This post is part of the VPN series and I will illustrate the parameters you might want to keep in mind when choosing a VPN provider.
The first thing I did when choosing my VPN provider was to jot down what I was planning to do with it in term of what equipment, what use and what locations I was interested in connecting from, to and appearing to be from.
The equipment is driving what protocols you need your VPN provider to support. If you wish to connect end devices (computers, phones) a simple VPN provider is enough, if you connect a network you need a ISP grade provider that allows you to connect router to their VPN. If you connect a router at home/work and would want to be protected when at a public hotspot where you connect with your laptop, you need a contract that allows you to roam with another device (or buy multiple contracts).
Connecting an Apple IOS device like iPod, iPad, iPhone these support L2TP, PPTP, IPSec but do not support SSL VPN. Connecting a Cisco IOS device like a router will drive choice toward IPSec VPN (although other options might apply).
Connecting computers (either MAC or Windows) is the easiest of all options: all the VPN provider either use on board software (Operating System own clients) or offer a VPN client to install to connect (this is most of the time the case for SSL VPN).
Use and purpose of VPN
A VPN, in general, might be used to provide:
- Security (between the VPN end points);
- Break out of a firewalled environment;
- Access services not available (restricted, geographically or otherwise);
- Mask your provenance.
The VPN will be encrypting all the traffic between your end point and the VPN head end: all a packet sniffer will be able to see is the flow between these two without any hint of where the traffic is actually going. This function is part of all VPNs and not a discriminator for choosing the VPN provider. This scenario calls for a near to you VPN access point: the closest the VPN head end is best performance wise because the traffic you generates will only add a little extra travel and not be sent around the world before hitting the Internet.
Break out of a firewalled environment
The ability of breaking out of a firewalled environment depends on what protocols are allowed. If for example, IPSEC or PPTP are allowed you can just set up the VPN and tunnel everything encapsulated into it. Your end computer will be able to use any protocols. But if firewall blocks everything even a VPN will not allow access to the Internet.
The most restrictive, but common and solvable configuration involves a fully isolating firewall allowing only web browsing through a proxy. This requires an SSL client, a TCP connection using port 443 and the client has to have the option of using a proxy (a configurable option). If the proxy is a filtering proxy (i.e. it allows access to only a restricted series of hosts) well then you are out of luck.
In networks allowing direct access to Web or even direct UDP access to Name server/DNS using port 53, the client can be configured to use those holes to connect to a server, but you provider needs to support it.
Access services not available
There are several ways services are access limited. Most of the time what you need to do is access a server that is not available to you where you are: i.e. Facebook or Twitter if censored. Some other time provider restricts the area where they make available their content and so you pretend to be coming from a served area (example: content providers that stream their music or video only to specific geographic areas).
To solve this access issues, you need to choose a provider that has access points allowing you to get around the limitations. You need to be able to reach a remote VPN head end crossing the border of your limitating factor (country o filters) your provider needs to have a VPN head end in the area you wish to reach (i.e. connect from restricting/restricted country to USA). If you cannot do that because VPN traffic is not allowed through, you might be out of luck, but since this is how corporations work, closing the possibility of connecting IPSEC/VPN tunnels is usually a remote option and it is only done by a Government when they shutdown the international phone networks (war-time) due to the impact on the economy.
Mask your provenience
This is a bland form of anonymization. When you access a resource your IP address is saved in the logs of the server, but if you are using a VPN provider is the VPN provider’s address that is used and saved. Your provider keeps its own logs and is usually not promising you anonymity just obscurity.
And the winner is …
Now after this long introduction when have an idea on what kind of VPN we need to meet our goals. A great resource to compare VPN is VPN Reviews
I am a road warrior, always on travel around the world (I need protection in public hotspots, hotels and the sort), I also have a home network that needs to use resources available to US IP addresses only and I do not make money by using the VPN (so it has to be cheap) while I enjoy first class customer service and technical support (has to be good). I have found my ideal provider that provides:
- IPSEC, PPTP and SSL VPN access;
- Access through UDP port 53 and TCP port 80 and 443 (break out of firewall/proxy networks);
- 2 concurrent connections (for SSL users);
- An endless list of gateway to select (in different geographic areas: close and far);
- Allows connecting networks (no support for this: you are on your own but I will help you 🙂 with Cisco configuration hints);
- It is one of the cheapest I could find;
- In 18 months I have been with them I never had reliability issues;
- Great customer service and tech support;
- Extremely fast network.
The down side of this provider (at least for me) is it does not have a referral program, so if you buy after reading this I will not get a penny 🙂 , but this notwithstanding, I believe I should share with you their name due to the superior quality of service: Witopia.
The support section of their website has instructions on how to configure iPhone/iPads and various species of computers to connect, in the next post I will show you how to connect a router allowing your whole network to have access to the VPN.
Go back to Index