Alternative Choices for You
ProPrivacy.com Score 9.6 out of 10
|Visit Site Read review|
ProPrivacy.com Score 9.4 out of 10
|Visit Site Read review|
ProPrivacy.com Score 8.6 out of 10
|Visit Site Read review|
- Refund possible
- Gets into Netflix USA
- OpenVPN, L2TP, SSH Tunnel, and PPTP
- Allowance of five simultaneous connections
- Two-and-a-half-hour free trial
- Servers in only five countries
- No kill switch
Tunnelr Pricing and Plans
Tunnelr has one package, but offers it in three subscription periods. The price for the service works out cheaper per month if you sign up for a longer period. However, you have to pay for the whole subscription period up front.
The company offers a free trial, which is unavoidable. You cannot pay for the service until you have signed up for the free trial, which only lasts for two and a half hours.
Payment is handled by a third-party company, called stripe.com. This means that Tunnelr doesn't have to keep any personal details of customers on its computers. The system accepts payment through credit cards and PayPal. The promotional details about the VPN declare that you can pay with Bitcoin. However, this option does not appear when you actually subscribe.
You get an allowance of five concurrent connections. However, account sharing is not allowed.
The features of the company's package are:
- Two-and-a-half-hour free trial
- Allowance of five simultaneous connections
- OpenVPN, L2TP, SSH Tunnel, and PPTP protocols
- No logs
- Accepts PayPal as well as credit cards
- No data throughput limits
- P2P allowed
- Works on Windows, Mac OS X, macOS, iOS, Android, and Linux
- Can install on routers and set-top boxes
The server locations of the service only include a presence in five countries. There are six server locations in the United States: Atlanta, Dallas, Newark, New York (which is actually in New Jersey), Seattle, and San Francisco. There are two locations in the UK.
The absence of some major nations in that list, such as Canada, France, and Japan, is surprising.
Tunnelr claims the title of being the world's "premier OpenSSH provider." However, the SSH protocol is not as secure as SSL. Also, the method for implementing the system through Tunnelr is complicated and doesn't provide an easy-to-use interface. So, it is better to use OpenVPN with this provider. OpenVPN uses OpenSSL for its security operations. SSL operates at a lower level than SSH, which means that it is harder to trick - there are fewer service levels on the computer that could be hijacked between the network card and the security application. The L2TP implementation of Tunnelr is actually more secure than its OpenVPN service.
At ProPrivacy.com, we prefer the OpenVPN system. However, OpenVPN is a library of procedures and it provides lots of different encryption options. The favored encryption cipher for OpenVPN is AES, which was commissioned by the US government and is the most widely used cipher in the VPN industry. Tunnelr uses AES encryption for its L2TP VPN connections and uses it with a 256-bit key. This offers a very good level of security and is the encryption system chosen by the best VPN services for their OpenVPN implementation.
Tunnelr doesn't use AES in its OpenVPN. Instead, it uses Blowfish. Some people are suspicious of AES because it was created for the US government. They worry that AES might have a secret backdoor that enables the secret services to get into all encrypted messages. Blowfish is a good alternative cipher for those who would rather avoid AES.
Blowfish is fine. However, it is not as fine as AES. The main security feature of any encryption cipher lies in the length of its encryption key. The longer the key the harder it is to crack through running a program that tries every possible key combination. Some argue that a 128-bit key is long enough and would take too long to crack on the fly. Nominally, Tunnelr uses a 128-bit key for Blowfish in its OpenVPN system. However, doubts are raised by the connection log files of the service. These issue warning messages that arise during the connection procedure. These warnings state that a key of less than 128 bits is insecure. They suggest that Tunnelr is using a key of 64 bits. This is very insecure and way below the level of security offered by just about every other VPN service in the world.
Want to know more about VPN Encryption, why not check out out VPN Encryption Guide.
Both Blowfish and AES use the same key to encrypt and decrypt messages. This means that both the sender and receiver have to have the same key. The coordination of encryption keys is a potential security weakness because the messages that deliver the keys cannot be encrypted by the cipher. For this reason, OpenVPN uses a system called Transport Layer Security to protect the distribution of data encryption keys. TLS also helps establish connections and authenticates the identity of each computer in the connection.
TLS operates with a public key encryption system, called RSA. With RSA, the key that decrypts data is different to the one that encrypts it. You cannot derive the decryption key just by knowing the encryption key. The encryption key can be made public because all any third party would ever be able to do with it is encrypt a message that only the holder of the private key could ever decrypt.
