Your own private VPN server

Afraid so — we need these to comply with our UK/EU tax obligations.

We’ll resist the spooks as far as we reasonably and legally can, but at the end of the day we have to comply with UK law.

Let’s back up a bit. There are really good and really bad reasons why you might be trying to keep the police or security sevices off your tail. Maybe you’re a journalist or whistleblower under an oppressive regime (we salute you). Maybe you’re making money from other people’s intellectual property … or worse (please stop). Either way, this is likely not the service for you.

This service can, we think, give you some protection from indiscriminate bulk data collection, and from opportunistic hackers on the same Internet connection. We think that’s valuable. On the other hand it can’t do much in the face of demands from the police or security services, backed up by force of law. Nor can it defend you very far against even a moderately-resourced adversary who’s specifically interested in you. (In these cases: think about Tor, do a lot of research, and have a very good Plan B).

Also, don’t forget that there are countries where merely using a VPN service — which is not difficult for people to detect — can get you in serious trouble.

See also the next answer.

Good spot. But, in fact, there are exceptions for ‘small’ businesses (< 400K subscribers) in the Internet Connection Records provisions of the Investigatory Powers Act. And in any case the Government would first of all have to ask us to collect these logs.

It is possible that we could be asked, and in that case we wouldn’t be allowed to tell anyone that we had been asked. But we promise that we will never indiscriminately log all users’ traffic. That would destroy our whole reason for being. If it comes down to a choice between doing so or shutting the service down, we will shut the service down.

On a related note, we reserve the right to shut down any and all accounts at any time, without giving a reason. It might be that we’ve been asked to compromise on our core purpose, or it might be something else. Whatever the reason, if that happens, we’ll give you a pro-rata refund.

No reason — please do! If you’re confident setting up DNS records and doing some basic system admin then you can run the same VPN software we use, on your own VPS. We suggest Algo, or our own strongSwan configuration script (since 2015). Please make sure you keep it all updated and secured, though.

We’re currently running the system-provided strongSwan on Ubuntu Server 17.04 — our strongSwan configuration script is a good guide for more details.

Hosting providers are subject to change, but we are currently on VPS hosts from OVH — they have reasonably reliable networking and unlimited traffic at an affordable rate.

Netflix specifically has a very aggressive VPN policy, and you will probably have to disconnect from our service in order to watch it. Other services may or may not work, but this does not form part of our offer.

On iOS and Mac, yes, this is fall-off-a-log easy via Connect on demand, and probably what you want. We’ll show you how to do it. The downside is that your phone or laptop will need charging a bit more often.

On Windows and Android … not so much.

Sure you can. There's an overall limit of 255 devices.

Not for now, no.

Sticking with IPv4 gives our VPN connections a better chance of making it through restrictive firewalls (since you asked: it allows us to force UDP encapsulation for ESP packets even where there is no NAT in operation).

Some other commercial VPN services offer a long menu of different VPN technologies. Most of these are slow and/or insecure. We aim for simplicity and security, and that means we only offer one: IKEv2.

IKEv2 has some key advantages over other VPN options:

• It's secure.
• It's now widely supported — there are built-in clients on Mac, iOS and Windows, so there's no third party software to trust, install, or slow your machine down. And, in strongSwan, there's a good open-source client for Android.
• It's stable, with mobility features for smartphones switching between mobile networks and WiFi (MOBIKE).
• It's fast.
• On Mac and iOS, Connection on demand is supported, meaning you can use it for all traffic at all times.

The other serious contender would be OpenVPN. OpenVPN has the advantage of making it through very restrictive firewalls, if configured to use TCP on port 443 (mimicking https). On the other hand, this TCP-over-TCP setup doesn't work very well, and OpenVPN lacks several of the other advantages of IKEv2 listed above.

No, but you can install the open-source strongSwan client direct from the Play Store.

This is the same software that runs on your VPN server with us, so it doesn’t mean extending your trust to any additional third parties.

At present, no.

Generally, no.

Mac, iOS and Windows all let you enter IKEv2 VPN details through their Settings or System Preferences apps. But in all cases a VPN you set up in this way is limited to broken encryption algorithms. To configure tolerably strong algorithms — and the option of on-demand connections on Apple devices — you need to use our .mobileprovision XML file (Mac, iOS) or PowerShell script (Windows). These are both simple text files.

Since we configure our servers to accept only tolerably secure algorithms, a GUI-initiated connection simply won’t work.

We’ll give you full instructions, but sorry, we can’t provide one-to-one technical support for connection problems.

We suggest you make us of our test connection server before signing up, from all devices you want to use, so you can see that you’re going to be able to make this work. As a last resort, you can close your account for a full pro-rata refund.