UNLOCK YOUR VPN’S FULL SPEED & SECURITY
Change your default VPN protocol
VPNS usually offer a choice of ‘protocols’, which are sets of rules and instructions that determine how data is routed between your computer or mobile device and the VPN’S servers. This includes authenticating that your device is communicating with a trusted server, and encrypting the data you send and receive. Different protocols use different means of authentication and encryption, and changing the default protocol set by your VPN can boost your speed and security, and fix problems such as dropped connections.
Some VPNS offer their own protocols, such as Expressvpn’s Lightway, but the most common option is the open-source protocol OPENVPN (https://openvpn.net). This is fast, secure and reliable, supported by the majority of VPN servers and often gives you access to extra features – such as a ‘stealth’ mode for hiding VPN traffic from your ISP (see page 51).
A newer and even speedier option is Wireguard (www.wireguard.com), which requires less bandwidth and processing power than OPENVPN to encrypt your data, so is less likely to slow your browsing. It’s certainly worth trying if your VPN provides the option – Expressvpn doesn’t, while Nordvpn’s Nordlynx protocol is based on Wireguard – though you may find that Wireguard servers aren’t available in certain countries.
To switch your protocol to OPENVPN, Wireguard or another good option such as IKEV2 or L2TP, go into your VPN’S settings, look for a section called Connection, Auto-connect or similar, and select your preference in the Protocol menu (see screenshot above right). For OPENVPN, you can choose between TCP, which gives you a more stable connection, and UCP, which provides a faster one.
Install a VPN on your Wi-fi router
Many VPNS can be added to your Wi-fi router, which allows them to protect all the devices connected to your home network without you having to install the VPN’S apps on each one. It also beats the restriction on the number of devices you can use. Some routers come with a built-in VPN client, but you can also upgrade your current router’s firmware with DD-WRT (https://dd-wrt.com), to give it VPN support through the OPENVPN protocol (see previous tip). However, this may not be possible on the router supplied by your ISP.
Search for your router’s manufacturer and model in the DD-WRT database (www.snipca.com/41682), and follow the instructions to install DD-WRT on your router. Expressvpn makes things easier by providing its own firmware for routers (see screenshot below), but only for Linksys, Netgear and Asus models (www. snipca.com/41683).
Once you’ve installed DD-WRT, you’ll need to follow your VPN’S own guide to setting up its service on your router, so that it connects to the right servers via OPENVPN. For example, you can find Nordvpn’s instructions at www.snipca. com/41684 and Surfshark’s at www.snipca.com/41685.
Although there are privacy benefits to installing a VPN on your router, it may make your internet connection noticeably slower. Switching the OPENVPN protocol from TCP to UDP should help speed things up, and you can disable the VPN when you don’t need it via your router’s settings.
Exclude apps from your VPN’S protection
In our VPN reviews on pages 52 and 53, we mentioned ‘split tunnelling’ as a desirable feature, but it’s important to know when and how to use it. The main benefit is to exclude apps from your VPN’S encryption when spoofing your location may cause problems. For example, you may have trouble logging into online banking, getting directions in Google Maps or watching BBC iplayer in the UK. You can either specify which apps are always shielded by your VPN, which is what split tunnelling actually means, or whitelist apps to exclude, which is known as ‘inverse split tunnelling’.
To use split tunnelling in Expressvpn, click the menu button and choose Options then General. Select ‘Manage connection on a per-app basis’, click the Settings button and you’ll be given the options: ‘All apps use the VPN’, ‘Do not allow selected apps to use the VPN’ (see screenshot below) and ‘Only allow selected apps to use the VPN’.
For privacy reasons, it’s sensible to protect your main browser using your VPN, but you can exclude a secondary browser so you can use that to access sites that need to know your real location.
Some VPNS let you apply split tunnelling to specific URLS, so you can choose which websites go through the VPN and which you connect to using standard HTTPS encryption. Surfshark’s Bypasser option performs this function (www. snipca.com/41699), as do Nordvpn’s extensions for Chrome, Firefox and Edge (www.snipca.com/41700).
Route traffic through a different port
Your VPN connects to servers around the world using a specific networking port on your computer. Some ISPS deliberately restrict the speed of certain ports, to prevent bandwidth-hogging activities such as torrenting, so if your VPN feels frustratingly slow, it’s worth switching to a different port – even if only temporarily. Additionally, if your ISP is completely blocking VPN traffic, switching the port may help you beat the restriction, though this is unlikely to happen in the UK.
You can usually change the default port via your VPN’S settings – look for the Port box in the Connection or Advanced section. The most commonly used option is TCP port 443, which is used by encrypted HTTPS traffic, or UDP port 1194 (see screenshot above), which is used by protocols including OPENVPN.
Prevent VPN data from fragmenting
One common VPN problem occurs when you can connect to a server but can’t load any websites, resulting in an “unable to connect” message in your browser. One potential fix is to adjust your home network’s MTU (maximum transmission unit), which determines how much data can be sent over your internet connection. If your MTU is set too high, data packets can become fragmented, which causes connection problems. Some VPNS let you optimise the MTU via their advanced settings, but you can also use the Windows Command Prompt.
Type cmd into the Windows search box, then right-click Command Prompt and choose ‘Run as administrator’. When the command window opens, type netsh interface ipv4 show subinterfaces and press Enter to view your network connections and their MTU size - this is usually 1500 (octets). To reduce the size of your MTU, type netsh interface ipv4 set subinterface "Wifi" mtu=1480 store=persistent (see screenshot above) Replace Wifi with Ethernet if you’re using a wired connection or type the alternative name of your network. You can copy and paste these commands from our Pastebin account at www. snipca.com/41741.
Press Enter, restart your PC and try the VPN again. If you still can’t load sites, set the mtu= number to 1450 or 1430, or else revert to the default of 1500.