I’ve written a lot about VPNs over the years. While there have been a few folks interested in protecting (or hiding) their traffic while at home, the vast majority of readers have been concerned about safe surfing when out and about, on unencrypted Wi-Fi in coffee shops, airports, train stations, hotels, and school. Well, guess what? Most of us aren’t going to coffee shops, airports, train stations, hotels, or schools. Welcome to life in a pandemic.
As it turns out, VPNs have seen triple-digit increases in the last few weeks. Most folks are connecting to the internet overall, while quite a few are using corporate VPNs to connect into secure corporate networks. In this article, we look at a bunch of our favorite VPN solutions. We’ll cover many of the top VPN service providers, how to access the native VPNs built into your desktop machine, and even how to use your NAS as a VPN client and host.
Disclosure: ZDNet may earn an affiliate commission from some of the products featured on this page. ZDNet and the author were not compensated for this independent review.
Best VPN providers
If you’re curious how VPNs work or what a VPN provider can do for you, here’s a great VPN overview article. Now that you understand how a VPN service can help keep you safe, let’s kick it off with our list of recommended service providers.
We might as well kick off our VPN list with NordVPN, one of the most popular consumer VPNs out there. Last October, Nord announced that it had been breached. Unfortunately, the breach had been active for more than 18 months. While there were failures at every level, NordVPN has taken substantial efforts to remedy the breach.
In our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. The company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce.
Performance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. Overall, a solid choice and with a 30-day money-back guarantee, worth a try.
StrongVPN stands out because its setup, website, and support materials are clear and easy to understand. We found setup to offer just the right amount of explanation when we needed it.
The fact that StrongVPN doesn’t log anything is a big win, but it’s offset a bit by the fact that our testing showed endpoints can tell you’re using a VPN. To be sure, data is nicely encrypted, but if you’re trying to hide the fact that you’re on a VPN, Strong isn’t for you. That said, it had solid performance, an excellent UI, and did the job.
IPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.
Its UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so no matter what you’re connecting to, you can know what to expect. The company also provides an excellent server list with good current status information. There’s also a raft of configuration options for the app itself.
In terms of performance, connection speed was crazy fast. Overall transfer performance was good. However, from a security perspective, it wasn’t able to hide that I was connecting via a VPN — although the data transferred was secure. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN.
This is a company that has had some ups and downs in its coverage. That said, the company seems to have resolved its issues successfully. But I’m burying the lede for this story. Here’s what you need to know about Hotspot Shield: performance was astonishing.
The company kept sending me bragging emails, claiming exceptional performance. Since reviewers often (always) get “we’re the best” emails, it’s something we ignore like the background noise it usually is. But then my editor challenged me to put Hotspot Shield to the test. And you know what? For most countries, while the VPN connection was active, it actually out-performed non-VPN connection speed. Go ahead and read my review. Surprised the heck out of me.
The CyberGhost client is more than a VPN connection driver. The company’s offering is a decently complete full security system, including ad blocking, malicious website blocking, online footprint blocking (blocking cookies from dropping), and forced https redirect.
With more than 6,000 servers deployed in 89 countries and 112 locations, CyberGhost has a larger number of servers than any of the other VPN providers we surveyed. Performance was adequate. It provided enough bandwidth to stream video and get your job done, but it certainly wasn’t a rocket. Also, if you’re trying to hide the fact that you’re using a VPN, you’ll want to look elsewhere. That said, for a solid overall security package, CyberGhost is a good option.
ExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. Platforms include VPN for Windows, VPN for Mac, VPN for Linux, VPN for routers, VPN for iOS, VPN for Android, VPN for Chromebook, VPN for Kindle Fire, VPN for routers, and even VPN for the Nook device. There are also browser extensions for Chrome and Firefox. Plus, ExpressVPN works with PlayStation, Apple TV, Xbox, Amazon Fire TV, and the Nintendo Switch. There’s even a manual setup option for Chromecast, Roku, and Nvidia Switch.
With 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.
We found performance is middle-of-the-road and platforms are limited to Mac, iOS, Windows, and Android. Don’t even think of using it on routers, Linux, or gaming platforms. Pricing is weirdly and unnecessarily tiered. The service raises its price by ten bucks when you jump from 1 device to 5, and another ten bucks when you jump to ten devices. Given the full ten simultaneous device package is a good deal at $59, it’s odd that it’s nickel-and-diming the lower tiers.
