Review

NordVPN Review – 2017


NordVPN
NordVPN is a very fully featured service. The fact that it is based in Panama and keeps no logs is also a big draw for those who care about privacy. Its software also looks good, and by-and-large works well. IPv6 leaks, a terrible experience with support, and highly variable speed performance, damage my assessment of the service, but there is still much to recommend it.

Visit NordVPN

Advertiser Disclosure

NordVPN is a no-logs VPN provider based in Panama. This alone makes it one of the best VPN choices available for privacy fanatics. As we shall see in this full NordVPN review, it is also a very fully-featured service. IPv6 leaks are a major issue, however, and support was a massive fail when I needed it. It also seems to be rather over-subscribed, which leads to performance issues. However, these problems are not crippling, and there is still much to recommend the service.

  • ProsPROS
  • No logs
  • Based in Panama (great for privacy)
  • Six simultaneous connections
  • Servers in 58 countries
  • P2P: yes
  • ConsCONS
  • IPv6 leaks
  • Terrible support
  • Highly variable performance

Visit NordVPN »

Pricing and Plans

NordVPN has just the one plan. It costs $11.95 per month if paid monthly, with discounts available for bulk time purchases. If purchased annually, for example, the price drops to a very reasonable $5.75 per month.

NordVPN Review pricing

A three-day free trial is available, which does not require you to provide any payment details. NordVPN also offers a 30-day money-back guarantee.

NordVPN accepts payment via credit/debit card, or PayPal. It also accepts bitcoin, which allows for potentially anonymous payment. However, as always, please remember that NordVPN will know your true IP address, regardless.

Additional payment methods are available through NordVPN’s payment partner, Paymentwall.

Features

NordVPN is based in Panama. All customers enjoy the following features:

  • Six simultaneous connections
  • Servers in 58 countries
  • Choice of IKEv2, OpenVPN, PPTP, L2TP, and IPSec VPN protocols
  • P2P: yes
  • Dedicated IP available on request
  • Smart DNS service
  • Double VPN
  • Tor over VPN
  • Web proxy and web proxy extension for Chrome (free)
  • Socks5 proxies
  • VPN access for China via obfsproxy
  • DNS servers (useful if manually configuring a secure VPN connection)

As always, I recommend using the OpenVPN protocol where possible (although IKEv2 is also good).

Although six devices can be connected to the service at once, if you connect devices to the same server, you must choose different protocols for the VPN connections. TCP and UDP are counted as different protocols. So you can connect one device to TCP and another to UDP.

That means that a total of four devices can be connected to a server at once – through L2TP, PPTP, OpenVPN TCP and OpenVPN UDP. If you have two more devices at home, you can connect them to another server with any two protocols.

Personally, I do not consider this to be a major limitation, and permitting six simultaneous devices is generous.

The Socks5 proxy is particularly useful to downloaders who only wish to proxy their torrent clients, or double-proxy with a VPN for extra protection!

Smart DNS (“Smart Play”)

Smart DNS is a technology that enables you to geo-spoof by resolving your DNS requests at a specified location. This makes it ideal for streaming geo-blocked content.

According to NordVPN, users can access over 150 streaming services using NordVPN SmartPlay. These include Hulu, Amazon Prime, ABC Go, Zattoo, Cartoon Network, Shudder, WeTV.com, Telemundo, VH1, Vevo, TNT Drama, Sundance.tv, StarTrek, Spike, PBS, Slacker, NBC Sports, FoodNetwork, DramaFever, Discovery, Crackle, and many more.

NordVPN’s implementation of Smart DNS is rather unusual. For a start, it uses an encrypted proxy connection. I am not sure what advantage this brings over an unencrypted connection, though, as Smart DNS is not really about security or privacy.

For a second, it requires no additional configuration. It runs inside all NordVPN’s apps, and when connected to a VPN server, detects whether the streaming service requires such a connection first. It then routes you accordingly, if such a bypass is needed.

In practice, this meant that I could watch US Netflix even when connected to a non-US server. However, this did not work for BBC iPlayer.

One downside of this setup is that you cannot configure NordVPN’s Smart DNS to run on devices that cannot run a VPN client, such as your smart TV, games console, and Roku.

Double VPN

This rather unusual feature offered by NordVPN allows you to “chain” VPN servers, so that your data is routed between two or more VPN servers as it travels between you and the internet.

Your PC/device -> VPN server 1 -> VPN server 2 -> Internet

NordVPN double-hop

As you can see, data is re-encrypted as it leaves each server

NordVPN double vpn

NordVPN now offers several double VPN combinations.

