So you've decided to take the plunge on mobile VPNs but don't know where to start. Don't worry, you're not alone. That's why we've put together this handy guide on how to to set up a VPN on your Android or iPhone.
Why use a mobile VPN?
Today, much of your digital life exists on your mobile phone, whether iPhone or Android — mobile banking, online shopping, chatting with friends on Skype, or sharing life moments on Instagram. We may not be at Black Mirror level (yet), but there’s no denying we’re almost always connected. Despite its convenience, living online can also make you vulnerable to privacy threats, and without proper protection, information about you and your online habits could fall into the “hands” of third parties such as your Internet Service Provider (ISP), businesses, or even hackers. Using a virtual private network (VPN) on mobile helps you maintain privacy online, whether you’re at home or connected to public Wi-Fi.
Top 3 reasons for downloading a VPN on your phone
While there are many reasons why you should be using a VPN, here are the top 3:
1. Browse the internet privately
What you do online is your business, and using a VPN can help you keep it that way by hiding an important number called your IP address. ISPs and search engines like Google use your phone’s IP address to collect data about your online search habits. Ever notice those creepy online ads showing you products you recently searched for? Yeah, that’s essentially Google spying on you. And with the recent repeal of net neutrality rules in the United States, keeping your online data safe from your ISP’s prying eyes could become even more important in the near future.
2. Secure public Wi-Fi
Public Wi-Fi hotspots make it easy for us to connect from almost anywhere. But unfortunately, that unsecured Wi-Fi network in Starbucks you’re connecting to from your iPhone or Android phone also makes it easy for hackers to access your connected device and intercept any sensitive info you’re sharing online (passwords, credit card details, etc.). A VPN helps you avoid the dangers of public Wi-Fi by encrypting your connection and preventing third parties from being able to see what you’re doing on the network. Be careful not to confuse a VPN with a proxy server — while both hide your IP address, a proxy server doesn’t use encryption, meaning your online data isn’t protected. Proxies are also used on an application by application basis, unlike a VPN, which is applied to all of your online traffic.
3. Get around content blocks
Depending on where you are — school, work, abroad — you may find that certain websites or online services are blocked because of copyright agreements, or, in some countries, censorship laws. Since content blocks are enforced based on your IP address, using a VPN can allow you to access content no matter where you are. Want to keep up with your HBO shows while traveling around Europe? No problem with a VPN. This is also an instance where you could use a proxy server, such as the HMA! free web proxy; just don’t forget that your connection won’t be encrypted.
How do I set up a VPN on my phone?
VPNs come in all shapes and sizes, and while choosing one usually boils down to personal needs and preferences (and of course, whether you use an iPhone or Android), it’s important to understand the pros, cons, and difficulty level of your options.
The easiest way: download a VPN app
Downloading an app from a VPN provider is by far the fastest and most convenient way to set up a VPN on your iPhone or Android phone. Apps are also advantageous because they allow you to set and save your preferences, and configuration is very straightforward. But of course, there’s a catch. With countless VPN apps available, how do you know which one to choose?
Here are a few things to consider when choosing your VPN provider:
1. Make sure they don’t keep logs
A VPN should keep your network completely private, and that means the provider should not be keeping data logs of your online activity. Be sure to check the provider’s terms of service, where you should be able to find their logging policy. A trustworthy VPN provider will clearly state that no logs are kept. However, you should still do some research on your own, as there have been instances of providers lying about keeping logs.
2. Prefer paid services
When it comes to VPN apps, you definitely get what you pay for. Many free VPN apps don’t encrypt your connection, which is technically okay if you just want to stream content, but not if you’re concerned about security or privacy (which you should be). Nothing in this world is free, and the revenue to support “free” VPNs has to come from somewhere. In many cases, it comes from providers logging and selling your online data to third parties for advertising purposes.
3. Which protocols does it use?
The protocol used by a VPN provider will determine the reliability, speed, and security of your connection when using their VPN. There are several different types of protocols currently in use for mobile VPNs, from OpenVPN, which offers the highest level of security and performance, to Point-to-Point Tunneling Protocol (PPTP), an older protocol known for its high speed, but also for being one of the least secure protocols.
