8 critical features a VPN must have

VPN
VPN-tjänster har många olika funktioner - här är de allra viktigaste du ska kolla efter. (Image credit: Shutterstock.com)

Given the large number of VPN services available, it can be challenging deciding which one to sign up for. While the websites of VPN providers are useful up to a point in terms of highlighting important features (and indeed limitations), sometimes more crucial info is buried deep in the site. 

So to avoid any danger of you being razzle-dazzled by a VPN’s fancy website, we’ve put together this article which looks at the truly important features to bear in mind when picking the best VPN for you.

As you read through these, remember that there’s no one best overall VPN service : it comes down to who you are and how you want to use it. For instance, having multiple servers around the world means you have a much better chance of not being blocked by online streaming services like Netflix USA. However it comes at the cost of reduced security, as your provider has more servers to keep secure. 

1. Server siting 

A VPN hides a user’s data by encrypting it with a tunnel created between the user’s device and the VPN’s web server. The user then takes on the IP address of the web server (rather than their true IP), and this leads to one advantage of a VPN, namely that a user can appear to be in a different geographic location than they are actually located in.

This can have many uses, such as being able to access streaming services like Netflix or shopping sites like Amazon specific to a certain country, bypassing what’s known as geo-blocking.

The important point to bear in mind here is that any good provider will have a healthy spread of coverage across a wide range of countries, giving you more options overall. This is also helpful for online services like Netflix that try to block IP addresses of known VPN servers. The more you have to choose from in a certain country, the more likely you can access the content. 

Furthermore, the more servers available in each location, the better (as they’re less likely to be overloaded, so you’ll get better performance levels).

When it comes to your privacy, you may appreciate some quality over quantity however. If a VPN Provider is renting server space from a third party to offer you the service, then this means they have to trust that third party with your data.

This is why VPN Providers like ProtonVPN make sure to retain control over their own core servers by using full disk encryption and bare metal hosting. Although these kinds of servers are more expensive to set up, you’ve a much greater chance of keeping your information safe if it never leaves your VPN’s own servers. 

(Image credit: Future)

2. Mobile apps

Any VPN will offer client software for a Windows PC. However, the real value of a VPN is in its mobile support, and in keeping your device safe as it accesses public Wi-Fi when you're out and about.

Therefore, when choosing a VPN, make sure that it supports the platforms for the mobile devices that you use. Most providers have mobile VPN apps for at least Android and iOS, but check out the setup instructions in the Support pages, too. ExpressVPN has guides on manually setting up Windows Phone, BlackBerry, eBook readers, Linux and many other platforms.

The gold standard for any security app like a VPN client is open source: this means the code’s freely available to be reviewed by the community to check for any security bugs or “backdoors”.

If your VPN provider doesn’t offer this, it doesn’t necessarily mean your data’s at risk. It’s just harder to check. Contact your provider to ask if they support either the Wireguard or OpenVPN protocols. If so, you may be able to use open source VPN clients like Wireguard or OpenVPN Connect with your VPN service instead. 

(Image credit: Shutterstock)

3. Integrated kill switch

No VPN service is 100% secure, and they can be susceptible to IP leaks, which expose your true IP address when you are online. This can occur more frequently when the VPN service gets overloaded.

It’s not always your provider’s fault: if the VPN connection drops on your end, unless configured properly your device may well fall back to using your regular internet connection. Worse still, it won’t always tell you it’s doing this so you might access sensitive personal information unaware that you’re no longer protected. 

The solution is a VPN kill switch, that can monitor for the VPN connection failing – when the connection drops, that’s when your true IP will be exposed, and in this case, a kill switch shuts down the transfer of data.

In short, as the name suggests, it kills the connection, preventing unencrypted data from being transmitted (and your true IP from being leaked).

While not all VPN services offer a kill switch, some do, with the feature embedded in the client software. Look for an integrated VPN kill switch with the service, and be sure to turn it on in the VPN app’s settings; many are disabled by default.

The best way forward is to contact your VPN provider to see if this service is supported. For instance, the iOS version of NordVPN’s client app has a kill switch built-in and switched on by default, so you needn’t do anything further.

Remember if the kill switch is on, you won’t be able to use any internet-enabled apps. If your VPN client app supports it, once you’ve activated the kill switch see if there’s also an “auto connect” feature so you can use the Internet right away each time you start up your device.

4. Anonymous DNS servers

DNS (Domain Name System) resolution is the process that turns the address you type into your web browser's address bar, such as www.techradar.com, into the IP address that the worldwide web uses to direct traffic to the user. Most users perform the DNS translation, by default, through their ISP, although this can be easily changed.

Of course, when using a VPN the goal is privacy, and therefore we want the VPN to be set up to protect us in the DNS translation process as well (keeping data away from the potentially prying eyes of the ISP).