Such chaining can provide some security benefits, but will always result in a major loss of speed. As I argue in this article, I think the privacy/security benefits of “double-hop” VPN are rather limited. But I understand that this is not a view shared by everyone. For those who value the feature, NordVPN is one of only two providers I know of to offer it (the other being IVPN).

Tor over VPN

For a full discussion on the pros and cons of using Tor over VPN (or Onion over VPN as NordVPN terms it), please see here. In this configuration, you connect first to a NordVPN server, and then to the Tor network, before accessing the internet:

Your computer -> VPN -> Tor -> Internet

NordVPN achieves this using an OpenVPN configuration file, which transparently routes your data from the VPN tunnel to the Tor network. This means that your entire internet connection benefits from Tor over VPN.

This setup does offer some privacy and security advantages, but a similar effect can be achieved simply by using the Tor Browser while connected to the VPN. Crucially, such a setup is much more secure than the method offered by NordVPN.

Tor over VPN (however you do it) will seriously slow down your internet speeds, as you get the combined hit of using both the Tor network (which is very slow) and the VPN.

Visit NordVPN »

Privacy

NordVPN is based in Panama and promises to keep no logs at all:

NordVPN does not monitor, store or record logs for any VPN user. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses.”

Panama has a completely uncensored internet and zero government surveillance. It is also comfortably outside the direct influence of the NSA and GCHQ.

In fact, the simple fact that this no-logs VPN provider is based in Panama makes it one of the best choices available for privacy fanatics.

Security

NordVPN uses the DHE-RSA-AES256-SHA encryption suite for its OpenVPN connections. This almost certainly means ordinary RSA-2048 key encryption and HMAC SHA1 authentication, which is just fine. Use of a Diffie-Hellman key exchange provides perfect forward secrecy.

OpenVPN Encryption
Cipher
AES-256
Data Auth
HMAC SHA1
Handshake
RSA-2028
Forward Secrecy
DHE
Logs & Legal
Connection
None
Traffic
None
Country
Panama

It is worth noting that NordVPN’s iOS app also uses an impressive level of encryption – IKE ciphers (phase1) to negotiate keys are AES-256-GCM for encryption, with SHA2-384 to ensure integrity, combined with perfect forward secrecy and 3072-bit Diffie-Hellmann keys.

Unusually, NordVPN’s Mac OS X client uses IKv2 with Cisco’s NGE (Next Generation Encryption) protocol, instead of OpenVPN.

For more information on VPN encryption terms, please see here.

Like most VPN providers, NordVPN uses shared .opvpn certificates (not unique ones). So connections are only secured with a username/password. This is less than ideal, but should be fine under most circumstances.

The NordVPN desktop client has a per-app kill switch and prevents IPv4 DNS leaks. It does not prevent IPv6 leaks, however (see below).

The Website

The NordVPN website has a fairly attractive blue and white theme, and is generally well presented. An FAQ outlines what most of NordVPN’s services actually do, but tends to shy away from too much technical detail.

NordVPN servers

NordVPN server list.

A nice feature of the website is a page displaying the status of NordVPN’s servers. This clearly shows which specialized servers are available, plus server load, and the VPN protocols supported by each server.

Support

24/7 customer support is provided via a ticket system (web form), Facebook, Twitter, or email. A live chat option is also available. When I contacted support via live chat, I usually received an instant or very quick response.

Unfortunately, the support I received when I had a serious issue can at best be described as unacceptable. The Windows client did not initially work for me. This was almost certainly a result of my reviewing many VPN programs as part of my job. So it was my system at fault, rather than a problem with NordVPN’s software.

But when I asked the support team for assistance, I was curtly told that it is a known problem and that I should manually configure P2TP instead! When I pressed, I was told that the problem does not affect all users, and that there were no plans to fix it!

It was only when BestVPN.com officially kicked up a fuss about this with NordVPN’s management, that any serious attempt was made to assist me. As I say, the problem turned out to be my VPN-overloaded system. There is nothing wrong with the NordVPN Windows client, but I am seriously unimpressed by NordVPN’s support.

A small knowledge-base, plus various setup tutorials, are also available. In addition, a regularly updated blog discusses both internet security issues in general, and NordVPN-specific topics.

The Process

Signing Up

Signing up for the service is a straightforward affair. A valid email address is required, but there is no reason this cannot be a disposable one. Unless paying in bitcoins, of course, NordVPN will know your payment details anyway.

Once signed up, you can download NordVPN’s software immediately, and will receive a confirmation email containing some useful links.

