IVPN Review

IVPN is a Gibraltar-based VPN service with a strong focus on privacy, backed up by a robust ethical stance and a suite of features that VPN users are likely to actually find useful.

Our score
4.7 / 5
Pricing
$6.00/mo - $10.00/mo
Countries
32
Simultaneous connections
7
Jurisdiction
Gibraltar
Available on:
Works with:
Visit IVPN

0 User Reviews

Leave a Review - Step 1

Your comment has been sent to the queue. It will appear shortly.

Leave a Review - Step 2

Please tell us in more detail about this product

Speed
Customer Service
Unblocking
Country Choices
Ease of Use

Leave a Review - Step 3

Thanks for your review!

Features

  • No logs
  • 78 servers in 45 locations in 32 counties
  • 2 or 7 simultaneous connections (depending on Plan)
  • Ad and tracker blocking
  • Multihop VPN (Pro only)
  • Port forwarding (Pro only)
  • WireGuard in all apps
  • P2P permitted on all servers
  • Wi-Fi HotSpot Protection
  • Obfsproxy anti-censorship tech
  • All apps are open source
  • Android app available on F-Droid
  • Full systems audit
  • Strong ethical stance
  • Independent VPN service

Ad and tracker blocking

Dubbed “AntiTracker” by IVPN, this feature is increasingly common in modern VPN apps. It's basically just a DNS blocklist of domains known to belong to advertisers, trackers, and malware merchants. We can’t really comment on how effective it is, but the principle is sound.

We like the fact that IVPN’s AntiTracker includes a “Hardcore Mode” that blocks Google and Facebook, although we suspect it may break some sites. 

Multihop VPN

Multihop VPN allows you to proxy your connection through not just one, but two VPN servers. 

As we argue here, we are not entirely convinced about the benefits of multihop VPN (at least if a single VPN provider runs both servers), but it can be useful for preventing end-to-end timing attacks. 

IVPNs implementation of multihop is as good as it gets, allowing you to pick both the entry and exit points from any location on IVPN’s server list. You should be aware, though, that using multihop VPN will slow down your internet connection quite considerably. 

Port forwarding

VPN port forwarding is a very useful feature that allows incoming connections through a NAT firewall. It can improve P2P transfer rates and allows you to access games or media servers located behind the VPN. 

Port forwarding is enabled on your account page. Please check out our Ultimate Guide to VPN Port Forwarding for a detailed look at this subject.

WireGuard on all apps

WireGuard is a new open source VPN protocol that is generating a great deal of excitement in the VPN world because it is very lightweight (and therefore fast), while (in theory) also being cryptographically highly secure.

Which is great (and we love the fact that IVPN has included the option to try it out in all of its apps), but the “in theory” bit is important. WireGuard shows great promise, but it is still experimental and should be treated as such.

WireGuard exited beta with version 1.0 for Linux at the time of writing, but on all other platforms is still a beta project. For real privacy you should stick with the tried and tested OpenVPN protocol. At least for now.

Obfsproxy

Obfsproxy is a bridging technology developed for the Tor network and designed to evade censorship blocks on known Tor nodes. It also works for VPNs and is an effective way of evading VPN censorship. 

Although not as effective as obfsproxy, we’ll also note here that IVPN supports routing OpenVPN connections over TCP port 443 (among others) in order to emulate regular HTTPS traffic. Although easily defeated by even fairly basic deep packet inspection techniques, this tactic can be surprisingly effective.

Audited open source apps

Here at ProPrivacy we are big fans of open source, to the point that when it comes to privacy and security software we usually strongly recommend only using open source options. 

When it comes to VPN apps, though, we are a little more relaxed - simply because a VPN service knows what you get up to online anyway, so worrying about whether the app is open source or not seems to us rather akin to shutting the stable door after the horse has bolted.