These guidelines can help you choose the right VPN, but if you want to put your VPN to the test, there are also ways you can check if your VPN is secure.
The middle ground: use OpenVPN
As mentioned above, OpenVPN is one of the most trusted protocols. It’s used by many VPN provider apps, such as AVG Secure VPN, because of its high level of security and stability, as well as its ability to bypass firewalls. It’s also open source, meaning the source code is readily available for anyone to view and inspect. Though it’s not native to any platform, third-party VPN client software makes it available on both iPhone and Android mobile phones.
Using a VPN app may be less of a hassle in terms of setup, but if it isn’t providing you with the security, features, or power that you want, you should consider OpenVPN. It allows you to configure your VPN the way you want so you can customize your settings, optimize your connection, troubleshoot, and more. The downside is you will lose any advanced “extra” features your current VPN provider gives you. However, as long as your VPN provider supports the OpenVPN protocol, you can use it in tangent with your existing VPN client and switch between the two as needed.
The hard way: configure a VPN manually
In addition to OpenVPN, there are other available protocols you can connect to either natively through your device platform or by using a VPN client. And if you’re willing to spend the extra time, you can essentially use whichever one you want as long as it’s supported by your VPN provider. Let’s look at the pros and cons of different mobile VPN protocols.
Layer 2 Tunneling Protocol (L2TP) can’t provide encrypted VPN protection by itself, which is why it’s usually applied in combination with the Internet Protocol Security (IPSec) authentication suite. Together, L2TP/IPSec is mostly secure (though there have been reports that IPSec has been compromised by the NSA). L2TP/IPSec is a popular protocol mashup because of its compatibility with most devices (especially as an alternative to those that don’t support OpenVPN), plus its fairly easy setup. On the other hand, it may be a bit slower than other protocols, and its limited number of ports makes it easier to block.
The acronym for this VPN protocol varies — L2TP, L2TP over IPSec, L2TP/IPSec — but most VPN providers today support L2TP with IPSec encryption. It’s also worth noting that IPSec can be used on its own via one of its several available modes (IKEv2 being the latest version). While L2TP/IPSec and IPSec are comparable from an encryption standpoint, VPN providers often post their pre-shared keys (needed to authenticate the two sides of a VPN connection) on their websites. So while the IPSec protocol is secure, its implementation often isn’t.
IKEv2 (Internet Key Exchange, Version 2)
Similar to L2TP, IKEv2 also requires pairing with IPSec to become a VPN protocol, instead of just a tunneling protocol (however, it is usually referred to as only “IKEv2”). Faster than most other protocol options, IKEv2 is also an exceptionally stable and secure VPN protocol.
Perhaps IKEv2’s most useful and unique feature is that it can jump between connections (such as from Wi-Fi to your cell network) without losing the secure VPN connection, making it one of the better choices for mobile devices. Unfortunately, it is not as commonly used as L2TP/IPSec because it’s not supported on as many platforms. If you have an iPhone, you have an advantage, since IKEv2 is supported natively on iOS.
PPTP (Point-to-Point Tunneling Protocol)
Although PPTP can be supported on most platforms and is generally regarded as a very fast VPN protocol, we do not recommend using it because it is NOT secure. Initially developed by a vendor consortium founded by Microsoft in 1999 for the purpose of creating VPN over dial-up networks, it has since become obsolete (iOS 10 removed it as a native connection option). So if your VPN provider offers the option to configure a PPTP connection...don’t. Otherwise, you’ll almost certainly have the NSA all up in your business.
The pros and cons of different VPN protocols
How to set up VPN protocols on Android
Configuring OpenVPN for Android is fairly straightforward. First, you need to check if your VPN provider’s website to make sure they support the OpenVPN protocol (which is very likely). You must then download the necessary OpenVPN configuration files (settings that show how each connection should work), which should also be available on your VPN provider’s website. Keep in mind that these files are usually provided as a ZIP file, and you may need a file manager app to extract them.