We’re recommending Norton not as much because it’s a great VPN (it’s really kinda meh), but because it’s from a brand we’ve long come to know and trust. The company also offers live 24/7 phone support and has an excellent 60-day money-back guarantee.
At two bucks a month for a two-year plan, Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.
Surfshark’s performance was higher than NordVPN and Norton Secure VPN, but lower than ExpressVPN and IPVanish. That said, Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.
Most VPN providers license their international server presence from local providers all over the globe. PureVPN doesn’t. They own their own self-managed network of more than 2,000 servers in 140 countries. This allows the company to support its full range of protocols (OpenVPN, L2TP/IPSec, SSTP, and IKEv2). It also offers PPTP, but it’s so porous, you probably shouldn’t use it.
Given the tough times due to the novel coronavirus, PureVPN has sent its support folks home, but they’re up and running providing 24/7 support from the safety of sheltering in place. So even though business isn’t as usual, PureVPN has, like many companies, routed around the problem using internet technology to keep connected. We also like the 31-day money-back guarantee, support for a wide range of devices, including Kodi, Roku, and Boxee boxes.
One of the more interesting aspects of Private Internet Access is the wealth of payment options the company offers. Sure, you can pay by credit card. But you can also pay with cryptocurrencies including BitcoinCash, Bitcoin, Zcash, Ethereum, and Litecoin. If you’re not all up on the crypto-craze but still don’t want to leave a record of your payment, you can use over 100 brands of gift cards, including those from Best Buy, GameStop, Home Depot, Lowes, Target, and Walmart.
The company supports a good range of protocols and you can use it on your customized DD-WRT router. We do like the quick setup, included ad, malware, and tracker blocker, and unlimited bandwidth is always appreciated.
Here’s the thing about Goose VPN. It’s called “goose VPN.” That’s nearly irresistible for a writer. When I asked, I was told geese make excellent guard animals, having performed guard duty in ancient Rome, an Air Defense Command base in Germany, and a brewery in Scotland. Hence Goose VPN, where the goose is the mascot for a service that guards your Internet access.
When I first started talking to the folks at Goose VPN a few years ago, they didn’t offer a kill switch and only had clients for the Big Four. But, as time went on, they’ve been adding features and capabilities regularly and their offering is now a nice, robust system. Plus, here’s something really cool. If you’re tired of subscription fees, you can purchase Goose VPN forever for €139 (about US$151). You can also buy moderately priced subscriptions if you don’t want to go all in. Finally, the company offers a reasonable 30-day money-back guarantee.
While we generally don’t recommend free VPNs because of questionable monetization motives, we can comfortably recommend Mozilla’s Firefox Private Network VPN because it’s put out my Mozilla, the same folks who make the well-respected Firefox browser. Speaking of Firefox, if you left it behind back in 2010 or so, ZDNet’s Adrian Kingsley-Hughes says it’s come a long way.
So here’s the deal with Firefox Private Network. It’s beta, and it’s on track to become a paid-for service that, “Protect[s] the connection for your whole device, including all apps on Windows 10 and Android.” Presumably, Mac and iOS will follow. But before the paid-for service is complete, Firefox is providing a browser extension that will protect your browsing in one-hour chunks for up to 12 hours per month. If you have only an occasional need for a VPN, this might be a quick, cheap, and relatively safe choice.
Native VPN support on your desktop
If you’re connecting to a corporate VPN, you may not need to purchase a VPN service. All the major desktop operating systems include VPN capabilities. Here’s how to get started using those.
If you’re connecting to an existing corporate virtual private network, you may not need an additional service. MacOS comes with native VPN support built right in.
Apple provides VPN support for High Sierra, Mojave, and Catalina. Just pop open System Preferences, head over to the Network tab, and either import the configuration file you were provided or hit the plus button and add a VPN interface. Here’s a handy tip sheet from Apple that will walk you through the process.
If you’re connecting to an established corporate VPN, all you need to do is add a new Windows 10 VPN connection. Point your mouse at the Start menu, hit Settings, then Network & Internet, and then VPN. Make sure you have the connection details provided by work and then click on Add a New VPN Connection. Fill in the form and you’re good to go. Here’s a handy tip sheet from Microsoft.