Once again, the strength of the RSA cipher lies in the length of its keys. RSA needs much longer keys than AES and Blowfish. Typically VPNs employ RSA keys of 1024, 2048, or 4096 bit. The 1048-bit RSA key does not provide sufficient protection. Most VPNs use a 2048- bit key for their RSA encryption. Tunnelr is in this category. The best VPNs in the world use 4098-bit RSA encryption.
Tunnelr doesn’t provide its own app. This means that it misses out on the opportunity to provide the extra security measures that the best VPNs include. The most important of these missing features are automatic WiFi protection and a kill switch.
Automatic WiFi protection will prevent your device from connecting to WiFi hotspots without your knowledge. Any VPN will protect you from snoopers and fake WiFi hotspots once you turn the VPN on. However, hackers set up open hotspots that don't require a password and your device may connect to these automatically without your knowledge. As a VPN needs a constant connection to be effective, passing through the signal footprint of several hotspots as you walk around town means that the VPN connection will be broken when you leave your home.
A kill switch would also operate as automatic WiFi protection because it blocks internet access on your device when the VPN is not active. This feature is also useful for scenarios where your internet connection drops briefly. Apps will continue to try to get responses to their messages, so if the break in the connection does not endure, they will eventually get their messages through. If the internet drops for long enough, you will lose your VPN connection, so those apps that resume their internet communications will be sending out messages with your real IP address on them, thus blowing your cover. So, a kill switch would be a very useful feature, and one that would make Tunnelr more secure.
Tunnelr seems to have very good privacy measures. However, the website isn't totally clear on exactly what information is stored. One thing that is well communicated is the fact that Tunnelr doesn't keep payment details. All payments are processed by another company and so all information that is on your bank account, such as your address, does not get through to Tunnelr. This shuts down one channel that prosecutors could use to track you to your door.
The website doesn't explicitly state that the service does not record your IP address and save that as an identifier in its logs. If the service keeps such logs, then a subpoena for their records would deliver a route for prosecutors to trace you. This is because your IP address really belongs to your ISP, and that company will give up the records of who was using which IP address at what time, along with the customer's name and address.
Want to know more about VPN Encryption, why not check out out Ultimate Privacy Guide.
There is no mention anywhere on the site on whether P2P downloading is allowed. However, the FAQ statement on privacy declares that the company does not practice any deep packet inspection. DPI would be needed in order for the company to work out whether customers were using the BitTorrent protocol. So, if the service has no method of detecting file sharing activities, it has no possibility of banning it.
Your data is vulnerable to seizure wherever it is stored. Tunnelr states that no connection logs or user information is stored on its VPN servers. However, the company does accrue information to its headquarters for the purpose of ensuring quality of service. A legal contract has to contain the names of the parties involved. The statements on a website can be construed as legally binding promises. However, there is no trace of an address or even a company name on the site, so there is no one to stand behind those promises. The Terms of Service states that the jurisdiction for the contract is that in which Tunnelr's owners reside. However, it does not state who those people are or where they are.
The copyright notification at the bottom of the Tunnelr site states that the site is owned by Cloudsy.com. The Cloudsy address hosts a single-page website that just says "We (often) build things." A check on the domain name registration for both sites shows that they are owned by Kayla Selans of Apopka, Florida. The sites are registered at a residential address. This implies that the service might be run out of a spare room, which means that the provider is unlikely to have its own legal department.
The USA is a bad location for a privacy service, particularly with respect to file sharing. The downloading of copyrighted material without permission is illegal in the United States and can be prosecuted as a criminal offence. A single trader operation is unlikely to stand up to pressure from law enforcement agencies or copyright lawyers, should pressure be applied. So, we had better just hope that the company doesn't record IP addresses in its records.
You don't have to be a subscriber to get to the FAQ page of the site.
The FAQ system has a lot of information in it, but it misses out some of the important facts, such as whether P2P downloading is allowed or the length of the encryption key for Blowfish.
The tutorials page is indexed by operating system. However, the fact that there is no category for Windows 10 shows that the site isn't updated very frequently.
The installation guides don't cover the whole set up process. For example, there is no information on how to get all of the OVPN files for the OpenVPN system in the right folder on your computer. I gave up on trying to install Viscosity because there were no instructions on how to get the configuration files into the system.
You don't have to be a subscriber to send a message to the customer support team. There is a link to the ticket screen in the footer of the site. Once you set up an account, you can access the contact form from the Dashboard.
