It offers a high-quality, secure, no frills VPN service with awesome performance.
In this updated review I put VPN.ac’s new applications through multiple rounds of tests to see if it still meets these high standards. It did not disappoint.
VPN.ac is a Romania-based VPN service that provides users with advanced encryption, very secure apps, and excellent performance. Their server network consists entirely of dedicated premium servers with self-hosted DNS and gigabit bandwidth channels. VPN.ac also provides you with unique encryption protocols, double-hop server configurations, and secure proxy browser extensions.
The one drawback with VPN.ac is that they maintain minimal connection logs (no activity or session data). As they explain on their website, these logs are used for network security and support purposes and they are erased daily running a cron job. VPN.ac has an excellent track record and there is no reason to doubt their claims – as we will cover below.
- Dedicated bare-metal servers with self-hosted encrypted DNS
- Excellent speeds with plenty of available bandwidth
- Multi-hop (double VPN) server configurations (18)
- Great obfuscation features with many different encryption options
- Secure proxy browser extensions
- Minimal connection logs (no activity, erased daily)
How much does VPN.ac cost?
For a premium VPN service that uses only dedicated servers and offers excellent, secure applications, I consider VPN.ac to be one of the best values you will find.
Payment options – VPN.ac offers many payment options, including anonymous payment methods, such as Bitcoin and various gift cards:
- Credit cards
- 100+ US gift cards
- Mobile/SMS options and more…
Refund Policy – VPN.ac provides a 7 day money-back guarantee, which they clearly describe on the website:
7 days money back guarantee: We will refund your order if you can’t use our service or if you are not satisfied with it.
The refund policy is clear and does not contain any hidden exceptions or bandwidth clauses. See the details here on the website (under Legal).
Company information and jurisdiction
VPN.ac was created by a team of network security professionals in 2009.
They are transparent about the background of the company and their professional qualifications. From their website:
Each individual member of our team has over 14 years of experience in IT security, providing security audit and penetration testing services for both public and private customers, banks and military institutions.
Our experience in pentesting and security audit services is mainly what gives us an edge in keeping our infrastructure secure, because it is often the infrastructure implementation which is the weakest link of a VPN service.
Encryption/data security is something we are very familiar with, as a result of being a local supplier of some of most secure commercial encrypted storage devices, which are compliant with requirements for governmental and military use (FIPS 140-2 Level 3, Common Criteria EAL, NATO InfoSec, etc.)
They also provide the contact details and professional certifications of the parent company, Netsec Interactive Solutions, which is based in Sibiu, Romania.
Jurisdiction – VPN.ac falls under the jurisdiction and laws of Romania. Romania appears to be a solid jurisdiction when it comes to privacy. It is not a member of the 14 Eyes surveillance alliance, or a close ally of any major spying regimes.
Private data is also protected in Romania, with data retention being officially declared unconstitutional by the Romania Constitutional Court in 2014.
Overall this appears to be a good setup to protect customer data and privacy.
Platforms and applications
VPN.ac supports many different devices and platforms. They offer applications (clients) for Windows, Mac OS, iOS, and Android.
You can download the latest software directly from the website and also view the installation guides:
We will go into detail on the Windows, Mac OS and Android clients below.
Connections – VPN.ac allows 6 connections per subscription. For comparison, this is double the number you get with ExpressVPN, but less than the unlimited number of connections offered by Perfect Privacy.
Knowledge base – You can find many detailed guides in the knowledgeable dealing with a variety of topics:
- OpenVPN, IPSec/L2TP, IKEv2, and PPTP encryption protocols
- Router installation guides
- Secure proxy and Socks5 proxy setup
- Online privacy tips
- Troubleshooting guides
If you are interested in using a VPN on a router, VPN.ac is a solid choice because their premium network offers plenty of bandwidth, high security, and excellent speeds. I created s step-by-step guide for using VPN.ac on an Asus router here.
VPN.ac advanced encryption
VPN.ac offers numerous different encryption options. This allows you to select the best encryption strength depending upon how much privacy and security you are seeking, while also optimizing performance.
