Get Cape, a no-bullshit mobile provider focused on privacy and security, and get $20 off your monthly bill.

VPN Provider Review: AzireVPN

AzireVPN, operated by Netbouncer in Sweden, was recommended to me by one of those super geeky hacker types who detailed some really interesting differences between Azire and most other VPN providers. And what are those differences you ask, mouth watering in anticipation?

First let's get something straight regarding VPN providers: there isn't a damn one that can be trusted absolutely and the vast majority of them are crap. They can tell you whatever they want about their security and privacy and no-log policies (many of them are flat out lying when they state this), but unless there's an information leak, or you discover a security or privacy issue yourself, or you personally know the people running the company, your confidence in their service will always be blind. Tor advocates like to use this ammo to suggest that Tor is far better in this regard because it's open source and uses multiple nodes and multiple layers of encryption, yada yada yada, but i find their claims of security to be less than concrete as well. For example a bad actor, such as your ISP, can apparently run an entire Tor network on a single machine using something like The Shadow Simulator and god knows what the intelligence community can do. Tor has other problems as well, some of them detailed in my article Tor versus a VPN - Which is right for you?.

Understand that i'm not suggesting that a VPN is necessarily superior to Tor for every case, but i think that the path best chosen depends on what you're trying to achieve and i think that for the average user who's torrenting or wants to circumvent YouTube's idiotic geo-restrictions or wants to make digital fingerprinting a bit more difficult, a VPN may be the better option, though unlike Tor, VPNs are not free and any provider that claims this is a good one to run the hell away from at maximum velocity.

AzireVPN claims to do things very differently. Unlike every other (or mostly every other) VPN business where one can sit behind a keyboard and provision as many servers around the world as they please, Azire tells us they physically own, configure, secure, install and maintain each server they operate and they offer some evidence to support this. From a security/privacy viewpoint i see this as a significant advantage over other mega-VPNs like NordVPN, ExpressVPN, AirVPN, etc., who are potentially more open to hacking and government snooping.

Video: Setting up AzireVPN's new Malmo server location

Azire makes the following claims...

  • they own and maintain their hardware
  • nothing is stored physically on the servers (no hard drives) - the entire OS runs in RAM (more here)
  • all USB, VGA and serial ports are sealed to prevent tampering (more here).
  • they support WireGuard which is significantly more efficient tha OpenVPN
  • no logging
  • no port restrictions (torrenting, etc., is allowed)
  • port forwarding (if you want to run a server or otherwise require this feature)

AzireVPN was featured in TorrentFreak's article, Which VPN Providers Really Take Privacy Seriously in 2021?.

Sounds like the berries, right? There is one downside to managing your own hardware in that Azire can't provision equipment as quickly as the fast-food VPNs and so Azire doesn't have a heck of a lot of servers, but the ones they do have are located in quite a few countries and they are slowly expanding (see their blog for more). Azire does offer SOCKS5 proxies and is the only company i know of that does so, however you must be connected to one of their VPN servers to use them and there is no encryption at the proxy level. Still, their SOCKS5 proxies make it easy to change your location/IP in order to circumvent geo-restrictions without having to switch to another server. For those who run their VPN client on their router this is a plus because, while it isn't as straight forward to swap locations, there are plenty of web browser extensions available that provide the ability to quickly switch between proxies.

I started with AirVPN several years ago then moved to NordVPN, but being with a huge company like Nord has always bothered me and i'm glad to have found an alternative which i think is much better all around. Although it wasn't an issue when i first signed up, Nord's servers have become blacklisted by quite a few sites and it started to get annoying, as did the lack of the connection stability. Azire's servers also suffer from blacklisting, but they occasionally change IP addresses to combat the problem.

Getting AzireVPN set up on my router was a bit of a pain in the ass. At first i was using the DD-WRT firmware and even after contacting Azire support i could not get OpenVPN or WireGuard working. Their setup guides were out of date for some configurations which they claim to support. Azire seems to be moving away from OpenVPN in favor of WireGuard, but this is all pretty new stuff and so there can be hitches in setting up WireGuard as well. I finally got the tunnel working with WireGuard after switching to the OpenWRT firmware and a lot of fiddling around, plus still more help from Azire support. Azire definitely loses points here though their support has been mostly OK (i'll get more into that in a bit). If you decide to run WireGuard or their app on your PC then you can likely avoid the hassle and they have a healthy selection of apps for different platforms/devices. Given the improvements in the Network Manager software for Linux systems, i'm no longer running WireGuard on my router and, instead, running everything using the wireguard-tools package and Network Manager, no Azire app needed.

Another big plus with AzireVPN is that you don't have to give them any personal information to open an account and you can pay with cryptocurrency, so acquiring their service can be somewhat anonymous if you want (they are still aware of the IP address you're connecting from of course). There aren't a lot of other VPN providers that go this far to protect your privacy.

As far as the tunnel itself, all ports are open and bandwidth is unlimited. I've been using their service for a few years now and the speed and stability of my connection has been very impressive whereas this was not the case at all with Nord.

