*** VPN Thread ***

[MrRockliffe]

Is there a good VPN for the odd daily use, not neededing one for streaming, downing of a few films at most, was paying Espress but at £12 seems a bit OTT for what I need it for, seen some cheaper ones but some peeps saying they sell info etc.

I switched from PIA after being with them since 2017 to Mullvad.

2 reasons:

PIA was getting progressively slower, and while you used to be able to view real time server capability, to figure out which one to connect to, they’ve now hidden it.

PIA have been getting more expensive as the time goes on, due to the exchange rate. I was on their old 6.95$ plan or whatever it was, Mullvad is €5

I used to get 400-550 Mbps on PIA. I now get 850-890 Mbps with Mullvad, with my broadband being 920.

 

[cu3ed]

I switched from PIA after being with them since 2017 to Mullvad.

2 reasons:

PIA was getting progressively slower, and while you used to be able to view real time server capability, to figure out which one to connect to, they’ve now hidden it.

PIA have been getting more expensive as the time goes on, due to the exchange rate. I was on their old 6.95$ plan or whatever it was, Mullvad is €5

I used to get 400-550 Mbps on PIA. I now get 850-890 Mbps with Mullvad, with my broadband being 920.

Will go with Mullvad, seems most rated, Express runs out at end of the month so will swap over then.

 

[Rainmaker]

Surfshark now offer Wireguard support outside of using their own app which is great but when using their .conf files I don't have access to my internal LAN. Do I need to add some sort of rule to the config to make it work? It's annoying having to disconnect the Wireguard windows client every time I want to access my LAN. I've spoken to their "support" a few times on it but have got nowhere unless they couldn't understand what I meant by accessing LAN.

What client are you using? Is it wg-quick on (eg) Linux, or is it the official WireGuard app, or something else? Edit the .conf and change the AllowedIps from 0.0.0.0/0 to instead read:

AllowedIPs = 1.0.0.0/8, 2.0.0.0/7, 4.0.0.0/6, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/3, 96.0.0.0/4, 112.0.0.0/5, 120.0.0.0/6, 124.0.0.0/7, 126.0.0.0/8, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/8, 169.0.0.0/9, 169.128.0.0/10, 169.192.0.0/11, 169.224.0.0/12, 169.240.0.0/13, 169.248.0.0/14, 169.252.0.0/15, 169.255.0.0/16, 170.0.0.0/7, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/4, ::/1, 8000::/2, c000::/3, e000::/4, f000::/5, f800::/6, fe00::/9, fec0::/10, ff00::/8

That basically says 'Send requests for every IP in the world through the VPN, except any IP that belongs on a LAN or localhost'. You should now be able to access your LAN again. This is a messier way of doing it than by manually setting routes (i.e. 'Send everything through the VPN', but with a single route in the OS that says 'Psst, if it's my LAN IP send it over the NIC directly to $routerIP') but it will work, and it's easier - especially on Windows or similar.

 

[maj]

What client are you using? Is it wg-quick on (eg) Linux, or is it the official WireGuard app, or something else? Edit the .conf and change the AllowedIps from 0.0.0.0/0 to instead read:

AllowedIPs = 1.0.0.0/8, 2.0.0.0/7, 4.0.0.0/6, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/3, 96.0.0.0/4, 112.0.0.0/5, 120.0.0.0/6, 124.0.0.0/7, 126.0.0.0/8, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/8, 169.0.0.0/9, 169.128.0.0/10, 169.192.0.0/11, 169.224.0.0/12, 169.240.0.0/13, 169.248.0.0/14, 169.252.0.0/15, 169.255.0.0/16, 170.0.0.0/7, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/4, ::/1, 8000::/2, c000::/3, e000::/4, f000::/5, f800::/6, fe00::/9, fec0::/10, ff00::/8

That basically says 'Send requests for every IP in the world through the VPN, except any IP that belongs on a LAN or localhost'. You should now be able to access your LAN again. This is a messier way of doing it than by manually setting routes (i.e. 'Send everything through the VPN', but with a single route in the OS that says 'Psst, if it's my LAN IP send it over the NIC directly to $routerIP') but it will work, and it's easier - especially on Windows or similar.

Appreciate the reply thanks. Will give it a go when I get home from work.

To confirm I'm using the official Wireguard app for Windows but the .conf files were provided by Surfshark.

 

[maj]

Thanks @Rainmaker . Adding that line works like a charm. If only the VPN support were as helpful about their own service...

 

[Rainmaker]

Thanks @Rainmaker . Adding that line works like a charm. If only the VPN support were as helpful about their own service...