Windows 10 also allows you to host a VPN server by creating a new incoming network connection, choosing the users who can connect, and telling Windows that the incoming connection is across the internet. You’ll also have to configure your router to allow traffic to your computer. PureInfoTech has a helpful guide for setting it all up.
Sadly, this simple solution isn’t built into the standard Chrome browser. If you’re just using the browser on a Mac or Windows machine, you’ll need a different solution.
That said, if you’re rocking a Chromebook, all you need to do is open Settings and then Network. Click Add Connection. Then all you need to do is choose between OpenVPN and L2TP over IPSec. Google has a handy cheat sheet right here to guide you through the process.
WireGuard is Linux’s new baked-in VPN capability. Its code is relatively simple and small, making it far easier to maintain, test, and debug. Linus Torvalds, Mr. Linux himself, calls WireGuard “a work of art.”
So what do you need to set up WireGuard? Right now, that’s a Linux 2.6 distro. But you can also download a package for Windows, Mac, iOS, Android, and FreeBSD. It’s like most open source products, in that you’ll need to do some reading and thinking to make it work. But it’s free, solid, safe, and, as Linus says, “Can I just once again state my love for it.”
VPN for your whole home network
Many of the commercial VPN services discussed above offer router-based VPN solutions. Even though I have a pretty powerful router, I prefer to run my VPN on my NAS. Here are two NAS-based VPN solutions that will get you connected securely.
If you have a NAS like the top-reviewed Synology, you may already have a NAS app you can setup and protect your whole home network. The Synology server has a very capable little VPN built in, and it’s available free to anyone with the NAS.
If you want to go a step further and use some Synology-exclusive VPN services like Synology SSL VPN, clientless WebVPN, and remote desktop, as well as a site-to-site VPN service, you can do so using the Synology router I reviewed last year. That service is called VPN Plus and it normally costs $9.99 per concurrent user. But because of COVID-19, Synology’s offering free VPN Plus between now and September.
How to choose
I could write an entire article about how VPNs work and how to choose, and, in fact, I did. Rather than repeating it all here, I’m just going to point you to How to find the best VPN service: Your guide to staying safe on the internet.
This list did not involve as much original research and testing as some of my other recommendation lists. That’s because I’ve been writing VPN articles every month or so since early 2017. I have looked at a lot of VPN providers.
Many of the providers recommended in this list have been subject to in-depth testing and reviews, written either by me or by CNET’s product evaluation team. For those, we have tangible testing numbers. Other VPNs have been ones we’ve been talking about for years, spoken with their management and their users, and have developed a generally positive impression.
A few of the VPNs (Hotspot Shield, in particular) had a more rocky road. They had some tough PR at the beginning and made some seemingly ludicrous claims about speed. It wasn’t until I brought them in house and pounded on them for a few weeks that I realized that their claims were justified. Sometimes, products just surprise you.
But here’s the thing: All these vendors have solid money-back guarantees and we would not have recommended them otherwise. We do test VPN services from multiple locations, but we can’t test from all locations. Every home, every community, every local ISP, and every nation has a different infrastructure. It’s essential that once you choose, you test for all your likely usage profiles, and only then make the decision to keep the service or request a refund.
One thing to consider is whether you’re looking for a solution for working at home vs. traveling. For example, if you travel rarely (even before COVID-19), have strong bandwidth at home, and have a NAS or a server box, you might want to VPN to your home server from your machine’s native client, and then out to the world. If you’re newly home for the duration and your company has a dedicated VPN, you’ll want to use whatever process they’ve set out for you.
But, generally speaking, it doesn’t hurt to have a VPN provider already set up and in your kit bag. Most home-based traffic won’t require VPN usage, but if you’re on any sort of shared connection, having a VPN provider is a good idea. Also, if you ever think you’ll need to access the Internet from out and about — like a hospital or doctor’s office, then having a VPN provider can be a win. Likewise, if you want to obscure where you’re connecting from (this might be more important now that we’re always in the same place all day), a VPN provider might help.
Finally, don’t expect miracles. Your home-based pandemic broadband pipes are likely to be more clogged than ever before. Everyone is at home, many people are streaming movies to stay sane, and there are only so many bits that can fit at any given time. If you experience traffic slowdowns, be sure to check not only your VPN, but your Wi-Fi connection between your device and your router, your connection to your broadband provider, and even their connection to upstream providers.
That said, we’re all in this together. Hang in there and stay safe. How are you managing your home-based networking? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.