The default encryption protocol is OpenVPN ECC (Elliptic Curve Cryptography). This provides a good combination of speed and security. The VPN.ac website further explains explains their different encryption options:
- PPTP: 128-bit MPPE (keep in mind that the protocol itself is broken so the encryption is pretty much useless per se)
- L2TP/IPSec: 256-bit AES and RSA-2048 (with Maximum Strength Encryption enabled in manual setup or with our software)
- OpenVPN 128-bit BF: 128-bit BF-CBC for data channel, RSA 2048 for keys and SHA1 HMAC (preferably to be used only on devices that do not currently support AES/custom OpenVPN settings, e.g. Synology NAS)
- OpenVPN 128-bit AES: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA256 HMAC
- OpenVPN 256-bit: 256-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC
- OpenVPN ECC: 128-bit AES-CBC for data channel, Elliptic Curve using curve secp256k1 for keys and SHA512 HMAC
- OpenVPN XOR: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC
Optimize performance – Having different encryption options helps you to optimize performance with your VPN. Testing out different encryption protocols and ports is a good idea if you are in an area where VPN use is restricted.
Reading through one of the privacy guides on the website, they make an interesting argument for using a 128-bit cipher over a 256-bit cipher with their software:
OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don’t expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). Therefore, AES-128 is a very good choice over AES-256 which is mostly used for marketing claims (“bigger is better”).
Now we will examine the obfuscation features.
VPN.ac secure proxy for browsers
VPN.ac provides secure proxy browser extensions for Firefox, Chrome, and Opera browsers.
VPN.ac describes the benefits of their secure browser as follows:
- Strong encryption for all browsing activity using TLS (pure HTTPS traffic)
- Stealth against Firewall/DPI (deep packet inspection): when inspected using DPI technologies, the connections using the SecureProxy don’t trigger alerts like a classic VPN would usually do
- There is no need to tunnel all your PC traffic through the VPN: you can have the browser tunneling the traffic through our servers and all other traffic sent via your regular ISP connection. You can call it “a VPN inside the browser”
This is a great feature for people who don’t want to encrypt all traffic on their computer via a VPN, but seek a secure solution for browsing with more privacy. More information can be found on the website.
Obfuscation to defeat network restrictions
VPN.ac offers an excellent lineup of obfuscation features, which allow you to break through any network restrictions. Obfuscation hides your VPN traffic as HTTPS, for example.
As a brief reminder, obfuscation features are necessary in countries such as China and Saudi Arabia, which implement censorship and strict network restrictions. This is also the case with many work or school networks that block VPNs or implement other restrictions. There are also reports of internet service providers interfering with VPN traffic – another reason to use obfuscation.
This is very easy to do because VPN.ac offers advanced encryption protocols (OpenVPN XOR) and port selection, as they explain on their site:
OpenVPN XOR is similar to OpenVPN 256-bit in terms of key strength and HMAC as the same are used, it is just the symetric cipher that is different, AES 128-bit being faster and less CPU intensive than AES 256-bit. We recommend to use it only when other OpenVPN types do not work, such as within networks that block other connections than outgoing over ports 80 and 443. Running OpenVPN XOR over port TCP-443 should by-pass most firewalls/web-filtering engines.
Implementing this in the application is very easy, simply select the OpenVPN XOR protocol, then select port TCP-443, and then you can connect to any server you want:
As an extra stealth VPN feature, VPN.ac also provides a lineup of servers that are generally configured for China or other restricted countries (hence the CHINA OPTIMIZED designation):
From everything I’ve seen, VPN.ac is one of the best options for people in China, where VPNs are routinely blocked.
Obfuscation features are also good for anyone who simply wants to conceal their VPN traffic, for whatever reason.
Multi-hop VPN configurations (cascades)
We’ve covered the benefits of multi-hop VPN cascades before. This feature adds a higher level of security and anonymity by putting two encrypted servers between you and the unencrypted internet.
As targeted surveillance practices and tracking continue to advance throughout the world, these advanced privacy features are becoming more important.
Double-hop – VPN.ac currently offers 18 double-hop VPN server configurations. This is a great selection when compared to other providers. Here are a few of the double-hop servers available:
Performance – With multi-hop VPN configurations you can typically expect a performance reduction simply due to increased latency (distance your traffic must travel).
However, VPN.ac offers some of the best double-hop speeds I have tested. The test results are further below. When testing a Germany – Canada double-hop connection I hit download speeds of nearly 82 Mbps.
Self-configurable multi-hop – For those seeking a higher level of anonymity, one great option is a self-configurable multi-hop configuration. In other words, the server network and applications allow you to create your own unique multi-hop chains. Perfect Privacy offers this feature with their Windows, Linux and Mac OS (beta) clients. Additionally, they also added a NeuroRouting feature, which is a dynamic multi-hop for securely routing traffic.
