EAP-TLS is an IETF standard (RFC 2716 in the IETF RFC Database for a strong authentication method based on public-key certificates. With EAP-TLS, a client presents a user certificate to the server, and the server presents a server certificate to the client. The first provides strong user authentication to the server; the second provides assurance that the VPN client has reached a trusted VPN server. Both systems rely on a chain of trusted certification authorities (CAs) to verify the validity of the offered certificate.
This is when the VPN uses a gateway device to connect to the entire network in one location to a network in another location. The majority of site-to-site VPNs that connect over the internet use IPsec. Rather than using the public internet, it is also normal to use career multiprotocol label switching (MPLS) clouds as the main transport for site-to-site VPNs.
Welcome to the CNET 2018 Directory of VPN providers. In this directory, we're taking a look at a few of the very best commercial VPN service providers on the Internet like CyberGhost, IPVanish, Buffered, Private Internet Access and others. Rather than looking at the wide range of free providers, which often have a lot of limits (and dubious loyalties), we are looking at those vendors who charge a few bucks a month, but put your interests first, rather than those of shadowy advertisers and sponsors. Our VPN rankings are based more than 20 factors including number of server locations, client software, dedicated and dynamic IP, bandwidth caps, security, logging, customer support and price.
IVPN also performed well in our speed tests. Though it wasn’t always the fastest in the 54 measurements we took on each service, it ranked near the top on many servers at different times of the week—especially compared with the most trustworthy services. Private Internet Access, one of the most visible, privacy-focused VPNs, had slower speeds when connecting to most servers and less reliable connections than IVPN. For US servers (which we expected to be the fastest locations since we tested from California), IVPN ranked behind only OVPN and TorGuard. We liked OVPN—especially its speed results—but we thought that company’s small team and small selection of servers and locations were too limiting for some people. (Read more in the Competition section.) Though TorGuard edged out IVPN in this test, the difference wasn’t big enough to affect our everyday browsing. And because we tested each application at its default settings, TorGuard’s faster speeds were partially thanks to its default 128-bit encryption; IVPN offers only more secure, but often slower, 256-bit encryption.
TorGuard was consistently one of the fastest services we tested. When we averaged three tests performed at different times of the week with Internet Health Test, TorGuard was the fastest service when connecting in the UK and Asia, the second fastest in the US, and the third fastest in Central Europe. OVPN was the next most consistent, but that company’s small network doesn’t have any servers in Asia, and it ranked fifth in the UK. Our top pick, IVPN, was the third most consistently fast after TorGuard and OVPN. However, we tested with each app’s default settings—since we expect most people won’t change them—and TorGuard’s default 128-bit encryption gives it an advantage in speed tests over VPNs that default to 256-bit encryption, as most services do. Still, we think 128-bit encryption is fine for most people who prioritize speed, and TorGuard’s consistency makes it a good value as our budget pick.
TorGuard offers applications for every major platform, including Windows, macOS, and Android. And unlike our top pick, it also supports OpenVPN on ChromeOS. (Though TorGuard does offer an iOS app, it doesn’t natively support the OpenVPN protocol that allows for the easiest and most reliable secure connections.) Using these apps, you can manually select a server, click Connect, and not worry about the rest. But otherwise, the applications aren’t as refined or easy to use as IVPN’s. New users are likely to find themselves out of their depth when modifying anything but the most basic functions, such as auto-connecting at launch or minimizing the app.
The encryption and decryption processes depend on both the sender and the receiver having knowledge of a common encryption key. Intercepted packets sent along the VPN connection in the transit network are unintelligible to any computer that does not have the common encryption key. The length of the encryption key is an important security parameter. Computational techniques can be used to determine the encryption key. Such techniques require more computing power and computational time as the encryption key gets larger. Therefore, it is important to use the largest possible key size.
VPNArea is one of the few providers that offers dedicated IP addresses in various countries around the world, as listed on their website. It also allows account sharing (six simultaneous connections permitted). VPNArea continues to improve and remains an excellent choice for privacy-focused users. Check out their discount pricing for annual plans. [Learn more >]
Since we first recommended IVPN in the spring of 2018, the company has added automatic server selection to its desktop applications, bringing it in line with other top-performing VPN apps. Alternatively, when you click on the location at the bottom of the app, you’ll see a list of all of the global IVPN server locations, color coded by speed. At the top of the list is an option to connect to the fastest one, and once selected, the app remembers your preference through future disconnects and reboots. You can also use IVPN’s multihop servers to route your traffic through two VPN servers—a feature unique to IVPN among the services we tested—though we don’t think this step is necessary for most people, given the slower speeds you’ll likely experience.