That said, the community aspect of open source is always to be applauded, and being open source allows anyone qualified to audit the code for weaknesses. We therefore love the fact that IVPN has open sourced all its apps. We are also extremely pleased to note that IVPN is the first provider we know of to make its app available on F-Droid, which is great news for those who want as little of Google as possible in their lives. 

Full systems audit

In late 2019 IVPN was audited by independent security firm Cure53 for vulnerabilities. The scope of the audit included its “public VPN service infrastructure, our internal backend servers supporting our VPN service and penetration testing of our public web servers.” 

Some issues were found, and IVPN is to be commended for being open about them. Indeed, unlike some other VPN providers, it has taken the brave step of publically publishing results of the audit (with a few sensitive details redacted).

This is great, although the scope of the audit does not appear to cover its logging systems, which is something we would like to see.  We presume that since the audit was performed, IVPN has been busy fixing the issues it found. 

Any audit can only provide a snapshot of what is going on behind the scenes, but IVPN says that it will perform routine audits in the future. 

Strong ethical stance

IVPN makes no attempt to hide who it is, uses no third-party trackers on its websites, and refuses to work with affiliates. Even though this website makes money from affiliate marketing (which does not affect our impartially), we admire this stance.

Wi-Fi HotSpot Protection

This is another feature we are seeing more and more in VPN apps. It automatically secures your connection with a VPN when you connect to unknown networks (such as public WiFi hotspots). 

We haven’t tested this feature, but see no reason to think it doesn’t work as advertised. 

Pricing

IVPN offers two pricing plans, each with a 17% (approx.) discount for annual purchases. 

The Standard plan allows you to connect up to two devices at once and does not include IVPN’s port forwarding and multihop features. The Pro plan allows you to connect up to seven devices at once and provides full access to all IVPN's features.

There is a 3-day free trial. You must provide payment details, but will not be charged if you cancel before the 3 days is up. In addition to this, IVPN offers a 7-day money-back guarantee. 

Payment can be made by card or PayPal, but IVPN also accepts Bitcoin and even cash for those who wish to pay anonymously. This is great, but as always, do please remember that a VPN provider can see your real IP address no matter how anonymously you pay.

Payment in cash is for annual subscriptions only and may take up to three weeks to process (although usually much faster, depending on your postal system). Card payments are processed by Braintree, and Bitcoin payments are processed by BTCPay.

Visit IVPN

Speed performance

At the time of writing IVPN has a raw average speed of 39.7 Mbit/s and a max burst speed of 770 Mbit/s resulting in a weighted average of 38.21 Bit/s. 

Does IVPN Unblock Netflix?

We received an error message when connecting to US Netflix on IVPN's New Jersey server, but all other servers we tested successfully unblocked the US version of Netflix. Neither UK server unblocked BBC iPlayer, however. 

Privacy & Security

Jurisdiction

IVPN is based in Gibraltar, a British Overseas Territory (BOT) with no mandatory data retention laws. Gibraltar enjoys a great deal of independence from the UK, but at the end of the day, it is a sovereign possession of the British Crown. 

We therefore suspect that whatever the grey-area niceties might be, the UK government can put considerable pressure to bear on Gibraltar should it feel the need to. Gibraltar is currently subject to GDPR, although presumably this will end when the UK leaves the EU in the near future. 

Logging policy

“We don't log anything in terms of user's activity while connected or connecting to the VPN

  • No traffic logging
  • No DNS request logging
  • No connection timestamp or connection duration
  • No logging of user bandwidth
  • No IP address logging
  • No logging of any account activity except total simultaneous connections”

Which means that IVPN definitely counts as a no logs VPN. IVPN's plain English privacy policy does a very good job at explaining what minimal information it does keep, and how it uses this to manage your account. 

As already noted, IVPN uses no third party tracking on its website. User interaction with the website is instead tracked in-house using the Piwik web analytics software. 

Technical Security

OpenVPN encryption

The care a VPN provider takes over its OpenVPN settings can tell us a lot about how seriously it takes security and provides a handy like-for-like way to measure security across providers. IVPN uses the following OpenVPN settings:

Data channel: an AES-256-GCM cipher. Data authentication is handled by GCM.

