VPN.ac may not get tons of attention, but this Romanian VPN provider has a lot going for it.
In this updated review I put VPN.ac through multiple rounds of tests to see if it’s still is on par with the other best VPN services in all areas of testing.
Let’s examine the results.
VPN.ac is a Romania-based VPN service that provides users with advanced encryption, very secure apps, and great performance. Their network consists entirely of dedicated bare-metal servers with self-hosted DNS and gigabit bandwidth channels. VPN.ac also provides you with unique encryption protocols, double-hop server configurations, and secure proxy browser extensions.
The one main drawback with VPN.ac is that they maintain minimal connection logs – but this does not include any activity or session data. As they explain on their website, these logs are used for network security and support purposes and all data is erased daily running a cron job. VPN.ac’s honest and straightforward logging policy may not be too concerning, depending on your needs, and it certainly performed well in testing.
- Dedicated bare-metal servers with self-hosted encrypted DNS
- Excellent speeds with plenty of available bandwidth
- Multi-hop (double VPN) server configurations (18)
- Great obfuscation features with many different encryption options
- Secure proxy browser extensions
- Minimal connection logs (no activity, erased daily)
For a premium VPN service that uses only dedicated servers and offers excellent, secure applications, VPN.ac is one of the best deals around.
VPN.ac is currently offering a discounted pricing plan for two-year subscriptions, which drops the price down to only $3.75 per month.
Discounted one-week trial – VPN.ac also offers the option to get a discounted one-week trial subscription, which includes all features and full functionality. Simply go to the website and click on the FAQ tab to get the trial. There are also other VPNs with free trials you can consider as well.
Payment options – VPN.ac offers many payment options, including anonymous payment methods, such as Bitcoin and various gift cards:
- Bitcoin and various altcoins
- Credit cards
- 100+ US gift cards
- Mobile/SMS options and more…
Refund Policy – VPN.ac provides a 7 day money-back guarantee, which they clearly describe on the website here:
7 days money back guarantee: We will refund your order if you can’t use our service or if you are not satisfied with it.
The refund policy is clear and does not contain any hidden exceptions or bandwidth clauses.
Company information and jurisdiction
VPN.ac was created by a team of network security professionals in 2012.
They are transparent about the background of the company and their professional qualifications. From their website:
Each individual member of our team has over 14 years of experience in IT security, providing security audit and penetration testing services for both public and private customers, banks and military institutions.
Our experience in pentesting and security audit services is mainly what gives us an edge in keeping our infrastructure secure, because it is often the infrastructure implementation which is the weakest link of a VPN service.
Encryption/data security is something we are very familiar with, as a result of being a local supplier of some of most secure commercial encrypted storage devices, which are compliant with requirements for governmental and military use (FIPS 140-2 Level 3, Common Criteria EAL, NATO InfoSec, etc.)
They also provide the contact details and professional certifications of the parent company, Netsec Interactive Solutions, which is based in Sibiu, Romania.
Jurisdiction – VPN.ac falls under the jurisdiction and laws of Romania. Romania appears to be a solid jurisdiction when it comes to privacy. It is not a member of the 14 Eyes surveillance alliance, or a close ally of any major spying regimes.
Being in Romania, VPN.ac is also able to ignore all DMCA complaints, making it a good choice for torrenting.
Private data is also protected in Romania, with data retention being officially declared unconstitutional by the Romania Constitutional Court in 2014.
Platforms and applications
VPN.ac supports many different devices and platforms. They offer VPN applications (clients) for Windows, Mac OS, iOS, and Android. For Linux users, VPN.ac has a Linux client in beta for Ubuntu-based distributions.
You can download the latest software directly from the website and also view the installation guides:
We will go into detail on the Windows, Mac OS and Android clients below.
Connections – VPN.ac allows 6 connections per subscription. This is about average for the VPN industry.
Knowledge base – You can find many detailed guides in the knowledge base dealing with a variety of topics:
- OpenVPN, IPSec/L2TP, IKEv2, and PPTP encryption protocols
- Router installation guides
- Secure proxy and Socks5 proxy setup
- Online privacy tips
- Troubleshooting guides
If you are interested in using a VPN on a router, VPN.ac is a solid choice because their premium network offers plenty of bandwidth, high security, and excellent speeds.
VPN.ac encryption options
VPN.ac offers numerous encryption options. This allows you to select the best encryption strength depending upon how much privacy and security you are seeking, while also optimizing performance.
