Recommendations for VPN provider

[Jack Yaz]

Hi,

Looking for recommendations for VPN providers that play nicely with Merlin. I currently use PIA, but have seen murmurings of them doing something odd with their IP/DNS, and I'm considering alternatives.

I've had a look at NordVPN, and found speeds are pretty good, depending on the server I use. Their P2P servers for example, halve my 200Mbps to 100Mbps.

Uses I have for VPN are: security/privacy, P2p (torrent/acestream), and videostreaming.

Can anyone recommend a good VPN provider to look at? Having googled it, every "comparison" review puts a different one on top....

 

[joegreat]

I vote for
- no. 1: Perfect-Privacy (the one with the dash between the two words) with best security and performance but it has it's price and
- no. 2: AirVPN with best price but lower performance and security.

 

[Irken Skoodge]

I use Airvpn and I'm very happy with it. I use the windows app and iPhone version and have no dns leaks. I also set it up at my house on my router. My speeds are always the same as my connection. 60 down 25 up. If your interested I posted my referral link but you can just go straight to the site.

 

[Jack Yaz]

I vote for
- no. 1: Perfect-Privacy (the one with the dash between the two words) with best security and performance but it has it's price and
- no. 2: AirVPN with best price but lower performance and security.

I dabbled with AirVPN previously, liked the service but 3 clients only was a put off (though this was before I had the Asus). Perfect-privacy sounds great from the website, I'm definitely going to give them a go,

 

[Viktor Jaep]

I've successfully used StrongVPN and PureVPN... but I'm a bit leery about using PureVPN at this point as it's actually a Chinese company that owns it. StrongVPN is US-based, log-less, and is fast enough for HD Netflix to work. I tested it again just now, and I'm getting about 50-70Mbps down, and about 20-25Mbps up with it.

 

[ATXCardsFan]

I use ExpressVPN. It’s a little on the pricey side but I continually get 30 mbps down. It’s the fastest service that I’ve used.

 

[CaptainSTX]

I've successfully used StrongVPN and PureVPN... but I'm a bit leery about using PureVPN at this point as it's actually a Chinese company that owns it. StrongVPN is US-based, log-less, and is fast enough for HD Netflix to work. I tested it again just now, and I'm getting about 50-70Mbps down, and about 20-25Mbps up with it.

I do better than that with StrongVPN. I can get 135 - 155 Mbps using my VPN appliance on my 180 Mbps connection though it seems to vary a lot depending on what server I am using and its distance from my actual location.

The fastest connection I have tied is using Astrill with their app on my PC. I can regularly pull 165 - 175 Mbps using a server 1,200 miles from my location. Running Astrill on a router and using a server 250 miles distant I normally get 55 - 65 Mbps.

 

[Rickyrsx]

I do better than that with StrongVPN. I can get 135 - 155 Mbps using my VPN appliance on my 180 Mbps connection though it seems to vary a lot depending on what server I am using and its distance from my actual location.

The fastest connection I have tied is using Astrill with their app on my PC. I can regularly pull 165 - 175 Mbps using a server 1,200 miles from my location. Running Astrill on a router and using a server 250 miles distant I normally get 55 - 65 Mbps.

I agree. I've tried NordVPN, Vyper, VPN.ac, VPNarea, but the best so far has been StrongVPN. I run the VPN through my router so I know my speeds can't compare with @CaptainSTX but I usually get around 45-50 Mbps download on my 100 Mbps connection. I've tried the others and either they had good speeds in the morning (~30 Mbps) but failed miserably in the evening (~10-15 Mbps) or they Netflix didn't play nice with them. So far StrongVPN gives me speed and Netflix (for the time being).

 

[Neil_Hines]

If NordVPN is working fine for you and giving you decent speeds then why do you want to switch to another VPN provider? Any specific reason? Moreover, when it comes to the requirements you've laid down, the very best VPN provider that is out there in terms of speed, security, streaming speed, customer service and reputation is Express VPN. Here are a detailed ExpressVPN review and test results and its analysis. Furthermore, I am currently an ExpressVPN user (previously NordVPN) and currently getting 17 MB our of 20MB connection when connected to a VPN server. (Conditions applied), So, that would be my two cents on the topic.

 

[Just Checking]

I am using PIA now and I am looking at other suppliers because of the speed hit. I just switched to a new ISP and service that gives me 290+Mbps Down and 25+Mbps Up (according to speedtest.net). When I turn on the PIA VPN on my PC (Xeon 1225v3, 4-core, 3.2GHz processor, SATAIII busses, 32GB ECC RAM,Gigabit LAN ports) my speeds drop to under 5Mbps Down and 15Mbps Up. That is a with the encryption running at the "recommended" settings (AES-128, SHA-1, RSA-2048) and using TCP. I can't even get a connection if I implement UDP. Many other VPNs implement much higher levels of encryption and PIA has encryption levels that go up to AES-256, SHA-256, and RSA-4096. When I try implementing this encryption level, I can't even get a measureable transfer speed.