IVPN was one of the fastest providers when we tested US servers using the Internet Health Test. Our budget pick, TorGuard, was faster, but it defaults to the less secure 128-bit encryption. Our non-VPN connection tested at roughly 300 Mbps down. Some tested services are not listed because connection failures prevented some of our tests from completing.
When you download a file from a server without a VPN, there’s a chance you will encounter network congestion, most likely on your nearby ISP network or at the download server itself. When you use a VPN service, you add a third potential bottleneck to the route. Whether because of server load or congestion on the network surrounding the server, there’s a higher chance that your speed will be affected while connected to a VPN.
While VPNs are an important tool, they are far from foolproof. Let’s say you live in an oppressive country and want to evade censorship in order to access the unrestricted web. A VPN would have limited use. If you’re trying to evade government restrictions and access sites like Facebook and Twitter, a VPN might be useful. Even then, you’d have to be somewhat dependent on the government’s willingness to look the other way.
We recommend against using any so-called free VPN. Free VPN services tend to be significantly slower than their premium counterparts. Their servers are usually congested and the apps often impose bandwidth limits or data caps. Server selection is more limited as well. Besides speed, free VPNs often use shady practices to make money, such as collecting your browsing data to sell to third parties and injecting ads into browsers. Some even carry malware payloads to infect your device.
How much should a VPN cost? Hotspot Shield can be as little as £119.99 for a lifetime or £5.99 a month if you'd rather sign up for a year. For your money you get a decent range of features including up to five devices, private browsing, virtual locations and good if not stellar performance: we did notice a slight increase in latency when Hotspot Shield was enabled, although it wasn’t too dramatic. There’s a seven-day trial that gives you more than enough time to put it through its paces.
Ivacy is a Singapore-based VPN service. It is on the lower end of the spectrum in terms of the speeds it offers. Nonetheless, it has strong security mechanisms such as DNS leak protection and AES 256 bit encryption. Its servers are located in more than 100 countries in the world. Find a comprehensive review about Ivacy VPN for pros and cons of the service.
In an overcrowded VPN market, ExpressVPN continues to stand out from the rest and remains the top recommendation at Restore Privacy. It is based in the British Virgin Islands and offers secure, user-friendly apps for all devices. Extensive testing for the ExpressVPN review found it to be very secure, with exceptional speeds and reliability throughout the server network.
Prices – ProtonVPN offers a free version with unlimited bandwidth. This makes it one of the few free VPN services with unlimited bandwidth. Its paid versions are categorized as Basic, Plus, and Visionary, each of which progressively offers more advanced features than the one before it. The basic version costs $4/month, while the Plus and Visionary plans cost $8/month and $24/month respectively. Yep, it is quite expensive.
IPVanish wasn't the top performer in our 2017 round of testing, falling in about the middle of the pack. But it was one of the most reliable VPN services, connecting smoothly and staying connected every time we used it. IPVanish has excellent client software, although you can connect to the company's servers manually, and a decent array of about 850 connection points in 50 countries. However, its subscription price is kind of high, and its U.S. base may be a negative for some potential customers.
CyberGhost’s popular free tier might not offer amazing speeds, but its paid Pro tier is a real contender. It proved to be both quick and consistent in our speed tests. An “extra speed” feature can be toggled before you connect for an extra boost. Setup and use are novice-friendly, and live chat with customer support is available if you need a hand. Military grade encryption ensures all your data is safely tunneled to the VPN server, and CyberGhost does not store any logs of user activity or other identifiers.
Extensible Authentication Protocol-Message Digest 5 Challenge (EAP-MD5 Challenge) is a required EAP type that uses the same challenge handshake protocol as PPP-based CHAP, but the challenges and responses are sent as EAP messages. A typical use for EAP-MD5 Challenge is to authenticate the credentials of remote access clients by using user name and password security systems. EAP-MD5 Challenge can be used to test EAP interoperability.
VPNs are necessary for improving individual privacy, but there are also people for whom a VPN is essential for personal and professional safety. Some journalists and political activists rely on VPN services to circumvent government censorship and safely communicate with the outside world. Check the local laws before using a VPN in China, Russia, Turkey, or any country with with repressive internet policies.