The default encryption protocol is OpenVPN ECC (Elliptic Curve Cryptography). This provides a good combination of speed and security. The VPN.ac website further explains their different VPN protocols and encryption options:
- PPTP: 128-bit MPPE (keep in mind that the protocol itself is broken so the encryption is pretty much useless per se)
- L2TP/IPSec: 256-bit AES and RSA-2048 (with Maximum Strength Encryption enabled in manual setup or with our software)
- OpenVPN 128-bit BF: 128-bit BF-CBC for data channel, RSA 2048 for keys and SHA1 HMAC (preferably to be used only on devices that do not currently support AES/custom OpenVPN settings, e.g. Synology NAS)
- OpenVPN 128-bit AES: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA256 HMAC
- OpenVPN 256-bit: 256-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC
- OpenVPN ECC: 128-bit AES-CBC for data channel, Elliptic Curve using curve secp256k1 for keys and SHA512 HMAC
- OpenVPN XOR: 128-bit AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC
VPN.ac is now one of the few services that supports the new WireGuard VPN protocol.
Optimize performance – Having different encryption options helps you to optimize performance with your VPN. Testing out different VPN protocols, encryption, and ports is a good idea if you are in an area where VPN use is restricted.
Reading through one of the privacy guides on the website, they make an interesting argument for using a 128-bit cipher over a 256-bit cipher with their software:
OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don’t expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). Therefore, AES-128 is a very good choice over AES-256 which is mostly used for marketing claims (“bigger is better”).
Now we’ll examine the obfuscation features.
Obfuscation to defeat network restrictions
VPN.ac offers an excellent lineup of obfuscation features, which allow you to break through network restrictions. This can hide VPN traffic, which may be getting blocked, as standard HTTPS encrypted traffic. Obfuscation usually entails a small performance tradeoff, but this can be minimal.
As a brief reminder, obfuscation features are necessary in countries such as China and Saudi Arabia, which implement censorship and strict network restrictions. This is also the case with many work or school networks that block VPNs or implement other restrictions. There are also reports of internet service providers interfering with VPN traffic – another area where obfuscation may help.
This is very easy to do because VPN.ac offers different VPN protocols (OpenVPN XOR) and port selection options, as they explain on their site:
OpenVPN XOR is similar to OpenVPN 256-bit in terms of key strength and HMAC as the same are used, it is just the symetric cipher that is different, AES 128-bit being faster and less CPU intensive than AES 256-bit. We recommend to use it only when other OpenVPN types do not work, such as within networks that block other connections than outgoing over ports 80 and 443. Running OpenVPN XOR over port TCP-443 should by-pass most firewalls/web-filtering engines.
Implementing this in the application is very easy, simply select the OpenVPN XOR protocol, then select port TCP-443, and then you can connect to any server you want:
As an extra stealth VPN feature, VPN.ac also provides a lineup of servers that are generally configured for China or other restricted countries. These are labeled in the VPN.ac client as “China Optimized” servers.
Due to these features, VPN.ac is currently one of the best VPNs to use in China – and any other restricted networks.
VPN.ac secure proxy for browsers
VPN.ac provides secure proxy browser extensions for Firefox, Chrome, and Opera browsers.
VPN.ac describes the benefits of their secure browser as follows:
- Strong encryption for all browsing activity using TLS (pure HTTPS traffic)
- Stealth against Firewall/DPI (deep packet inspection): when inspected using DPI technologies, the connections using the SecureProxy don’t trigger alerts like a classic VPN would usually do
- There is no need to tunnel all your PC traffic through the VPN: you can have the browser tunneling the traffic through our servers and all other traffic sent via your regular ISP connection. You can call it “a VPN inside the browser”
This is a great feature for people who don’t want to encrypt all traffic on their computer via a VPN, but seek a secure solution for browsing with more privacy.
Multi-hop VPN configurations (cascades)
We’ve covered the benefits of multi-hop VPN cascades before. This feature adds a higher level of security and anonymity by putting two encrypted servers between you and the unencrypted internet.
Double-hop – VPN.ac currently offers 22 double-hop VPN server configurations. This is a great selection when compared to other providers. Here are a few of the double-hop servers available:
Performance – With multi-hop VPN configurations you can typically expect a performance reduction simply due to increased latency (distance your traffic must travel).
Here’s a nearby double-hop connection: Frankfurt >> Luxembourg at 71.2 Mbps
Considering the double encryption, this is great performance.
I also tested a transatlantic double-hop configuration from Germany to Canada and got nearly 82 Mbps, which is pretty impressive.
Overall the speeds were excellent throughout the server network.
Additionally, VPNArea and NordVPN also offer double-hop VPN configurations.
