VPN usage has increased dramatically in the last five years. While Western users are less likely to go online via a VPN client, those in Asian and BRICS countries are the main subscribers. This allows for online privacy, encryption and even bypasses region lock – useful for watching TV abroad or Netflix. But what do you get for your €10 a month? To find out what goes on behind the scenes of a VPN server, we spoke to NordVPN. In what is considered an industry first, TechRadar Pro and NordVPN have teamed up for a guided tour of a VPN server. NordVPN technicians set up an SSH session to demonstrate the key aspects of a random selection of VPN servers. Mark Halstead is the CTO of NordVPN and he walked us through the company's logging policy and how it's implemented. His colleague Tom Okman also joined us for further explanations.
Anatomy of a VPN server
We start by looking at a VPN server. Using a VPN is simple as a subscriber. It connects to the server through the VPN client, which encrypts and routes all activities from your PC to the chosen VPN server by default. From this point on, the VPN server authenticates access and provides a gateway to the Internet beyond. The server is protected by NAT/firewall, while recursive DNS helps ensure a successful connection to the website or service provided (perhaps streaming a YouTube channel). A live session database could also be running, in addition to statistical monitoring. A VPN is supposed to improve your privacy and ensure anonymity online. One of the main advantages of using a paid VPN subscription is that the company that provides access to their VPN servers keeps as little information as possible about you and your activity. Operating systems create logs by default, which means that any conscientious VPN provider would take steps to disable it. So how thorough was NordVPN? The session revealed that NordVPN Linux servers are configured with various tools that enhance security, privacy, and authentication. FreeRADIUS is used for authentication, while Squid proxy software is also used. SaltStack is used for the proper configuration of the server, controlling the infrastructure. A running VPN server (in this case a box based in Ireland with 149 days of availability) is configured with OpenVPN and IPsec for data encryption. Four threads in TCP and four in UDP are routed through OpenVPN, the two transport protocols have the same state.How to avoid DNS leaks
An important aspect of VPN privacy is DNS leak protection. This happens when requests to a DNS server (essentially an index of IP addresses and corresponding website URLs) are visible to anyone monitoring the connection, despite using a VPN. Observing your online activity in this regard can reveal information that could be problematic at best. DNS leaks can be checked on IPleak.com, but what do VPN services do to prevent DNS leaks? NordVPN's servers, as expected, use their own DNS. But operating systems present challenges. For example, on Android, the operating system must disable IPv6 to prevent the possibility of a DNS leak. However, this seems to be a short-term solution, as NordVPN plans to provision IPv6 VPN servers. Another risk for VPN users that has happened in recent months is the arrival of VPN servers that claim to be in country X but are actually located in country Y. This is not something NordVPN does well. "We have a very strict policy on this...we think we should only have our servers in places where we say so."Make sure there is no logging policy
VPN users expect their activity to be private. Since the data is encrypted between the client device and the VPN server, it is reasonable to assume that the logs will not be saved beyond that. But what if a government demands it? The law would require VPNs based in certain countries (such as the United States, Canada, the United Kingdom, Australia and New Zealand, the Five Eyes) to provide logs of subscriber activity on one or more servers. NordVPN's approach to no logging is to simply disable logging on their servers. By founding the company in Panama, you are under the jurisdiction of an authority that does not have mandatory data retention laws. Additionally, Panama does not participate in the Five Eyes or Fourteen Eyes alliances. NordVPN operates a "proxy" page on its site so subscribers can check if the VPN service has received warrants, gags, or "national security letters." We have already seen that a VPN server is complicated; With 5629 servers in 58 countries, how does NordVPN make sure its servers don't log subscriber activity? The registers are simply configured to write to a virtual device that doesn't exist. All data generated on connections, destinations, and activities is simply thrown into the ether using the dev/null path. To prove it, Mark showed us servers in Italy, Hong Kong, and Ireland. Hong Kong and Ireland were TechRadar Pro's picks, while Italy was NordVPN's. In all three cases, a grep command returned the status of selected servers (or in the case of Italy, all servers). Each check showed that the records were rejected to the non-existent virtual path of dev/null. The result is no log VPN servers – exactly what a security and privacy conscious VPN user is looking for. NordVPN is so confident in its no-journaling policy that it has hired auditing giant PricewaterhouseCoopers to assess its VPN servers. Successful audits are a reputation-enhancing badge of honor.Security and DDoS
Connecting to a VPN server should be simple. However, with the potential for so many activities being exposed, VPNs are regularly hit by DDoS attacks. Distributed denial-of-service attacks compromise a server's ability to process data efficiently, causing the server's owner to take the server offline. "If a provider we rent a server from isn't ready... there were issues for clients connecting to the server. It was over 500 GB per second," Mark told us. "We never work in a country with only one supplier," says Tom. "We have a mechanism that monitors the state of the system and automatically kills the quick connect service and APIs." This means that the destination server is intentionally made inaccessible to PC and mobile clients. "We work with cloud providers like Cloudflare and Amazon in some cases, so it's more mitigated." While NordVPN has a strategy for dealing with DDoS attacks when they are targeted, they also build faster servers. Relying solely on RAM, its diskless servers and new TCP technology are likely to have an impact on speeding up the entire VPN industry.Speed up VPNs
In a busy market, VPN companies need to stand out from the competition. One way to do this is to offer better performance to VPN clients. NordVPN is developing several technologies to improve speed and security and has taken the time to share the details of two of them. Diskless servers are pretty much what you'd expect, servers with no moving parts. Designed to boot remotely and rely on RAM instead of a physically spinning hard drive, diskless servers came with a triple benefit: reducing reliance on leased servers, improving security, and improving performance. In a theoretical DDoS attack, a VPN running on a diskless server can be instantly taken offline, greatly mitigating the impact of the attack. "With these servers in RAM, I don't think there's much point in hacking the system," says Tom. "Once it's rebooted, once the credentials have been changed, it automatically reinstalls, from scratch." Imagine going online through a VPN and discovering that your internet connection speed has increased. It rings true, but NordVPN's patent-pending TCP splitting technology bypasses ISP throttling (also known as traffic shaping or data prioritization, though the terms aren't exactly interchangeable). NordVPN's tests revealed that connections to sites based outside of Europe using the TCP split are faster than those established without the technology in place. Such performances can enhance streaming and online gaming, not to mention online collaboration on creative projects. This could be the next big thing in VPN marketing: "Get faster internet with a VPN!"Improving the VPN industry
A few bad business decisions can ruin an online reputation. Security software applications have been found, for example, in the sale of customer data. VPN companies have fallen by the wayside, but there is maturity in the industry. As part of the Internet Infrastructure Coalition (i2Coalition), the VPN Trust Initiative (VTI) is a consortium of VPN companies dedicated to improving digital security for customers. NordVPN has joined several well-known and influential VPN companies that have signed up with VTI as founding members. Launching a bug bounty program in December 2019, NordVPN is about as open and honest as a crypto service can be. If the rest of the industry follows suit, everyone will benefit.- We've also highlighted the best VPN services.