The NordVPN Windows Client

NordVPN Windows 2

The map is pretty. VPN newbies might find the Connection Wizard (bottom left) handy.

NordVPN Windows 3

As we have already seen, there are lots of servers to choose from. These include many specialized servers.

NordVPN Windows 4

There is a per-app kill switch. You can choose which apps will be shut down in the event of a VPN disconnection. This is very handy, but note that it is not a firewall-based kill switch. So if the NordVPN client itself crashes, the specified apps will not shut down and can continue to access the internet.

NordVPN Windows 5

DNS leak protection is enabled by default.

The NordVPN Windows client, then, is very fully-featured, looks good, and is easy to use.

Performance (Speed, DNS, WebRTC and IPv6 Tests)

All tests were performed using my Virgin UK 50 Mbps/3 Mbps fiber connection, using OpenVPN UDP.

NordVPN down 1

NordVPN up 1

The graphs show the highest, lowest and average speeds for each server and location. See our full speed test explanation for more detail.

Now… these results are very good. This comes as something of a surprise, as a problem that has always plagued NordVPN is poor speed performance. These tests were run mid-morning UK time, so I re-ran them early afternoon…

NordVPN down 2

NordVPN up 2

As you can see, the (download) results were considerably less impressive later in the day. My guess is that this relates to the time that the US wakes up. It strongly suggests to me that NordVPN is heavily oversubscribed.

NordVPN leaks

So no IPv4 or WebRTC leaks, but NordVPN does leak your real IPv6 address. Please note that those Private RFC IPs are local IPs only. They cannot be used to identify an individual, and so do not constitute an IP leak.

NordVPN itself admits that it does not prevent IPv6 leaks. It does provide instructions for manually disabling IPv6 in Windows and OS X, but these are hidden away in the support section of the website.

If NordVPN is unable to prevent IPv6 leaks (something many other providers manage quite happily), then I feel it should at least prominently flag the issue up in order to warn its users of the danger!

As noted earlier, US Netflix will work when connected to any server. I was pleased to note that BBC iPlayer also worked when connected to a UK server.

Other Platforms

NordVPN provides custom apps for Windows, Mac OS X, iOS and Android. It also provides manual setup guides for these platforms, plus Linux (Ubuntu and Raspberry Pi), Blackberry 10, Chromium, and various routers and NAS. These guides look a little on the bare-bones side, but should work well enough.

It is also possible to purchase a pre-configured NordVPN router from Flashrouters.

The Android App

2017-02-10 14.30.48

The app looks remarkably similar to the Windows client, which is a good thing.

2017-02-10 14.31.55

I detected no IPv4 or WebRTC leaks while using the Android app, but please bear in mind that IPv6 leaks are not blocked by NordVPN’s software.

Other/Free Services

NordVPN offers a number of privacy features that are free to everybody (not just subscribers). These includes a web proxy, a YouTube proxy, and a free proxy list. I would hardly trust my life to such tools, but it is nice of NordVPN to provide them.

Conclusion

 I liked:

  • No logs
  • Based in Panama (great for privacy)
  • Six simultaneous connections
  • Servers in 58 countries
  • P2P: yes
  • Three-day free trial
  • 30-day money-back guarantee
  • Accepts bitcoins
  • Good encryption
  • VPN access for China via obfsproxy
  • Smart DNS service (when it works)
  • Works with US Netflix and BBC iPlayer
  • Socks5 proxies
  • Dedicated IP available on request
  • Double VPN (I’m a bit dubious, but others like it)
  • Per app kill switch (not firewall-based)

I wasn’t so sure about:

  • Tor over VPN (using the Tor Browser over VPN is safer)
  • Highly variable performance suggest the service is over-subscribed

I hated:

  • IPv6 leaks
  • Terrible support

NordVPN is undoubtedly a very fully-featured service. The fact that it is based in Panama and keeps no logs is also a big draw for those who care about privacy. Its software looks good, and by and large works well. Unfortunately, though, it does not prevent IPv6 leaks, and I do not think NordVN does enough to warn users about this issue.

I was also surprised by the very unhelpful attitude shown by NordVPN’s support team when I encountered technical issues. Bad NordVPN!

However, IPv6 leaks can be fixed, and most users will not encounter the technical issues I did. And anyway, the three-day free trial, plus a 30-day money-back guarantee, give you plenty of opportunity to ensure that everything works for you as it should. Speed performance, however, remains a problem.

What you get with NordVPN is a very fully featured, privacy-friendly VPN service. It is let down by a couple of serious flaws, but on balance I would say that the good outweighs the bad.

Visit NordVPN »