Since VPN client software is necessary to configure the OpenVPN protocol with Android, you will also need to download OpenVPN Connect for Android from Google Play. Once you have the client software and the configuration files extracted, you’re ready to go. Many VPN providers include helpful tutorials on their sites about how to set up a VPN on Android phones, so use these as a reference if they’re available. Others, however, may only provide the necessary files. In this case, try searching their support pages for any references to OpenVPN or OVPN files, or follow Method 4 for a step-by-step guide on how to configure OpenVPN with Android.
Unlike OpenVPN, L2TP/IPSec is natively supported by Android, so you won’t need to install any additional VPN client software. Instead, you just need to locate the list of VPN server IP addresses available to you through your VPN provider, as well as your provider’s VPN IPSec pre-shared key. As stated above, this may be publicly available via your provider’s website; otherwise, you should be able to access it after logging into your VPN account. Follow the setup guide for Android or your provider’s instructions, and you’ll have L2TP/IPSec configured in no time.
Unless you use a Blackberry or Windows mobile device, both of which support IKEv2 natively, you will need to download third party client software to set up this VPN protocol. Directly from the Google Play Store, download and install the strongSwan VPN Client for Android. Like L2TP/IPSec, you will need your VPN provider’s server list; some providers also supply a connection certificate file that you can download.
The general deployment, file format, and keys you’ll need are outlined on strongSwan’s website, but the overall configuration is quite similar to L2TP/IPSec. Once again, you will need to provide the server address you would like to use from your provider’s server list. Then, you will either use your VPN account login credentials for authentication (with the CA Certificate field set to “Select Automatically”), or you will be able to “Import certificate” using the previously downloaded certificate file.
How to set up VPN protocols on your iPhone
Since OpenVPN is not configured natively for iOS, a VPN client software is needed. OpenVPN Connect for iOS is the only client available for OpenVPN configuration, and can be directly downloaded and installed from the Apple App Store.
Fortunately, iPhone VPN setup is fairly straightforward. Once you have the app downloaded, you need to go to your VPN provider’s website to locate and download the OpenVPN configuration files. Many VPN providers also include helpful setup tutorials on their sites, so use these as a reference if they’re available. Others, however, may only provide the necessary files. In this case, try searching the support pages for any references to OpenVPN or OVPN files.
Open each file in your OpenVPN app and tap on the green “+” button to add the server. Repeat this until you’ve added all the servers you want. Note that, although the app is able to remember multiple different servers, you can only connect to them one at a time. After that, all you need to do is enter your VPN credentials and connect!
Unlike OpenVPN, L2TP/IPSec is natively supported on iOS, so you won’t need to install any additional VPN client software. Instead, you just need to locate the list of VPN server IP addresses available to you through your VPN provider, as well as your provider’s VPN IPSec pre-shared key. As stated above, this may be publicly available via your provider’s website; otherwise, you should be able to access it after logging into your VPN account.
Go to your iPhone or iPad’s Settings icon and tap General >> VPN >> Add VPN Configuration. Under “Type”, you can simply choose the protocol you’d like to configure (in iOS it’s listed as “L2TP”, but don’t worry, it’s still implemented with IPSec encryption). Follow the setup guide for iOS or your provider’s instructions, and you’ll have L2TP/IPSec configured in no time.
Overall, iOS provides great support for VPNs. This includes IKEv2, which is not available natively on many platforms — iOS, Blackberry, and Windows are the only ones for mobile. As with L2TP/IPSec, you only need to go to your iPhone or iPad’s Settings icon and tap General >> VPN >> Add VPN Configuration. Under “Type”, you can simply choose the protocol you’d like to configure (in this case, IKEv2).
Locate the list of VPN server IP addresses available to you through your VPN provider, choose which one you’d like to use, and put it in the “Server” field on the configuration screen. Enter the rest of the connection details from your VPN provider, including your account username and password, and connect. Note that some providers may use certificate authentication instead of your username and password; if this is the case, then you will need to import these files before setting up your VPN connection.