Virtual Private Networks (VPNs) are a fantastic way to protect your data and privacy from hackers, greedy advertisers or ISPs, and far reaching government surveillance programs. And so many providers have easy-to-use clients nowadays that you don’t have to go through a cumbersome setup process either.
The problem is that plenty of software security holes and incompatibilities could be working against that protection. That’s especially true of Windows, so here are a few things you need to watch out for, as well as some tweaking you can do for a faster and smoother VPN experience.
|Table of Contents|
What is a DNS Leak?
One major issue facing VPN security is potential Domain Name Server (DNS) leaks. The core function of DNS is to translate domain names (e.g. www.google.com) into an IP address (e.g. 220.127.116.11) that can be read by a computer.
A DNS leak occurs when you’re connected to a VPN, but your system still uses your ISP’s DNS server for reasons we’ll get into in a moment. This means your ISP can still see the website you connect to, basically nullifying your privacy on that front. Since ISPs are known to sell customer browsing data, you can see how that’s a problem. So what Windows features could cause a DNS leak? Let’s take a look.
Smart Multi-Homed Name Resolution (SMHNR)
Smart Multi-Homed Name Resolution or SMHNR for short, this feature (that was first introduced in Windows 8) sends out DNS requests to ALL available DNS servers, as opposed to just your preferred one in Windows 7. For example, you could have chosen a different DNS server because it worked faster than your ISP’s. If, for any reason, that server doesn’t respond, your requests would default to your ISP’s server (or whichever one works at the time). This is made even worse in Windows 10, where SMHNR just sends out requests to everyone and chooses the server with the fastest response.
This opens your system up to DNS cache poisoning (also known as spoofing). Cybercriminals can use spoofing to redirect you to fake websites that appear legitimate on the surface but are actually meant to steal your login and payment info.
It’s possible to turn off SMHNR completely in Windows 8.x systems. “Disabling” the feature in Windows 10 is possible but won’t do much, as any failed DNS requests will result in the OS sending requests to other servers anyway.
The only real solution to prevent DNS leaks caused by SMHNR is this OpenVPN plugin by ValdikSS, compatible with most OpenVPN clients. Usually VPN providers that promise “DNS leak protection” will have such a feature in place by default. Some excellent examples include major players such as NordVPN and ExpressVPN, that automatically block DNS requests to servers other than their own. Articles from the standard VPN review sites are valuable source to compare the prices and features. You can click here to see more choices depending on what you’re looking for.
Teredo makes IPv6 addresses compatible with the older IPv4 format (18.104.22.168 is an example of an IPv4 address). This is important since “old-school” IP addresses are running out, so we needed a proper bridge between devices using one or the other.
At the same time, Teredo is a tunneling protocol – and if you know your VPNs, you’ll recognize that they also use encrypted tunnels to protect your data. Unlike the other protocols such as 6to4, Teredo can perform the function even from behind network address translation (NAT) devices which includes the routers used at home. This can sometimes cause conflicts between the two, and in the rare cases Teredo bypasses your VPN tunnel, you end up with a DNS leak.
Here is a guide to disable it.
DNS Leak Tests
In case you want proof your current (or future) VPN provider is telling the truth, you can test their client for DNS leaks using the following websites:
We recommend using more than one test, as the results tend to be fairly different among platforms. As long as your real approximate location or any other identifying information doesn’t slip through the cracks, you’re good to go.
It’s no secret that there are extra steps involved in connecting to the Internet through a VPN. Factor in things like the distance between you and the server you’ve chosen, server loads and encryption strength and you can see that slowdowns are absolutely normal. Still, there are a couple of things you can do to make them less noticeable.
Before you do anything, test out your Internet speed with and without your VPN on, right here. It’ll help you determine if the VPN is the reason for your slow connections or if it’s just time to upgrade to a better plan or ISP. Not to mention see if there are any improvements once you’ve tweaked your settings.
Built-in Speed Settings
Now, some VPN providers have speed optimization options built into their clients. These usually disable some harmless Windows features such as Heuristics. Poke around in the “Advanced” options of your client for speed related settings.
Switch from UDP to TCP
Another “Advanced” setting that’s worth checking out is switching the connection protocol from the default UDP to TCPTCP. A word of caution: while your speeds may improve, it could make your connection less stable.
Optimize Windows for Performance
While it’s less relevant than your connection speed, server location (the closer, the better) and server load, your system performance also has a slight impact on VPN speeds. Your CPU speed in particular plays a role in encrypting and decrypting data, so freeing up resources can be beneficial. Here’s a guide on how to speed up Windows 10.
Play Around with Encryption Strength
Encrypting the data that passes through your network means adding some extra data on top, which inevitably slows down the whole process. Now, we don’t recommend choosing a weaker encryption protocol just to get a slight speed boost – keeping your data secure is more important than shaving off half a second from your page load times.
But if you’ve already tried everything else, and you’re determined to squeeze every last bit of speed from your connection, then go for it (provided your VPN client offers the option).
There is no doubt that virtual private networks are a necessity in today’s world with mobile computing devices such as laptop, smartphone. VPN is a complex matter because first, choosing the correct one difficult, secondly the tweaks and optimizations demand work experience with networking and security.
We are till not sure about the need of VPN and required tools to setup VPN for the LTE smartwatches. They are quite latest and no less vulnerable. In future, we will have some detailed article covering that topic.