN jargon can be overwhelming, even if you are pretty tech-savvy. Do look out for OpenVPN though, as this connection protocol offers the best overall blend of speed and security. Ignore talk of military or bank-grade encryption and just look for AES-256, as that’s the gold standard. Unless you know your DNS from your IPv6, a VPN killswitch is the main thing to look out for among security features as it will protect you from exposing your real IP address should your connection drop unexpectedly.
Security is second to none with NordVPN. Its kills switch feature always monitors traffic between devices and the VPN servers. If for some reason, the data stream breaks, the kill switch will automatically terminate the connection, ensuring that your traffic is protected from prying eyes. Also, a DNS leak feature changes your DNS to point to the VPN server, ensuring that hackers cannot steal data from your default DNS.

Logging Policy – IPVanish has been involved in a case where the company handed over user information to Homeland Security. The user was suspected of involvement in child pornography. Again, commenting on the decision of IPVanish to assist agencies in catching a suspect is an ethical gray area that I choose my readers to discuss on what they think in the comment section. However, the brand has since changed ownership with the company StackPath. The CEO of the company clearly stated that they are committed to the no logs policy. I think they deserve the benefit of the doubt considering that they weren’t a part of IPVanish when the case occurred.


Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is an EAP type that is used in certificate-based security environments. If smart cards are used for remote access authentication, EAP-TLS is the required authentication method. The EAP-TLS exchange of messages provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the remote access client and the authenticator. EAP-TLS provides the strongest authentication and key-determination method.
OVPN was regularly the fastest VPN in our tests regardless of the time of week or location. We also liked the app’s clean design and its simple and well-labeled settings pane. But OVPN is a small startup with a limited server network: At this writing, the company has servers in just seven countries, none in Asia. That makes it less versatile for finding less congested routes or geoshifting. OVPN also hasn’t released an Android app yet, so even non-iOS device owners will have to resort to the clunky, third-party OpenVPN Connect app on their phones. When we reached out for details about the company’s operational security, founder and CEO David Wibergh was open to questions and gave us answers that led us to believe that the company acted in the best interest of its customers’ privacy and security. He noted that after an uptick in data requests from local authorities in Sweden—all of which OVPN responded to by explaining that it lacked any pertinent data—the company published a blog post to detail just how little information it keeps.
If you're using a service to route all your internet traffic through its servers, you have to be able to trust the provider. Established security companies, such as F-Secure, may have only recently come to the VPN market. It's easier to trust companies that have been around a little longer, simply because their reputation is likely to be known. But companies and products can change quickly. Today's slow VPN service that won't let you cancel your subscription could be tomorrow's poster child for excellence.
×