The company offers native apps for Windows, Mac, Android, iOS and Linux, has a vast network of more than 5,000 servers across 50-odd countries, supports up to six simultaneous connections, includes a kill switch to help protect your sensitive data in case your VPN connection goes down and more.
However, in this article, we’ll be taking a closer look at some of NordVPN’s lesser known features, namely its server categories and support for a number of VPN protocols, including the recently launched WireGuard.
While we mentioned before that NordVPN has over 5,000 servers available to its users, not all of these servers are the same as some offer specialized functionality. Whether you want additional security, your own dedicated IP address, to bypass internet restrictions in countries such as using your VPN for China or to download files using Peer-to-Peer (P2P) networking, NordVPN has you covered.
The first server type that the company offers is a standard server and this is a regular VPN server that encrypts your internet traffic and replaces your IP address. If you open NordVPN and click “Quick connect”, this is the kind of server you’ll be connecting to. Your online activities and data will be protected but you won’t benefit from the additional privacy benefits that some other server types offer.
If you are looking for additional privacy, then a double VPN or Onion over VPN server may be a better choice. A double VPN sends your internet traffic through two different servers to encrypt your data twice though this option is only available when using OpenVPN (UDP) or OpenVPN (TCP) protocols but will go over these more in depth further down in this guide. Onion over VPN is another privacy solution that sends your traffic through one of NordVPN’s servers and then passes it through the Onion network before it reaches the internet. Usually you’ll need to use the Tor browser to access the Onion network but with NordVPN you won’t need to download a separate browser.
Dedicated IP servers are for users who purchase their own dedicated IP address for an additional price. The benefit here is that you’ll be the only person using this assigned IP address and won’t have to share it with others. When you connect using a regular VPN server, you’re given one of many IP addresses available and these addresses are shared between everyone connecting to that server. Another great benefit to using a dedicated IP address is that the sites you connect to regularly, such as Gmail, won’t ask you to verify your account every time you connect as you’ll be using the same IP address and not a random one assigned to you.
If you want to torrent with a VPN or download a lot of content online, then connecting to a P2P server is your best option. The main issue with P2P networks is that every device uploading or downloading the same file on the network can see each other’s IP address. This helps users share large files more effectively but is not great if you’re trying to protect your privacy online. Your Internet Service Provider (ISP) can also quickly detect if you’re using P2P and they may deny access to file-sharing websites or set bandwidth limits which slows down your internet speed. By connecting to one of NordVPN’s P2P servers, you secure your real IP address, protect your download speeds and encrypt all of your traffic online.
The final server type offered by NordVPN is obfuscated servers. These servers give you the freedom to visit any website in countries where the government heavily regulates the internet such as North Korea, Iran, China and others. These countries also like to block access to VPN services so if your regular VPN can’t get you online, an obfuscated server may help do the trick.
NordVPN supports a number of different VPN protocols which all have their own strengths and weaknesses. The one you use will depends on the level of security you need and what you’re ultimately using a VPN for. NordVPN supports the following VPN protocols: OpenVPN, IKEv2/IPSec and WireGuard.
OpenVPN is a very mature and robust piece of open source software that provides a reliable and secure VPN connection. This protocol is also quite versatile and can be used on both TCP and UDP ports. To ensure that user data is protected, NordVPN uses AES-256-GCM encryption with a 4096-bit DH key. OpenVPN is currently the default protocol in all of NordVPN’s apps and the company recommends it for security-conscious users.
IKEv2/IPSec offers improved security and privacy through the use of very strong cryptographic algorithms and keys. For instance, NordVPN uses Next Generation Encryption (NGE) in its implementation of this protocol. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellman keys. IPSec then secures the tunnel between the client and server using AES256 encryption. IKEv2/IPSec provides users with peace of mind, security, stability and speed which is the reason this protocol has been adopted as a default in NordVPN’s iPhone VPN and Mac VPN.
WireGuard is the latest VPN protocol which uses state-of-the-art cryptography and is the result of a lengthy and thorough academic process. This protocol is faster than OpenVPN and IPSec but it is often criticized for its ability to secure users' privacy and this is why NordVPN came up with its new NordLynx technology. NordLynx combines WireGuard's high speeds with NordVPN's custom double Network Address Translation (NAT) system to help protect users' privacy. The company's double NAT system allows for a secure VPN connection to be established without needing to store any identifiable data on a server.
Another one of WireGuard's advantages over existing VPN protocols is the fact that it contains far less code than OpenVPN or IPSec. While OpenVPN is made up of 100,000 lines of code, WireGuard has only 4,000 lines of code and this makes it much easier for security experts to review and audit for vulnerabilities.