An In-Depth Look at ProtonVPN

Wednesday, February 22, 2017 @ 12:24 pm

In this post, I offer a screenshot-rich walkthrough of ProtonVPN, ProtonMail’s new VPN service currently in limited beta testing.

Last night I received an email inviting me to beta test ProtonMail’s new service – ProtonVPN:

We are excited to announce the closed beta preview of ProtonVPN, a new tool which makes it possible to use the Internet without censorship and surveillance. Like other VPN services, ProtonVPN allows you to establish an encrypted tunnel for your Internet traffic, thus shielding it from surveillance and monitoring.

However, unlike other VPN services, ProtonVPN is designed from the ground up with a special emphasis on security and privacy, and features a number of innovations that we have made to harden VPN against compromises.

Currently only a client for Windows exists; clients for Mac, Android, iOS, and Linux are still under development, but since it’s based on OpenVPN, guides on how to set up ProtonVPN for Mac and Linux are provided.

Installing ProtonVPN

I downloaded the installer, which came out to be around 16 MB in size.

The installation finished rather quickly, so now it’s time to power up ProtonVPN.

A prompt to install TAP drivers (OpenVPN) appeared where I clicked on Install:

After watching the mesmerizing atom animation load…

I was prompted to enter a username and password.

Note: you must enter your full ProtonMail address (e.g. username@protonmail.ch).

I have two-factor authentication enabled for my account, so as expected I was prompted to enter it:

I was not prompted to enter my mailbox password afterwards, which does make sense since this is not ProtonMail but rather ProtonVPN.

Running ProtonVPN

After successfully logging in, you immediately see the following interface:

Note the list of countries on the left-hand side (13 in total), the geographic map, and the reminders that you are currently not connected to a secure server.

The countries listed are:

  • Australia
  • Canada
  • France
  • Germany
  • Hong Kong
  • Iceland
  • Japan
  • Netherlands
  • Spain
  • Sweden
  • Switzerland
  • UK
  • United States

If you hover over a country, you are able to expand it to see the servers (and respective server IP addresses):

Behind the scenes, these profiles are stored as OpenVPN profiles in C:\Program Files (x86)\Proton Technologies\ProtonVPN beta\AppData\ProtonVpn\ovpn:

A peek at the settings of the Iceland Server #1 (UDP) profile (is-01.protonvpn.com.udp1194.ovpn), excluding the certificate and static key:

client
dev tun
proto udp
remote 185.159.158.100 1194
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server
auth-user-pass
pull
fast-io

key-direction 1

Back to the interface, if you click on Profiles on the left-hand side, you see two pre-defined profiles: Fastest and Random.

Back to the countries tab, if you check “Secure Core”, it seems ProtonVPN will act in a similar way to Tor where your traffic is sent through intermediary relays – a technique known to agitate various three-letter organizations. In the case of ProtonVPN, these relays are countries with respectable privacy reputations (Sweden and Iceland):

I decided to click on “Quick Connect” and noted that the connect notification has the countries listed using their locale codes (e.g. IS = Iceland, ES = Spain):

The red notices are gone and I am now connected to ProtonVPN!

Presumably, if “Secure Core” is unchecked, then you would be connecting to the server in the respective countries without the Sweden/Iceland intermediary servers.

Some small features:

If you check/uncheck “Secure Core” while you’re connected, you will be alerted that you’ll be disconnected. Note that after toggling the checkbox, you will need to manually reconnect to VPN.

Hover over the dot beside the server name to see the server load % in a tooltip:

I am assuming that these dots in the Countries list will reflect each country’s aggregate server load.

Right-clicking on the system tray icon gives you the options to Connect/Disconnect or Quit:

ProtonVPN Options

Settings

Clicking on Settings in the top menu shows the following:

Above are the default settings, and one thing I noted was “Account Type”. I can imagine there will be another type in the near future: “ProtonVPN Account”, for individuals who sign up only for the ProtonVPN service.

Profiles

Clicking on Profiles in the top menu shows the following:

Click on “Create new profile” to see:

On the left-hand side you are able to create a name for the profile, colour, or set it as the default profile.

On the right-hand side are the server settings where you are able to use Secure Core, select a country, and a server (where there seems to be 4 servers per country):

If “Use Secure Core” is checked, the Country dropdown disappears and you gain access to a select number of predefined countries and servers:

I’ve created one for Canada, using Secure Core, and am going to save it:

After saving you’re brought back to the profiles overview tab:

Giving the VPN a Test Drive

A DNS leak test:

Looks good.

Speed-wise, as expected there is a decrease in speed if “Secure Core” is enabled, as all traffic is routed via Sweden or Iceland (as the “secure” core), in contrast to when it is disabled.

Conclusion

With a very sleek interface and smooth experience so far (making my job hard as a beta-tester), ProtonVPN is very exciting and has a very promising future.