Self-configurable multi-hop – For those seeking a higher level of anonymity, one great option is a self-configurable multi-hop configuration. In other words, the server network and applications allow you to create your own unique multi-hop cascades. Perfect Privacy offers this with their Windows, Linux and Mac OS clients. ZorroVPN also supports this feature.
VPN.ac offers a great windows client that I tested for this review. The screenshots below are all from testing VPN.ac on a Windows 10 laptop.
The VPN.ac Windows client also gives you access to a variety of different settings you can configure directly in the “Advanced” section, with VPN protocol and port selection at the top.
Overall I really like the new and updated client. It has a great layout, works well, and was very reliable in testing. It also gives you the option for light or dark mode.
If you need a VPN for Windows, this is a solid choice.
VPN.ac Mac OS
Just like with the Windows client above, the updated Mac OS client is equally impressive. Essentially it has the same layout, preferences, and features of the Windows client.
If you are needing a good VPN for Mac, VPN.ac would be on the short list of recommendations.
The VPN.ac Mac OS client provides all features, including:
- Double-hop configurations
- Advanced leak protection and firewall settings (kill switch)
Running numerous tests on a MacBook Air did not identify any issues with the VPN.ac Mac client.
VPN.ac offers an excellent new Android client that I also tested for this review.
Here is the VPN.ac Android client (version 4.0) in testing:
In testing out the Android client for the review everything worked well. I did not notice any bugs, crashes, connection problems or leaks.
Extensive features for the Android app – While most VPN services offer Android clients that are somewhat limited, VPN.ac’s Android client comes fully loaded with lots of great features.
It gives you all encryption options, all double-hop server configurations, and other advanced settings and preferences.
VPN.ac iOS. (iPhone and iPad)
VPN.ac also offers a good iOS app, which I also tested. It utilizes the built-in IKEv2 cipher, which is native to iOS devices. This offers good security, no leaks, and is very stable. Here is the VPN.ac iOS app when tested with an iPhone (the VPN icon at the top confirms an active connection):
You can also confirm the function of the VPN app in the iOS settings. By choosing “Connect on demand” you will get a stable connection where all non-VPN (unencrypted traffic) will be blocked, and all internet will go through the VPN. Below is the settings page (left), showing details of the connection. On the right is a leak test to verify that everything is working correctly.
Alternative installation – Aside from using the VPN.ac iOS app, you can also manually configure your iOS device to use the IKEv2 config files for various servers. This is an app-free solution (instructions can be found here from Perfect Privacy).
VPN.ac connection logs
The one main drawback in terms of privacy is that VPN.ac keeps connection logs – but these logs are erased daily. Here’s the exact explanation on logs from the VPN.AC website:
Do you log/monitor my activity? What logs do you keep on servers?
No, we do not log/monitor any kind of user activity such as visited web-sites, emails, files transferred, instant messages, DNS queries etc.
We do, however, keep some connection logs (to our VPN service) for security and support purposes. These are kept on a separate, encrypted server (located in an undisclosed location) and are automatically erased on a daily basis. We don’t keep any logs on servers, not even common Linux daemon logs.
Keeping these logs also help us in identifying potential attacks against our service, such as brute-force and even some MiTM attack vectors.
Note: As stated above, it is important to note that all connection logs are automatically erased daily. From the website:
All logs on this server are permanently deleted on a daily basis running a cron job. We do not log or store any sensitive data such as what you actually transfer during the session.
Overall this isn’t too concerning in my opinion. They are clearly being honest and transparent about their policies, explaining their need for logs, and also how the data is erased daily. Many VPNs need to maintain some form of logs to enforce connection or bandwidth limitations.
If you find these polices concerning, there are other no logs VPN services to consider.
VPN.ac server network
VPN.ac’s server network is both secure and fast, with a clear emphasis on server quality (dedicated bare-metal servers).
One of the biggest issues affecting speed is the number of people using the VPN server at a given time. Many VPNs oversell their services, resulting in congestion, slow speeds, and dropped connections.
You can clearly see this is not the case with VPN.ac by looking at their server network bandwidth stats in real time. Using and testing VPN.ac over the years, I’ve always found the bandwidth and performance to be good.
No virtual private servers (VPS) – Another important aspect when examining VPN servers is whether they’re using virtual private servers (VPS), or dedicated (bare metal) servers for their VPN nodes. Here is VPN.ac’s server explanation:
We use dedicated servers on our VPN nodes, mostly consisting of powerful E3 and E5 Xeons with hardware AES crypto acceleration. Running VPN gateways on VPS/cloud instances is a security risk. Moreover, running VPN nodes on dedicated hardware can be as 10x or even 20x times more expensive than running on virtual servers, hence the reason why we don’t advertise ‘hundreds’ of locations but focus on fewer, where security is done properly and the bandwidth capacity is enough to ensure a fast and reliable service.