No worries!

 

[maj]

With it being black Friday I'm looking to jump ship from Surfshark early if the right deal comes up as they seem to be getting worse all the time.

What's worth considering? I'd like port forwarding which straight away rules out Nord. Plenty of UK servers, multiple connections and wireguard. Unblocking netflix etc would be nice but not essential.

Been looking at Azire, OVPN and Proton as want to avoid the ones on cashback websites if possible. Anyone have any experience with these? I know there's mullvad too which seems popular.

 

[Rainmaker]

With it being black Friday I'm looking to jump ship from Surfshark early if the right deal comes up as they seem to be getting worse all the time.

What's worth considering? I'd like port forwarding which straight away rules out Nord. Plenty of UK servers, multiple connections and wireguard. Unblocking netflix etc would be nice but not essential.

Been looking at Azire, OVPN and Proton as want to avoid the ones on cashback websites if possible. Anyone have any experience with these? I know there's mullvad too which seems popular.

All those on your list (Azire, OVPN, Proton, Mullvad) are trustworthy, and actually is almost the entire list of trustworthy VPNs imho. You only missed out IVPN (who also allow port forwarding, WireGuard, UK servers). Unfortunately though, Mullvad and IVPN don't tend to work well with Netflix or BBC. Proton is constantly slow, and has issues time and again lately. Azire doesn't work with streaming services, so that leaves OVPN.

They're solid privacy wise (they hosted TPB and proved they're no-log in court recently), and they *do* support streaming services like Netflix USA, Amazon Prime Video, BBC etc, and they have WireGuard and a UK server. That said, they only have one gigabit UK server, and they're a tad slower than the bigger players. I still got >700Mbps from them but ymmv. They're expensive unless you tie in for a year or two, as well. If all you want is privacy, streaming that tends to work, port forwards and a solid VPN - then jump. They're very good at what they do, and they're reliable and they work. No WiFi device will notice any speed issues, and no regular desktop browsing will either. You'd only really notice on big downloads and by running artificial speed tests, and even then >750Mbps on a VPN is nothing to sniff at!

That said, have you considered rolling your own? Unless it's for torrenting Linux ISOs, in which case you definitely want a shared VPN with a big company behind it, a custom VPS running Linux and WireGuard will do you just fine. What's your threat model? If it's just preventing your ISP logging your entire browsing history for a few years at a time (which they almost all do, btw), and to remain somewhat private, then your own VPS is ideal and cheap (or free). You'll have practically unlimited IPv6, free static IPv4 and the streaming services don't tend to block them either. Just an idea.

 

[mushtafa]

I've been using Azire for 2 years now and think their brilliant. Usually I've been buying it for 3 months at a time with the plan to try others, but have never found the need to, so bought a year last week. Think it was around £35.

 

[Rainmaker]

I've been using Azire for 2 years now and think their brilliant. Usually I've been buying it for 3 months at a time with the plan to try others, but have never found the need to, so bought a year last week. Think it was around £35.

They use obenetwork which can be slow and high latency at times; but as I said above other than the lack of streaming they're a good VPN.

 

[michty_me]

All those on your list (Azire, OVPN, Proton, Mullvad) are trustworthy, and actually is almost the entire list of trustworthy VPNs imho. You only missed out IVPN (who also allow port forwarding, WireGuard, UK servers). Unfortunately though, Mullvad and IVPN don't tend to work well with Netflix or BBC. Proton is constantly slow, and has issues time and again lately. Azire doesn't work with streaming services, so that leaves OVPN.

They're solid privacy wise (they hosted TPB and proved they're no-log in court recently), and they *do* support streaming services like Netflix USA, Amazon Prime Video, BBC etc, and they have WireGuard and a UK server. That said, they only have one gigabit UK server, and they're a tad slower than the bigger players. I still got >700Mbps from them but ymmv. They're expensive unless you tie in for a year or two, as well. If all you want is privacy, streaming that tends to work, port forwards and a solid VPN - then jump. They're very good at what they do, and they're reliable and they work. No WiFi device will notice any speed issues, and no regular desktop browsing will either. You'd only really notice on big downloads and by running artificial speed tests, and even then >750Mbps on a VPN is nothing to sniff at!

That said, have you considered rolling your own? Unless it's for torrenting Linux ISOs, in which case you definitely want a shared VPN with a big company behind it, a custom VPS running Linux and WireGuard will do you just fine. What's your threat model? If it's just preventing your ISP logging your entire browsing history for a few years at a time (which they almost all do, btw), and to remain somewhat private, then your own VPS is ideal and cheap (or free). You'll have practically unlimited IPv6, free static IPv4 and the streaming services don't tend to block them either. Just an idea.