Control channel: an AES-256 with RSA-4096 TLSv1.2 handshake encryption and HMAC SHA1 hash authentication. Perfect forward secrecy is provided by a DHE-(key size unknown) Diffie-Hellman exchange.

The default TLS 1.2  HMAC SHA1 authentication on the control channel could be stronger, but this is a cryptographically secure setup. For more information on this subject, please check out our Ultimate Guide to VPN Encryption.

IP leaks

We detected no IPv6, WebRTC (IPv4 or IPv6), or DNS (IPv4 or IPv6) leaks in macOS and Android. During the current Coronavirus emergency we are unable to test for IPv6 WebRTC leaks in Windows, but detected no IPv6, WebRTC (IPv4 only), or DNS (IPv4 or IPv6) leaks on that platform.

We cannot test for IP leaks in iOS over an IPv6 connection at the present time, but detected no leaks of any kind on an IPv4 connection. 

To learn more about this subject, please see our Complete Guide to IP Leak Protection.

Other Stuff

IVPN uses 100% bare metal servers, and as previously noted, its systems have recently undergone a detailed third-party audit. 

Visit IVPN

Customer support

The website has a Help section with detailed setup guides, as well as some excellent general privacy guides. If you still have questions, then you can email them in or contact IPVN’s Live Chat support. 

Live Chat is not manned 24/7, but email responses typically take around half an hour to arrive (in our experience). We are pleased to say the support answered our questions accurately and knowledgeably.

Ease of use

IVPN offers custom apps for Windows, macOS, iOS, and Android (plus a beta CLI client for Linux). It also provides good OpenVPN, WireGuard, and IKEv2 manual setup guides for most platforms - including Linux and a selection of popular routers and NAS drives. 

The desktop clients

The Windows and macOS apps look all but identical and offer an identical feature-set. But use  OpenVPN by default, but also offer the chance for danger-loving nerds to experiment with WireGuard.

One feature we haven’t seen before is the ability to pause your VPN connection for a specified period. We’re not quite sure how useful this might be, but it's a nice idea.

Both apps feature a firewall kill switch that can either be set to on-demand or always-on. The on-demand firewall will not survive if the VPN client crashes, but the Always-on firewall changes system-level firewall rules, and so will always be active.

The mobile Apps

The Android and iOS apps look similar. The Android app (below) uses OpenVPN by default, but also supports the experimental WireGuard protocol. As with the desktop app, you can opt to use a number of OpenVPN UDP and TCP ports. 

WiFi (“Network”) protection., multihop VPN, and a kill switch come as standard. A nice bonus feature is split-tunneling, that allows you to decide which apps will use the VPN tunnel. 

The iOS app (iPadOS version shown above) uses iOS’s built-in IKEv2 client by default, but also supports OpenVPN and WireGuard. 

Multihop VPN, network protection, and antitracker are also all present and correct. The kill switch is not a user-selectable option in iOS, but it is there in always "on-demand" mode by default.

The Linux client (beta)

This command-line app is still at the testing phase, although all being well, a full GUI version is promised in the following months. 

You can connect to OpenVPN or WireGuard servers, and DNS leak protection and a kill switch (“firewall management”) are built-in. The app is available as a DEB or RPM package or can be compiled from source via its GitHub page. 

Final thoughts

We’re impressed. IVPN offers a service with a strong focus on privacy - both in terms of its clearly worded logging policy, its and in the robust privacy-improving features offered by its open source apps. 

How useful multihop VPN is open to debate, and WireGuard is too experimental to really recommend using in serious situations. But we love the fact that IVPN is willing to implement cutting-edge technologies. 

Speed performance could be better, and IVPN is no use if you want to watch BBC iPlayer, but there are really just quibbles over what is overall an excellent VPN service.