No fictitious server locations – I also tested a number of VPN.ac servers to verify their true locations. Every server I tested checked out.
VPN.ac with Netflix – Although they don’t advertise it, VPN.ac does continue to work well with American Netflix on some servers. This makes it one of the best VPNs to use with Netflix for 2019.
VPN.ac speed test results
I ran all speed tests with VPN.ac using a 160 Mbps ethernet connection with the VPN.ac Mac OS client using the OpenVPN protocol. Overall speed tests were pretty good.
First up was a nearby server in Frankfurt, Germany: 131 Mbps
Definitely not bad, but also not amazing. I ran a few other tests with nearby VPN.ac servers, and the results were consistent.
Here was a VPN server in Finland giving me about 122 Mbps:
Last up was a nearby VPN.ac server in Switzerland, giving me about 124 Mbps:
With nearby servers in Europe, VPN.ac gave me great performance.
Long-distance server speed tests
Next I tested different VPN.ac servers in the US and Canada. Again, speeds were pretty good.
First up was a server in New York at about 107 Mbps:
Certainly not bad given the long distance. Next up was a server in Chicago, at about 54 Mbps:
Again, this is not great, but also not horrible.
The last US server I tested was in Miami, and it was decent at about 83 Mbps:
Finally, I also ran a test with a VPN.ac server in Montreal, Canada, which gave me about 72 Mbps.
Conclusion on speeds and performance
VPN.ac offers pretty good performance with all the servers I tested. As a comparison, I got much better speed with ExpressVPN, as you can see with the tests for the ExpressVPN review. On average, however, VPN.ac speeds are pretty good, but there are faster options if you want better performance.
Privacy and security
In terms of leak-testing results, VPN.ac passed without any leaks or issues to report.
I tested the Windows, Mac OS and Android clients using the basic VPN testing procedures to identify problems or leaks.
Below are tests with a Norway server. Notice, my DNS requests are being picked up by three different secure servers in VPN.ac’s network. The IPv4 address matches the server, IPv6 is blocked, and there are no leaks to be found:
The test results for the Mac OS clients and mobile clients (Android and iOS) were the same: no leaks.
As you can see from these test results, VPN.ac offers high-quality applications that are secure and will protect your privacy.
DNS leak protection – VPN.ac also does a great job of ensuring there are no DNS leaks by using their own secure DNS resolvers. From their website:
We protect DNS queries against MitM hijacking and snooping, wiretapping. We have our own, private DNS resolvers outside of US and UK. All DNS queries sent by VPN users are forwarded by our VPN servers to the private resolvers, through encrypted tunnels.
We are using an unique and clever way to overcome this risk [of 3rd party DNS resolver monitoring], by running a query generator service on each DNS resolver. Specifically, We are generating over 10 million DNS queries to existing domains each day. Those queries are generated randomly, at a high rate, and are mixed with the DNS queries of our customers. Basically, we are generating “noise” and it’s virtually impossible to match a user’s DNS queries within the “flood” of queries sent by us to DNS root servers directly. Therefore, if a 3rd party is ever going to wiretap our DNS resolvers, it will be totally ineffective.
While most VPN users may not pay much attention to issues such as server quality and securing DNS queries, these details have a major impact on your privacy and security.
Website and support
The VPN.ac websiteis informative and straight-forward. It includes:
- Useful VPN information
- Privacy and security tips
- Server status page
- Detailed setup tutorials for different devices and platforms
Support – The support team is also top-notch based on all my interactions with them. They do not outsource support and handle all requests internally with their own professional staff.
Support is handled through tickets (email) and reply times were fast with all my inquiries (under 24 hours).
VPN.ac Review Conclusion
VPN.ac may just be one of the best-kept secrets in the VPN market. As a smaller provider that puts minimal emphasis on marketing, it does not get the attention it deserves. Nonetheless, VPN.ac is an advanced VPN service that is built on a premium network of dedicated servers, giving you both security and high performance.
Despite being a less-known provider, VPN.ac offers an excellent service and will remain among the top VPNs recommended on Restore Privacy. You can also pick up a discounted subscription by selecting the two-year plan to save 62% off the monthly rate. They also offer a one-week trial for only $2. All plans come with a 7 day money-back guarantee.
If you have used VPN.ac, feel free to share your honest review (good or bad) below.