I seem to remember reading some posts from a couple years ago that the maximum calculated speed from a Asus RT-AC68 router clocked to 1GHz was about 50 Mbps. I think that depends on the level of encryption used also.

What level of encryption are other people in the forum using for "total traffic" VPN's and what equipment set-up (router) is needed to get a reasonable transfer speed. I run Plex Servers and need the 25Mbps Upload speeds while also needing a minimum of 40Mbps Download. I run some backup servers and definitely need fast downloads just to service them in a timely fashion.

 

[RMerlin]

my speeds drop to under 5Mbps Down and 15Mbps Up

That looks abnormal to me. have you tried different servers?

Make sure it's not any QoS implementation interfering with your tunnel.

I never ran any speed test on my development PIA account, but I suspect it's faster than that even if running from my router. I usually do my test with servers from the eastern coast of America (since they are closest to me, and I'm not actively using the tunnel, so I don't care about the region/IP of the server).

I seem to remember reading some posts from a couple years ago that the maximum calculated speed from a Asus RT-AC68 router clocked to 1GHz was about 50 Mbps. I think that depends on the level of encryption used also.

I got those figures using AES-128-CBC and SHA1 digest, and running iperf locally between two computers over a tunnel. Can't remember if I had LZO enabled or not at the time. It was with the 800 MHz version, so the more recent 1 GHz version would be even faster.

 

[CaptainSTX]

Running StrongVPN on an AC1900P with a 1.4 Ghz processor I can get 60-70 Mbps down and 22 up on my 170/22 connection and that is with AES-256 encryption. My experiments with encryption levels have not had much of a measurable impact on speed. I'm sure if you take it to extreme levels it might bog the router down but not at the lower ranges I find sufficient.

I also got similar speeds when using Astrill.

If PIA offers a desktop app have you tested the speeds using that or are you setting the VPN connection up in Windows? If they have an app and you haven't tried it it might be worthwhile.

 

[doczenith1]

Your numbers seem low @Just Checking . What port are you connecting to that doesn't work with UDP? They have certain ports for each protocol and encryption level.

https://helpdesk.privateinternetacc...ings-should-I-use-for-ports-on-your-gateways-

I did some testing a while back (January 2017) and got the following speeds using the OpenVPN client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Connecting to PIA VPN servers on port 1198 via UDP.

AC3100 (1.4 Ghz dual core)
CTF (Cut Through Forwarding NAT Acceleration)
DL :74 Mbps with core 1 at 30%, core 2 at 85%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client (i5-2500K) I'm able to attain 250 Mbps down and 350 Mbps up (450 on some recent tests) on the same DSLReports HTML5 speed test.

The speed tests were conducted over a wired connection from the computer to the router.

Data encryption: AES-128-CBC
Data authentication: SHA1
Handshake: RSA-2048

 

[Rickyrsx]

If NordVPN is working fine for you and giving you decent speeds then why do you want to switch to another VPN provider? Any specific reason? Moreover, when it comes to the requirements you've laid down, the very best VPN provider that is out there in terms of speed, security, streaming speed, customer service and reputation is Express VPN. Here are a detailed ExpressVPN review and test results and its analysis. Furthermore, I am currently an ExpressVPN user (previously NordVPN) and currently getting 17 MB our of 20MB connection when connected to a VPN server. (Conditions applied), So, that would be my two cents on the topic.

NordVPN speeds were terrible. There were wild fluctuations in speed. Also, Canadian servers couldn't connect to Netflix when I did my trial period. I think there were some Chicago(?) or New York (?) servers that worked but since they're farther away from my location, speeds were very slow. I have read good reviews about ExpressVPN but they're a little bit on the expensive side ($8.32/month on a 12 month package), compared with StrongVPN ($5.83/month). It's not a deal breaker but cost was also one of the factors that made me choose Strong.

 

[Just Checking]

That looks abnormal to me. have you tried different servers?

Make sure it's not any QoS implementation interfering with your tunnel.

I never ran any speed test on my development PIA account, but I suspect it's faster than that even if running from my router. I usually do my test with servers from the eastern coast of America (since they are closest to me, and I'm not actively using the tunnel, so I don't care about the region/IP of the server).



I got those figures using AES-128-CBC and SHA1 digest, and running iperf locally between two computers over a tunnel. Can't remember if I had LZO enabled or not at the time. It was with the 800 MHz version, so the more recent 1 GHz version would be even faster.