Now, back to that support thing...

Because i couldn't get DD-WRT working with the OpenVPN protocol, a configuration which Azire claims to support, i was offered some free time without having to ask for it. I appreciated the offer and viewed it as the right thing to do, especially for a smaller company which is interested in growing. Problem is, they didn't follow through and so i inquired again about their offer. Crickets. In the end i inquired four times before i got a response, and their response was to renege on the offer because i didn't help them figure out how to get DD-WRT/OpenVPN working on their tunnels, a condition which was absolutely never stated nor implied. Here's what they said, emphasis added:

We thought that our offer was pretty clear while saying the following statement:

"Whether you manage to find a solution to your issue, we will be glad to give you free time and eventually we will make a quick update to our guide."

In other words, if you were able to find a solution which we could integrate into our guide to update it, we would give you free time. I think our sentence was poorly written, but that is what we meant.

Their offer was unconditional. It did not hinge upon anything. Needless to say, their blatant twisting of their own words pissed me off and so i fired back a rather terse reply calling them out on it. Shortly after receiving my mail they decided to extend my service time for a month, so in the end they did what was proper and ethical, but what they should have done was not ignore three mails regarding the issue and argue that i didn't deserve the credit.

All in all i think AzireVPN offers some uniquely attractive and important features and they manage to do it at a competitive price. If you decide to go with them please consider using my referral link which helps me out a bit.

UPDATE: 18-Apr-2022

I introduced AzireVPN in Alicia's personal-security-checklist GitHub repository ([CONTENT-CHANGE] Privacy-Respecting Software > Virtual Private Networks), and she brought up several concerns, some of which i shared, and so i emailed Azire. Following is their reply to these concerns which i'm personally fairly pleased with:

Q: Client applications not open source. And their only GH repo is very stale
A: It is true that the source code of our current WireGuard applications is not released yet. It will be when we feel confident that the code is ready and mature enough so that everyone will be able to review, submit issues, and contribute with merge requests.

Our GitHub currently hosts the source code of our old OpenVPN client, which is now deprecated and not maintained anymore.

Q: Android App only available through Google Play, no F-Droid or APK
A: We are planning to, at a minimum, release our Android application on F-Droid, probably at the same time we release the source code.

Q: Unsure why the Android app needs external storage read/write permissions
A: The Android application needs external storage read/write permission to be able to write debug logs, which are available from the hamburger menu. Users can then send us the log for support inquiries.

Q: No kill switch option on client apps, and Linux app disconnected several times
A: It is planned to integrate a kill-switch in our clients on all platforms where it makes sense and can be properly implemented.

The Linux client is deprecated. Linux users can use WireGuard's wg-quick directly, or better, use systemd services, for now. They also can use NetworkManager's OpenVPN GUI applet to ease the establishment of an OpenVPN tunnel.

Q: Their only DNS servers are in Denmark, part of the 9-Eyes
A: Our static public DNS servers are located in Sweden. When connecting to our service, users will be assigned with the endpoint's local DNS servers, which should keep the DNS requests internal to the location's local network. It is therefore possible to avoid country deemed untrusted.

Our static public DNS servers are listed on this page, under the "DNS servers" section:

https://www.azirevpn.com/docs/servers

Q: No security audit. And no evidence to backup any of their claims
A: We are planning to make an audit of our back-end infrastructure when we feel ready to do so. For the moment, the back-end is reworked for the release of port forwarding, which should happen in the incoming months.

Q: My traffic was flowing through shared data centers, they cannot / do not physically maintain these themselves, like they made it sound like
A: We buy all our hardware (servers and switchs), seal it, and then send it to data centers around the world. It would not be feasible to own our data centers, although we have close business links with some of them, so we know they can be trusted.

More information on these pages:

- https://www.azirevpn.com/docs/environment
- https://www.azirevpn.com/docs/security

Q: Relatively few locations, and expansion seems to have slowed down
A: See answer number 7. It is less easy to find trusted and quality data centers to send our hardware to, than simply leasing a server which can be terminated at any time.

During 2022, we are striving to expand our locations on the West Coast of the United States.

Q: Surprisingly small throughput compared to other providers, possibly making identifying individuals easier
A: We are not sure if "small throughput" refers to "low traffic" on some locations from our Status page, or if the speed when testing was not great. It usually depends on a lot of factors, but our locations are, for some of them, using Tier 1 providers directly (Cogent, Telia) so the speed should be there. Also, our servers are for the most part using 10 Gbit/s full duplex links.

Q: When trying it out, I found performance was quite poor, and not all their advertised servers were connectable. But this could be due to my location
A: Unless indicated otherwise on our Status page, all our locations are available for use. We have automatic ways to detect down locations on our side, so there should be no issue connecting to them unless an Internet Service Provider banned some of our locations' IP addresses.

We are open to answer other questions or clarify some points if our answers were not complete enough. Alicia can contact us directly to our support email address.

UPDATE: 20-Dec-2024

AzireVPN partners with Malwarebytes. I don't know if this is a good thing or not, but partnering with other companies is generally not a good thing.