While the Google DNS translator is often used for its speed, this would be a lousy choice from a privacy perspective. Rather, there are DNS services that are designed for anonymity, such as FreeDNS or DNSWatch, and indeed, your VPN provider should be using its own anonymous DNS to better preserve your privacy.

While every reputable VPN provider does this, there are a great deal more who might encrypt your connection but still let your ISP handle DNS requests with their own servers. This means anyone with access to your ISP’s records can see which websites you’re visiting and is known as DNS leak.

To make sure this isn’t happening to you, first connect to your chosen VPN provider. Next, open your web browser and navigate to a DNS Leak testing website such as IP Leak. This will display your IP address and DNS servers as far as the internet is concerned  : these should match your VPN provider’s details, not your own ISP.

5. No log policy

VPN services differ on their logging policies. Some VPNs may keep elements of browsing activity for months, for example – potentially data that could be turned over to authorities, if requested.

Ideally, you want a VPN which has a ‘no log’ policy, although be wary here, as many providers will claim they offer this, when the reality is they may still keep some data (such as session logs, for example). 

It pays to carefully read the VPN provider’s privacy policy and ensure there are no hidden catches in this respect. Alternatively, it may be worth looking into the most private VPNs on the market.

Remember that the gold standard for any VPN provider who claims to keep “no logs” is one which regularly submits itself to audits by a trusted third party to verify their claims are true. ExpressVPN and NordVPN for instance regularly allow their servers to be inspected to make sure there’s no personal information stored on them. 

(Image credit: Asus)

6. Router support

Rather than installing the VPN on all your individual devices, an alternate strategy is to just install the VPN directly on the router of your home network, and then every device connected to the network will have the benefit of VPN protection.

While this is often a better plan, it requires two things: a compatible router, and a VPN service that supports this. 

You can install a VPN on a router - a good intermediate networking project. Once set up, you won’t need to install any special software on individual devices to use the VPN service : you can just connect them to the router’s WIFi network.

This is also a great way to get around device limits for VPN’s : for instance NordVPN limits you to six devices at a time using its VPN. However if you have a VPN router, this only counts as one device, no matter how many devices are connected to it wirelessly.

For security reasons, try to find a router running open source firmware like DD-WRT. Not only does this support VPN networks but the software community can regularly check the code for bugs.  

7. Support for OpenVPN

While all VPNs keep your data private by creating an encrypted data tunnel between the client and the VPN server, there are multiple protocols for performing this data encryption.

The bigger the selection and more choice of protocols that a VPN offers, the better, but you particularly want a service which supports the OpenVPN protocol. 

This is one of the most popular VPN protocols in mainstream use, and is considered highly secure – preferably your VPN will allow you to choose between the two flavors of OpenVPN (TCP and UDP).

If your provider supports OpenVPN, you can make use of their service through open source ‘client’ apps like OpenVPN Connect. You can also connect to your VPN service via a DD-WRT router (see above). 

If a VPN offers other protocols besides OpenVPN such as ExpressVPN Lightway or NordVPN’s ‘Nordlynx’ you shouldn’t necessarily be suspicious. More modern protocols have their uses. For instance, Wireguard generally performs faster than OpenVPN. You should only be suspicious if the VPN Provider is pushing you to use their own protocol without offering OpenVPN as an alternative.

When setting up OpenVPN, your provider will need to provide you with configuration (.ovpn) files for the server you want to use. You’ll have to import configuration files for each server too, unless your provider offers a different way to do this e.g. by offering ‘OpenVPN’ as a connection option in the client app. 

Credit cards

(Image credit: Pexels)

8. Value for money

Perhaps this seems like an obvious point to make, but we’ve included it because it’s important to realize that there are a very wide variety of plans and pricing levels when it comes to VPNs.

Almost always, you’ll get a much cheaper deal if you commit for at least a year’s worth of service, and you can get some truly bargain-basement deals with some providers.

At the same time, bear in mind that sometimes the most basic plans won’t have the full range of features, and you might be missing out on something good (say, for example, a proprietary protocol for avoiding being detected as a VPN connection, so you don’t subsequently get blocked or throttled).

You also need to be sure that the VPN Provider you’ve chosen is suitable for what you need to do online. For instance, there’s no sense in paying for a year’s subscription for a provider to Watch Netflix shows, only to find that all their servers have been blocked by the streaming site. 

All reputable VPN providers will either offer you a free 30-day trial or allow you to pay monthly. Take advantage of this to try the service out for just a few weeks to see if it’s right for you. 

We’ve already discussed the dangers of supposedly free VPNs.  In short, be vigilant they have to make money somehow and it’s likely that they’ll do this by selling your personal data to third parties. 

Even honest ‘free’ VPN services may limit the amount you download or ‘throttle’ certain types of traffic like streaming video: since the only way they can do this is by monitoring your connection, your data’s at risk each time you use them.

Jonas P. DeMuro

Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.

With contributions from