Merlin,
Thanks for the Reply.

I do not use QOS on any Router or Access Points because of problems I previously encountered with getting all clients to connect easily and the desire to minimize overhead on the router CPU.

I ran the test using the PIA provided software directly on the PC (Lenova TS-140 server) that runs with a clean Windows 7 64-bit Pro OS (I like the interface better than MS Windows Server OS). I am using a Asus RT-AC68R router running the latest John's Fork firmware 27e and a Netgear CM600 24X8 modem with 20 bonded channels Down and 4 bonded channels Up. The encryption should be all through the TS-140 server.

I re-did the test with speedtest.net with, and without, the VPN engaged. PIA encryption with AES-256-CBC (or AES-128-CBC), SHA-1, R SA-2048, TCP
Without VPN tunnel/Encryption: 297 Mbps Down, 30 Mbps UP
With AES-256 Encryption: 4.5Mbps Down, 11Mbps Up
With AES- 128 Encryption: 39Mbps Down, 15 Mbps Up
I mis-stated the original numbers given as for AES-128 encryption. Those were actually for the AES-256-CBR encryption. The numbers stated above are the best numbers I got.

When I changed the SHA encryption to SHA-256, the hit was not as bad as when I changed the AES encryption from 128 to 256.

I re-ran the test several times connecting to alternate servers to find the maximum speeds possible. Without encryption, I get pings in the range of 10 ms. With encryption enabled, I get pings in the range of 90-100 ms. I connect to PIA servers in the USA. The default connection is to the USA Midwest. I also tried USA Chicago, Canada Toronto, Canada Montreal (these all seem to connect to the same server). I tried US East Coast, US Florida, US Texas, and US Silicon Valley. The later ones give slightly lower transfer rates with longer pings.

When I switched to the UDP from TCP setting and re-ran the tests, I was not able to get a connection. The speedtest.net program gave a "connection timed out" indication and repeatedly asked for a retest. I am not sure why that change would have such an impact on transfer speeds.

From other posts I have read, the OpenVPN software only utilizes 1 core/1 thread. The encryption/decryption should be mostly dependent on the clock speed of the microprocessor and the calculation efficiency of the core up to the limits set by the VPN provider. Therefore, the Xeon processor running at 3.2GHz clock (3.5GHz turbo) should be much faster at encryption/decryption than the 800MHz processor in the RT-AC68 router unless the calculation efficiency of the processor in the router is 4X that of the Xeon processor.

I realize that there is a severe performance loss using a encrypted VPN, I just didn't think it would be that much. I want to implement whole location encryption since there are multiple clients/users on the network that are not under my control and I have received several notices of copyrite infringement (not sure which user did the downloads). Using a VPN on all traffic would let me prevent any more notices. Another option would be to implement a proxy server. That doesn't give security/encryption but should prevent further notices if I also implement an IP mask. Thoughts about this would be appreciated. I would also be interested in comments about implementing a general proxy server and IP Mask on the whole network, then having a VPN/encryption on individual client devices where more security (business confidential communication/data transfer) is necessary.

 

[Just Checking]

Running StrongVPN on an AC1900P with a 1.4 Ghz processor I can get 60-70 Mbps down and 22 up on my 170/22 connection and that is with AES-256 encryption. My experiments with encryption levels have not had much of a measurable impact on speed. I'm sure if you take it to extreme levels it might bog the router down but not at the lower ranges I find sufficient.


Reply:
I did find a significant change in speed with different levels of encryption.
I re-did the test with speedtest.net with, and without, the VPN engaged. PIA encryption with AES-256-CBC (or AES-128-CBC), SHA-1, R SA-2048, TCP
Without VPN tunnel/Encryption: 297 Mbps Down, 30 Mbps UP
With AES-256 Encryption: 4.5Mbps Down, 11Mbps Up
With AES- 128 Encryption: 39Mbps Down, 15 Mbps Up

I also got similar speeds when using Astrill.

If PIA offers a desktop app have you tested the speeds using that or are you setting the VPN connection up in Windows? If they have an app and you haven't tried it it might be worthwhile.

Reply:
I am using the desktop app on the server. I have not been successful implementing OpenVPN on my main router, yet.

I looked at the website of the StrongVPN provider but was able to get information on the levels of encryption used. The VPN rating articles that I found do not list StrongVPN so I could not find information on things like the company location, exactly what is covered for logging (they state they do not log in one sentence on their website. What does that mean?), what DNS servers they use and what kind of logging is used for that, and finally no anonymous ways to pay. StrongVPN only has a more limited number of cities and servers (according to their website). There is a lack of information about implementation on different devices (Windows, IOS, Android) on the website.