Once you have sent in your request you will receive an email confirming its submission. You can check on the status of your ticket by clicking on a link in the email. However, access to the record is a little convoluted. You have to enter your email address and the ticket number and then request that an access link is sent to you.
You then get an email with a link to the ticket.
I never got a reply to the above question. In fact, I never got a reply to any of my support tickets, despite waiting for three weeks before completing this review.
Even if you have decided to sign up for a paid subscription, you have to take up the free trial. Click on one of the free trial buttons on the site to set up an account.
Once you complete this form you are taken to the account Dashboard. The username and password that you created in the Sign Up form is your login for the Dashboard and the VPN app. The first time you get to the Dashboard, you are notified when the free trial will expire - it last for two and a half hours.
When you are ready to buy, you need to go to the "Make a Payment" page, which you access through a link in the "Billing & Payments" menu.
Select a subscription period and press the Next button. You then enter your payment details. You can pay with a credit card or through PayPal.
Once your payment is processed you receive a confirmation email and the paid invoice becomes visible in the "View Paid Invoices" section of the Dashboard. If you agreed to a recurring payment agreement, this is visible in the "Manage Subscriptions" section of the Dashboard.
The Tunnelr Windows VPN client
You get a choice of apps, which are OpenVPN GUI and Viscosity. Viscosity is free for 30 days but then you have to buy it for $9. Although Viscosity has a better look and feel than the OpenVPN GUI program, it is not so easy to set up. OpenVPN GUI is not that easy to set up either.
You follow a link in the Dashboard to an FAQ page that explains the installation process. This has several links to download the OpenVPN GUI program. The best option is to click on the first of these links.
This link takes you to a page at the OpenVPN organization's website. Click on the .exe file in the table shown in the lower part of this page. This downloads an installer file.
Click on the downloaded file to get the program installed. Click through the install wizard to completion.
Return to the Dashboard and click on "Download Bundle." This starts a download. Click on the downloaded file to open the zip folder that contains the settings for the OpenVPN connection. Extract the four files that start with "tunnelr" into the C:\Program Files\OpenVPN\config folder.
The installer should create an OpenVPN shortcut on your Desktop.
Click on this to run the app. You won't see the app open in a window on your Desktop. Instead, the app runs in minimized mode. You will see in the system tray down by the time and date, an icon that looks like a computer screen with a padlock on it. If you don't see it, click on the up arrow in the system tray to reveal hidden icons.
Right click on the icon to get the app menu.
You won't see a list of server locations, because at this point you have only downloaded the configuration file for one server. This first config file connects you to the Tunnelr server in New York, which is the default.
Click on Connect to start up the VPN. A window appears where you need to enter the username and password that you specified when you created your account.
If you want to have the choice of connecting to a different server, the Tunnelr site's advice is to edit the OVPN file that you copied into the OpenVPN\config directory when extracting it from the downloaded zip file. The guide recommends that you look at the server status page to get the server name and IP address, replacing these details in the OVPN file. You get to the file by selecting "Edit Config" from the app's menu.
The two pieces of information that direct the server to connect to are highlighted above. In fact, you only need to change the server name, which is nyc.tunnelr.com in the image above.
You get the new server name from the Server Status page of the Client Area in the Tunnelr website.
This is not a very practical solution and can be a time consuming process that slows down the process of switching servers.
There are two better methods to create separate files so you can have all of the servers listed in the OpenVPN GUI menu.
The first of these is to go to zip file and extract the OVPN file to a new folder. Rename the original file to tunnelr-nyc.ovpn. Right click on the file and select "open with" from the context menu and nominate Notepad. Replace the server name and IP address in the file for those shown on the Server Status page for another server. Click on Menu and then "Save As," giving a new name that replaces "nyc" with an identifier for the new server location. Make sure you set the file type to "All Files." Repeat this process until you have an OVPN file for each server. You then need to move these 11 files to the OpenVPN\config folder in the Program Files directory.
Alternatively, get the Tunnelr website to rewrite all of those OVPN files for you. Go to the Dashboard and select a server location from the field above the download section.
Select a server and press the "Download Bundle" button. Click on the downloaded zip file and extract the OVPN file to a temporary folder. Rename this file so that it has the name of the server location. Repeat this process for all locations. You will end up with a lot of zip files in your Downloads folder. However, you can delete them once you have extracted the OVPN file from each. Copy all of the OVPN files to the OpenVPN\config directory.