 It offers rock-solid technical security, support is great, and bells and whistles such as port forwarding, obfsproxy obfuscation, and a highly flexible kill switch are bang on the mark. And it unblocks US Netflix. 

Visit IVPN

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

17 Comments

VPN user
on July 12, 2017
Reply
Final note and update: Decided to ditch and cancel IVPN after attempting to use their new "chat" feature which apparently does not work even after being greeted and allowed to type info into the chat window as there was obviously no live person on the other end to respond. They have taken far too long to come up with a reasonable solution for the crashing client and/or diagnostics logs (that cannot be sent) issues so I am done with them. Have to now move on to greener pastures!
Jakuro replied to VPN user
on August 13, 2019
Reply
You write: "I detected no IPv4, DNS, or WebRTC leaks. [...] fortunately, my ISP (Virgin Media UK) does not support IPv6 connections, so I am unable to test for IPv6 leaks at this time. " On the other hand, under "Dislikes": "WebRTC IPv6 leaks in Windows macOS" This seems to be a contradiction, or do I get it wrong? If not, could you elaborate on the kind of leaks?
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Jakuro
on August 14, 2019
Reply
Hi Jakuru. Well spotted! When I wrote this review back in February 2017 I had no way to test for IPv6 leaks. Our office now has an IPv6 connection, allowing us to test for IPv6 leaks. For our 2019 Awards evaluations, we re-tested most of the VPN services that have reviews for, during which we detected WebRTC IPv6 leaks in both Windows macOS. Given IVPN’s otherwise superb technical security, we found this to be very disappointing. Thanks to those pesky gremlins we updated the pros and cons section of this review to reflect our findings but missed updating the text. My apologies, and fixed now.
VPN user
on July 6, 2017
Reply
Update: IVPN has just updated their website (i.e., new appearance and other links added) and take a look at their "About us" link at bottom of page under "COMPANY" as there are now details on the CEO and seven other employees. Please note the current software version is still 2.6.2 and nothing yet has been done to address the crashing client problem and diagnostics logs that cannot be sent.
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to VPN user
on July 6, 2017
Reply
Hi VPN user, Thanks for the update.
John replied to VPN user
on July 7, 2017
Reply
I only just checked their site. I'm liking the refresh! Personally, I have stopped using IVPN recently, not for any reasons that should cause anyone to stop using their service. I'm just trying out ProtonVPN. Since using ProtonMail (Which I LOVE), and the recent launch of ProtonVPN I decided to give their VPN service a try. If all goes well I will be staying with ProtonVPN. Although, for some reason, I want to keep using IVPN. Would love to see a ProtonVPN review from you legends (Douglas Crawford) here at ProPrivacy. Grace and Peace, John.
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to John
on July 10, 2017
Reply
Hi John, Yup. Look out for a ProtonMail review in the nearish future. I am going away on holiday soon, however, so there may be a bit of a delay.
VPN user
on June 20, 2017
Reply
I still continue to use IVPN as my only VPN since it is the only one I trust in regards to its transparent privacy policy. Already have tried all of the top rated VPN's and must say that IVPN works the best for me on a Mac so far minus the freezing / crashing client issue and not being able to send "diagnostics logs" from the client. It has a very simple but excellent interface and the firewall is an absolute must. Also, most importantly, there are no DNS leaks even when having manually selected your own DNS servers. Have not found a better VPN anywhere and hope they can soon correct the current problems.
VPN user
on June 18, 2017
Reply
Douglas, There is yet another problem with IVPN and that is when you attempt to "Send Diagnostics Logs" from the client it generates a popup error message and the logs cannot be sent. Does not matter if the client is connected or disconnected as the error message is the same. Have reported this problem along with the crashing client issue. So, it stands to reason ... what good are diagnostic logs if they cannot be sent?
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to VPN user
on June 19, 2017
Reply
Hi VPN user, Hmm. It does seem the software is a little buggy. It nevertheless performs very well, and I detected no IP leaks.
Show More Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy