The Problems with Virtual Private Networks (VPNs)

Posted on: 2017-10-22

In a previous post I argued that if you want your privacy that you need a VPN. To be clear I still believe this to be true.

The thing that broke the camels back for me was the recent change in the law that allows ISPs to sell your internet activity to 3rd parties. In truth I should have looked into it way well before this. In discussions around the law change it was not uncommon to see - "What's the problem? If you care about privacy just get a VPN."

That is not a good answer - not least because I've now gone to a situation where I have to pay for something which you'd hope would be part of the service, and it is hardly trivial to set up a VPN.

In this post I hope to show that those two issues are in essence the tip of the iceberg. Setting up a VPN for your home network, is time consuming, will probably cost you a fair amount of money, and in use it will cause many problems. It is not a silver bullet - not even close.

In my home network some machines are hard wired to use the VPN router by design. Being hard wired those machines can ONLY use the VPN.

A summary of the problems you will likely see using a VPN:

• Inability to send mail though a mail program
• Disconnections of VPN service
• Captchas and other verifications/friction when using services (YouTube, amazon etc)
• Some services may believe you are in a different country incorrectly
• Some services will not work at all (purchasing through apple)
• Paid streaming services - like Netflix, HBO go and Amazon streaming will likely not work at all
• You cannot port tunnel traffic inside the VPN (or at least I couldn't for unknown reasons)

This is on top of the expected...

• Longer latency
• Slower speeds

For this reason you can't use the VPN for everything. You need a mechanism to be able to jump in and out of VPN usage. If you have two routers, one on VPN and the other not and you are using WiFi, you can jump between the routers. If you connect to the VPN on the computer, or on some other device through an app you can connect/disconnect through that.

My original idea of having everything but streaming services run through a router which is always connected to a VPN, only works if you can flip between connections via WiFi. It's also workable if you have at least one hard wired computer outside of the VPN - but this is still inconvenient.

Even with all this friction, and problems I still recommend your getting a VPN service. I would not recommend PureVPN - I'll explain why in another post.

Router VPN connection getting dropped

I found that every couple of days my router VPN connection would be dropped. You would have to access the router web page and click the button asking to reconnect. It did this pretty consitently - which is a real problem if you want your VPN connection to be a largely pain free replacement for your unprotected internet connection.

There is a 'Connect Mode' dialog on the Basic Settings/Network tab in AdvancedTomato. Setting this to 'Keep-Alive' was talked about as fixing some peoples problems. This did not work for me.

What I wondered is if the disconnection had something to do with DHCP lease times. These are typically the order of a few days. Remember that my setup is I have a router connected to the internet, and then I have another router behind that which is the VPN router. The VPN router gets it's IP address via DHCP from the other router. So I did set up the VPN router to have a static IP address - using it's MAC address to identify it. This did not fix the problem though.

The thing that semi-fixed it for me, is that I set up the VPN Router to reconnect to PureVPN every day very early in the morning. I still get occasional disconnection issues - perhaps once every couple of weeks.

All VPN servers are not equal

When you join a VPN service, you are typically given a list of servers you can connect to. If you are most worried about speed and latency, you should probably connect to the server closest to you. If you want you traffic to appear to come from a different location, then you can perhaps use a server that is close to that location.

The thing is I would expect these different servers to be pretty much the same thing, just located in different locations. But at least on PureVPN that is not the case. Some servers I am unable to connect to. Other servers are far more likely to drop a connection. Some servers I'm able to send email from, others I cannot. Which servers I can and cannot send mail from is not even consistent - one day you can and then for a week perhaps you can't.

Yet other servers, because of their location will appear to act differently. For example using the CA server on PureVPN, make google services insist you are in Russia. With other servers I've tried that has not been a problem. This is probably nothing to do with the server of how it's configured, and about how other services on the internet decide how to view an IP address.

E-mail Problems

Many people just use a website for email such as gmail or Hotmail. This will almost certainly work - but might require a captcha, or something similar.

On hotmail it will say "We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device or app." It then forces you to verify yourself via email. Ugh. Yahoo email - doesn't seem to mind. Gmail - I don't have a gmail account, but I would imagine it is similar to the issues with accessing google.com.

I typically read my mail using an email client - I use Thunderbird, many people use Outlook.

On PureVPN on many of the servers you will not be able to send mail. Presumably because spammers are using VPNs to hide behind to spam from. So on PureVPN you have to ask them to 'white list' the email server for your account. You do this by contacting support. Unfortunately it doesn't work. I did this and still had problems. I actually had a real problem getting them to confirm they had white listed my account with the email server. Then it wasn't clear if the problem was with PureVPN or with the email service provider I use - it was with the VPN I was assured. Then it started working - making it appear as if something was fixed. Then it stopped working again.

You Tube & Google

When I access google.com from behind the VPN, google takes me to the Russian version of their search engine. Why? That's a good question. The server I'm connecting to says it's in California. Moreover if I go to a service like ipaddress.com it claims it's in California. For some reason though google thinks otherwise.

You could imagine it is possible that lots of Russians may be using the VPN service, and so their connections appears on the internet from the IPs associated with the VPN. Moreover browsers typically say when connecting to servers what language they want. Perhaps from that google ignores the more typical IP geo location mechanisms and just assumes since most browsers are looking at Russian pages, or say they prefer Russian language content the IPs become associated with Russia. I actually don't know though.

Anyway this is irritating, but you can work around by accessing google.com as

https://www.google.com/ncr

Ncr probably stands for no country redirect. This is somewhat annoying. If you use https://duckduckgo.com you won't have this problem - and you will have privacy that google does not provide.

If you go to youtube.com the first problem you get is again it insists you are in russia. So once again you need to force youtube to use the US service.

https://www.youtube.com/?gl=US

This appears to work although again is kind of a pain. The second problem I've had is that it thinks you might be a bot - and so forces you to do a CAPTCHA . Captcha's are generally pretty irritating, in that because computers have got better at solving the problems, it makes it more likely an actual human will fail. The captcha I've seen on You  Tube is about identifying, cars, roads, and road signs in images. Clearly they are using this data to train machines. It can be time consuming though as you may be asked to complete multiple panels of the test before it will believe you are really human.

Amazon

Amazon when you try to login, may ask for additional verification. In practice this means that you are mailed an 6 digit number that you then have to type into amazon before your login will complete.

Streaming services

Netflix probably won't stream to your VPN. It might do - but there's a good chance it will not.

That is why I would advocate to having two routers - one on the VPN and one not.

Apple Store

Generally speaking it seems doing transactions when using apple services do not work behind the VPN at all. For example trying to purchase an ibook when behind the VPN does not appear to work - just spinning, and then eventually putting up a message that it cannot connect.

Services from VPN provider

You can't pay for the PureVPN service on the VPN! This is not shown in any clear way, it just doesn't work. I had to contact them directly to figure out what was going on.

Other sites

Costco - This does not work at all when using the VPN. Nothing appears!

Business Insider - Business insider on the VPN server I'm using thinks I'm in Italy. You have to click the 'Edizione' on the top right of the screen and select 'United States' or where ever is appropriate.

Dell - The main Dell website does not work. The main frames of content are not filled in - so it's basically unusable.

Consumer Reports - The main site works. Unfortunately if you want to purchase an online subscription, the section of the page where you'd enter your credit card info does not display. This makes it impossible to purchase a subscription from behind the firewall.

Ebay - Goes to what looks like the Russian (!) version of the site. There is a button to select the 'English' version of the site - but it remains the Russian content. I couldn't find a way to make eBay go to the US site. So basically mean ebay is not usable behind the VPN.

Google Maps - Works - but thinks I'm in Romania. This is irritating - but the site remains usable. It could be the case that EBay is using a google service - as Romania's most common language in Russian.

Internet Service Providers

This is an anecdotal observation, but recently I tried to use the PureVPN with a iPhone 'Private Hot Spot'. The iPhone was connected to the Verizon network.

I connected the computer to the hotspot and accessed the internet normally. I then turned on the VPN on via the network connections option in GalliumOS. This is something I regularly do at home - hardwired machines sit behind the VPN connected router. On wi-fi connected machines it is not unusual to not behind the VPN router and so I connect to the VPN via the network options.

On Verizon the two main PureVPN servers I regularly use did not work at all. I just got a message saying 'The VPN service has stopped'.

I have occasionally had some flakiness with say one of the servers not immediately connecting on Comcast from home. Here though I tried several times to both servers, and it never worked.

I should also say I've tried this kind of VPN connection in lots of different places. In hotels, in airports - and it has worked fine.

So whilst I'm not sure - I'm suspicious if Verizon does not want you to run a VPN or perhaps more boringly, perhaps they are blocking the PureVPN servers for other reasons.