This process is a serious detraction for the service. Other VPN companies that rely on OpenVPN GUI as an interface include separate OVPN files for each of their servers. These could easily be created by Tunnelr and included together in the configuration bundle that they make available on the Dashboard page of their site.
When you have multiple OVPN files, the OpenVPN menu looks different. It has menu entries for all of the server locations with the VPN controls available on submenus.
Tunnelr Speed (DNS, WebRTC and IPv6 Tests)
I conducted speed tests of the Tunnelr VPN using OpenVPN. I used IPLocation.net to detect the physical location of the servers accessed for the test. IPLocation reported that the New York VPN server was in North Bergen, to the north of Union City in New Jersey, across the Hudson from New York. The Atlanta server was confirmed to be in Atlanta. All North American tests were measured on a connection from the Dominican Republic to a test server in Miami. Test runs to Miami without a VPN active provided a baseline for VPN performance.
For a test of transatlantic performance, I connected to a test server in London. After running tests to find the average speed on a connection without a VPN, I tested the speeds on connection running through the London server of Tunnelr, which IPLocation reported as being in London.
In each case, five test runs were performed with testmy.net.
Graphs show highest, lowest and average speeds for each server and location.
Tunnelr performed very well. In the North American tests, speeds were reduced by just about ten per cent. On the transatlantic test to London, the VPN-protected connection was less than five per cent slower than the unprotected connection.
The test sites ipleak.net and our leak test tool are good tools for checking whether a VPN has altered a user's IP address. They also show the DNS servers that your computer is seen to be using. This is important because that information should also change when you turn on the VPN.
IPLeak reported that my IP address had changed when I connected to the London server of the VPN service. Unfortunately, it showed that my computer was still accessing the same DNS server. Connecting to the New York server from the UK successfully changed my IP address to one from that location. However, IPLeak still detected access to my regular DNS server in the UK and no calls to any DNS server in the United States. DoILeak confirmed all of these results and also noticed that the timezone of my computer was incompatible with the timezone of my reported location.
My internet service provider does not use IPv6 addresses, so I was unable to test for IPv6 leaks.
While connected to the London server of Tunnelr I checked whether geo-restricted video streaming services would let me watch content. BBC iPlayer wouldn't let me watch any videos. However, when I switched from the browser to Kodi, I was able to watch BBC iPlayer through the Live Hub add-on. ITV and Channel 4 both let me watch videos, but I had no luck with Netflix UK.
After I switched to the New York VPN server, I tried accessing videos at US sites. I was able to watch videos at Netflix USA, but not at ABC. NBC and CBS both let me watch entertainment at their sites.
A big advantage of having no native app is that Tunnelr can be installed on just about any operating system. PPTP is not supported in macOS or on iOS versions after release 10. However, you can set up a PPTP connection manually on Mac OS X, Windows, iOS before version 10, Android, Linux, set-top boxes, and flashed routers. L2TP can be set up manually on Windows, Mac OS X, macOS, iOS, Android, and Linux.
You can use OpenVPN through the OpenVPN GUI and Viscosity apps on Windows. You can also use Viscosity on Macs, or opt for Tunnelblick. Linux owners can install OpenVPN GUI. OpenVPN Connect works on iOS devices and you can also get a version of the OpenVPN app from Google Play for Android devices. You can use OpenSSH on Windows computers and Macs.
Tunnelr Review Conclusion
Although there is no "About Us" page on the Tunnelr website, Kayla Selans, the owner of the service, does have a page on about.me. There, she explains that she gave up her computer work in 2010 to concentrate on her career as a photographer and had even less time for IT following the birth of a child in 2012. As the VPN may well be run out of her house, there probably aren't many staff. This could explain why the blog, the Twitter feed, and the Facebook page are very rarely updated. This would also explain why the help pages of the website haven't been updated to account for Windows 10 and why support tickets are never answered.
- Allowance of five simultaneous connections
- Short free trial
- Accepts PayPal
- Account anonymity
- No logs
- Gets into Netflix USA
I wasn’t so sure about
- Location in the USA
- No kill switch
- Difficult to install
- Incomplete instructions
- No response from help desk
Tunnelr has a reasonable price, but it would not be suitable for those in countries such as France, Spain, Canada, or Australia if they want to get into home TV while abroad. Given the location of the VPN's operational base and the apparently small crew that runs it, there wouldn't be much protection for those who want to download with torrents.
A larger server network, a custom app, and an onsite proprietor would make this VPN service a lot more attractive.