VPN.ac offers a great windows client that was recently updated to version 4. The screenshots above are all from testing VPN.ac on a Windows 10 laptop.
The look and feel of the updated clients is a further improvement to an already great application.
The VPN.ac Windows client also gives you access to a variety of different settings you can configure directly in the advanced section, with VPN protocol and port selection at the top.
Here are the encryption options (left) and available ports (right) within the Windows client Advanced settings:
The Windows client performed excellent in testing with great overall performance and no leaks.
Aside from being 100% leak-proof, the Windows client was also stable reliable, and very well designed.
There were no crashes, bugs, or any problems to report.
VPN.ac Mac OS
Just like with the Windows client above, the updated (version 4) Mac OS client is very impressive. Essentially it has the same layout, preferences, and features of the Windows client.
Below are the preferences and advanced settings:
The VPN.ac Mac OS client provides all features, including:
- Double-hop configurations
- Advanced leak protection and firewall settings (kill switch)
For Mac OS users, this is one of the best clients available.
VPN.ac offers an excellent new Android client, which was fully released in November 2017. I tested the updated Android client for this review and it performed well.
Here is the VPN.ac Android client (version 4.0) that was recently released:
Extensive features for the Android app – With most VPNs I have tested, the Android client is very limited on features when compared to the Windows or Mac OS clients. Many VPN Android clients are limited to the IPSec encryption protocol (such as with Perfect Privacy, VyprVPN and ExpressVPN, for example).
Surprisingly, VPN.ac’s Android client is nearly identical to the full Windows and Mac clients. It gives you all encryption options, all double-hop server configurations, and other advanced settings and preferences. For those seeking a good VPN to use with Android devices, VPN.ac would likely be my top recommendation.
VPN.ac also offers a good iOS app, which I tested out for this review. It utilizes the built-in IKEv2 cipher, which is native to iOS devices. This offers good security, no leaks, and is very stable. Here is the VPN.ac iOS app when tested with an iPhone (the VPN icon at the top confirms an active connection):
You can also confirm the function of the VPN app in the iOS settings. Below is the settings page (left), showing details of the connection. On the right is a leak test to verify that everything is working correctly.
Alternative installation – Aside from using the VPN.ac iOS app, you can also manually configure your iOS device to use the IKEv2 config files for various servers. This is an app-free solution (instructions can be found here from Perfect Privacy).
The one drawback in terms of privacy is that VPN.ac keeps connection logs – but these logs are erased daily. Here’s the exact explanation on logs from the VPN.AC website:
Do you log/monitor my activity? What logs do you keep on servers?
No, we do not log/monitor any kind of user activity such as visited web-sites, emails, files transferred, instant messages, DNS queries etc.
We do, however, keep some connection logs (to our VPN service) for security and support purposes. These are kept on a separate, encrypted server (located in an undisclosed location) and are automatically erased on a daily basis. We don’t keep any logs on servers, not even common Linux daemon logs.
Keeping these logs also help us in identifying potential attacks against our service, such as brute-force and even some MiTM attack vectors.
Important Note: As stated above, it is important to note that all connection logs are automatically erased daily. From the website:
All logs on this server are permanently deleted on a daily basis running a cron job. We do not log or store any sensitive data such as what you actually transfer during the session.
Overall this isn’t too concerning in my opinion. They are clearly being honest and transparent about their policies, explaining their need for logs, and also how the data is erased daily. Most VPNs need to maintain some form of logs to enforce connection or bandwidth limitations.
Some “no logs” VPNs have even been caught recently lying about logs.
VPN.ac’s server network is both secure and fast, with a clear emphasis on server quality (dedicated premium servers).
One of the biggest issues affecting speed is the number of people using the VPN server at a given time. Many VPNs oversell their services, resulting in congestion, slow speeds, and dropped connections.
You can clearly see this is not the case with VPN.ac by looking at their server network bandwidth stats in real time. (Simply select “VPN Nodes Status” at the top of their website.)
As a VPN.ac user, I have yet to find their servers overloaded with users. Here is a screenshot I took illustrating bandwidth at various server locations.
No virtual private servers (VPS) – Another important aspect when examining VPN servers is whether they’re using virtual private servers (VPS), or dedicated (bare metal) servers for their VPN nodes. Here is VPN.ac’s server explanation from the website:
We use dedicated servers on our VPN nodes, mostly consisting of powerful E3 and E5 Xeons with hardware AES crypto acceleration. Running VPN gateways on VPS/cloud instances is a security risk. Moreover, running VPN nodes on dedicated hardware can be as 10x or even 20x times more expensive than running on virtual servers, hence the reason why we don’t advertise ‘hundreds’ of locations but focus on fewer, where security is done properly and the bandwidth capacity is enough to ensure a fast and reliable service.