Going from your recommendation, I may give OVPN a try once my expressVPN expires.

 

[5punk3monk3y]

I'm with Nord, is there an advantage shifting to a VPN that allows portforwarding?

However I do have an AX88U with Merlin utilising multiple VPN clients with strict rulling and killswitches when the servers go down. Also running my own VPN server for remote desktop and the like on my fold 3.

Just intrigued to see if there is any further advantage.

 

[Vimes]

I'm with Nord, is there an advantage shifting to a VPN that allows portforwarding?

However I do have an AX88U with Merlin utilising multiple VPN clients with strict rulling and killswitches when the servers go down. Also running my own VPN server for remote desktop and the like on my fold 3.

Just intrigued to see if there is any further advantage.

Can't answer to your port forwarding question, perhaps if you need to ask you don't need it..?

Overall are you happy with Nord and your router etc..?

I use an AX88 with Merlin,, with both Wireguard and OpenVPN configured within the VPN director.
I was considering using Nord as they provide an app to allow app based split tunnelling - could be an alternative than using the router for my main PC and allow some flexibility.

 

[Rainmaker]

I'm with Nord, is there an advantage shifting to a VPN that allows portforwarding?

However I do have an AX88U with Merlin utilising multiple VPN clients with strict rulling and killswitches when the servers go down. Also running my own VPN server for remote desktop and the like on my fold 3.

Just intrigued to see if there is any further advantage.

Primarily, seeding back on your torrents. You'll be able to leech just fine without a forwarded port on most trackers, as I'm sure you found. There are other uses, but if you have to ask (etc etc). Basically unless you already know you're hamstrung, you don't need it. There's also an argument that having a forwarded port introduces additional security and privacy risks. That said, even the most stringent providers these days allow it (IVPN, Mullvad, OVPN) so I wouldn't worry unduly.

 

[5punk3monk3y]

Primarily, seeding back on your torrents. You'll be able to leech just fine without a forwarded port on most trackers, as I'm sure you found. There are other uses, but if you have to ask (etc etc). Basically unless you already know you're hamstrung, you don't need it. There's also an argument that having a forwarded port introduces additional security and privacy risks. That said, even the most stringent providers these days allow it (IVPN, Mullvad, OVPN) so I wouldn't worry unduly.

I assumed it was torrent related, funnily enough I have an old surface pro tablet as a home media server / torrent server limited the bandwidth on it and placed it on one of the VPN clients. I assume I could possibly get more seeders or leechers with Port forwarding however I haven't needed more in the last three years or so, so I will stick with what I have.

 

[~cw]

I have accounts with Nord and Torguard. Torguard's streaming package gives you the choice of dedicated private IPs in two locations of your choice - they consistently return as non-VPN or corporate IPs on the fast.com and other geoip checkers, and Netflix and iPlayer and other US services work a treat. Pretty good value and often on promotion. Both support Wireguard implementations though while Torguard also supports inbound port forwarding with a variety of encryption schemes and VPN server connection ports (modestly fiddly to configure but definitely works nicely once running), that currently only works with OpenVPN.

 

[SixTwoSix]

Any reason to consider moving away from Mullvad when my annual sub ends in a few weeks? Focus is privacy and speed and hasn't missed a beat for last two years.

Of the view if it ain't broke, don't fix it but always curious about alternatives.

 

[montymint]

Any reason to consider moving away from Mullvad when my annual sub ends in a few weeks? Focus is privacy and speed and hasn't missed a beat for last two years.

Of the view if it ain't broke, don't fix it but always curious about alternatives.

The only thing to think about is if you use it to access things like Netflix on the VPN.

iirc Mullvad rarely update their servers so they tend to be black listed.

 

[SixTwoSix]

The only thing to think about is if you use it to access things like Netflix on the VPN.

iirc Mullvad rarely update their servers so they tend to be black listed.

Cheers - not something I need at this time but worth being aware of.

 

[Kol]

Thread bump. My current sub with Nord has come to an end. Wondering if I should stick with it (well, as a new customer that is, with quidco offering 63% cashback, a 2 year sub is £73 which means I'm basically paying £1/month) or should I look elsewhere?

My main use has simply been to use F1TV for the past four years or so (I've been connecting on phone and airplaying). If it ain't broke etc... but wondering if I should be exploring other options.

What about surfshark? Owned by Nord, significantly cheaper and also a higher cashback offer at the moment.