All this makes me somewhat wary of evaluating this StrongVPN provider.

 

[Just Checking]

Your numbers seem low @Just Checking . What port are you connecting to that doesn't work with UDP? They have certain ports for each protocol and encryption level.

https://helpdesk.privateinternetacc...ings-should-I-use-for-ports-on-your-gateways-

I did some testing a while back (January 2017) and got the following speeds using the OpenVPN client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Connecting to PIA VPN servers on port 1198 via UDP.

AC3100 (1.4 Ghz dual core)
CTF (Cut Through Forwarding NAT Acceleration)
DL :74 Mbps with core 1 at 30%, core 2 at 85%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client (i5-2500K) I'm able to attain 250 Mbps down and 350 Mbps up (450 on some recent tests) on the same DSLReports HTML5 speed test.

The speed tests were conducted over a wired connection from the computer to the router.

Data encryption: AES-128-CBC
Data authentication: SHA1
Handshake: RSA-2048

Wow!
I am envious that you are able to get 350Mbps UP. The maximum DSL service I am able to get is 40Mbps Down and 20Mbps Up. According to the ISP (Centurylink), Gigabit speeds will not be available in my area for several years (if ever). The fastest Cable service available to me is 1Gbps down, 125Mbps Up. I have never seen advertised ISP service in any city of the 20+ large cities in the USA I evaluated which had faster Upload speeds than Download speeds.

Being able to do remote backups at those speeds must be wonderful.

Your comment on the port used (1198) is interesting. I will have to try setting the port manually and see what effect of that is on the speed. I will also have to make sure that port is open.

 

[RMerlin]

Thoughts about this would be appreciated.

There's no real way around this - if the bottleneck is the router's CPU (as indicated by the difference of performance between AES-128-CBC and AES-256-CBC), then you need to replace it with something more powerful.

 

[Just Checking]

There's no real way around this - if the bottleneck is the router's CPU (as indicated by the difference of performance between AES-128-CBC and AES-256-CBC), then you need to replace it with something more powerful.

The test results I provided are with the PIA VPN implemented directly on the server, not in the router. I am not sure where I can find a "consumer class" router with a CPU clocked at 3.2GHz. The fastest CPU in a consumer router I have found is a 1.8GHz Dual Core. From what a previous post stated, processor clock speed, not the number of cores or threads is the determining factor for the OpenVPN implementation. If that were true, then running the PIA VPN on my Xeon 1225v3, 3.2GHz server should leave those routers in the dust for encryption/decryption performance. That may be true with all other things being equal. From the numbers that other SNB Members have stated, there are other factors which may be equally important to CPU clock speed. When I test the transfer speed using a Samsung Galaxy S7 with a 2.1GHz Quad Core Snapdragon CPU connected by 5GHz wireless to an Asus RT-AC68 router, I can get 190Mbps Down and 27Mbps Up without VPN encryption (as measured by the Speedcheck Pro app). After turning on the PIA VPN encryption, I measured 10-17Mbps Down and 15-20Mbps Up (These numbers are highly variable). I also tried the PIA VPN implementation on a HP Elitebook 8470p Laptop with an i7-3350 3.0GHz processor with a Gigabit Ethernet connection to a RT-AC68 router. Without encryption I get 290+Mbps Down/30Mbps UP. With the PIA VPN AES-128-CBR encryption enabled I measure 28-32Mbps Down, 25 Mbps Up.

Perhaps the OpenVPN implementation of the encryption/decryption is different between VPN suppliers. Perhaps the PIA OpenVPN software that I use on the client devices is not as efficient as the OpenVPN implementation done here on these Asus routers. All I know is that I am not able to get the speeds other members like CaptainSTX or doczenith1 have been getting when I use the PIA VPN software implementation on any of the client devices I have tried.

 

[RMerlin]

I am not sure where I can find a "consumer class" router with a CPU clocked at 3.2GHz.

You can't. You have to build your own, around something like pfsense/Shorewall/etc... Newer CPUs also typically have hardware-accelerated AES support. That's why for instance a 1.8 GHz RT-AC86U is able to reach 200 Mbps through an OpenVPN tunnel. If you build your own firewall around pfsense, you have to ensure that the CPU has hardware AES support - most Atoms don't.

Note that for our tests, we usually use something like iperf through the tunnel, which is a best-case scenario. Performance can vary depending on the type of data you transfer, how many separate streams, and whether you enable or not LZO compression.

Only other thing I can suggest is to make sure you configure the router to use VPN client 1, 3 or 5. Client 2 and 4 will use the same CPU core as the router's switch, so you will lose some performance.