The security and privacy benefits of using dedicated servers cannot be overstated.
No fictitious server locations – I also tested a number of VPN.ac servers to verify their true locations. Every server I tested checked out. (Many of the larger VPN providers utilize fictitious “virtual” server locations. See this article for an overview of this topic.)
Speed and reliability test results
VPN.ac is one of the fastest services I have tested.
With nearby servers, it was easy to get speeds close to my full non-VPN (unencrypted) speed.
Here is one example where I hit nearly 100 Mbps with a nearby server in Frankfurt:
Testing a server further away in Sweden – once again excellent speed at nearly 90 Mbps:
And here’s a nearby double-hop connection: Frankfurt >> Luxembourg, with 71.2 Mbps
And testing a transatlantic double-hop from Germany to Canada – nearly 82 Mbps (very impressive for a transatlantic double-hop):
Overall the speeds were excellent throughout the server network.
Reliability testing – In terms of overall reliability, VPN.ac also performed well:
- Connecting to different VPN servers was fast and simple (no timed out connection problems).
- Speeds were consistently fast without any dropped connections.
- The applications and features worked without any glitches or problems to report.
VPN.ac does well in the performance category.
Privacy and security
In terms of leak-testing results, VPN.ac passed without any leaks or issues to report.
I tested the Windows, Mac OS and Android clients using the basic testing procedures outlined here.
Here I’m testing a Norway server. Notice, my DNS requests are being picked up by three different secure servers in VPN.ac’s network. The IPv4 address matches the server and there are no leaks (the WebRTC IP address is local, not a leak):
And testing another server in Australia with the Windows client (no leaks):
Here is a test with the Mac OS client and a server in Canada: no leaks
And finally a test with the Android client: no leaks
As you can see from these test results, VPN.ac offers high-quality applications that are secure and will protect your privacy.
DNS leak protection – VPN.ac also does a great job of ensuring there are no DNS leaks by using their own secure DNS resolvers. From the their website:
We protect DNS queries against MitM hijacking and snooping, wiretapping. We have our own, private DNS resolvers outside of US and UK. All DNS queries sent by VPN users are forwarded by our VPN servers to the private resolvers, through encrypted tunnels.
We are using an unique and clever way to overcome this risk [of 3rd party DNS resolver monitoring], by running a query generator service on each DNS resolver. Specifically, We are generating over 10 million DNS queries to existing domains each day. Those queries are generated randomly, at a high rate, and are mixed with the DNS queries of our customers. Basically, we are generating “noise” and it’s virtually impossible to match a user’s DNS queries within the “flood” of queries sent by us to DNS root servers directly. Therefore, if a 3rd party is ever going to wiretap our DNS resolvers, it will be totally ineffective.
While most VPN users may not pay much attention to issues such as server quality and securing DNS queries, these details have a major impact on your privacy and security.
Website and support
The VPN.ac website is informative and straight-forward. It includes:
- Useful VPN information
- Privacy and security tips
- Server status page
- Detailed setup tutorials for different devices and platforms
They are also currently offering a discounted one week trial, which you can find on the website under the FAQ section.
Support – The support team is also top-notch based on all my interactions. They do not outsource support and handle all requests internally with their own professional staff.
Support is offered through tickets (email), and reply times were fast with all my inquiries (under 24 hours).
VPN.ac Review Conclusion
VPN.ac may just be one of the best-kept secrets in the VPN market. As a smaller provider that puts minimal emphasis on marketing, it goes largely unnoticed. Nonetheless, it is a very advanced VPN service that is built on a premium network of dedicated servers, giving you both security and high performance.
VPN.ac also gives you an excellent lineup of custom applications that are packed with features. In addition to offering numerous encryption protocols and port options, you can also utilize obfuscation features and double-hop VPN configurations.
Despite being a less-known provider, VPN.ac offers an excellent service and will remain among the top VPNs recommended on Restore Privacy. You can also pick up a discounted subscription by selecting the one year plan to save 46% off regular prices. All plans come with a 7 day money-back guarantee.
Alternatives to VPN.ac:
If you have used VPN.ac, feel free to share your honest review (good or bad) below.