How to Know When Your VPN Provider Is Being Honest About International Gateway Locations
“Access premium content from various global VPN locations” is a response a VPN service provider will comfort you with when you search for VPN networks with global coverage.
Once you hear these words, relief sets in.
There are a lot of reasons to use a VPN service with an international presence such as accessing region specific or censored content, hiding p2p sharing that is frowned upon in your country, or browsing the web securely over an unsecure network.
Plenty of VPN providers in the market offer to route your internet connection through one of their international gateways, and they claim the servers are in a particular location.
But have you ever checked if the server is actually located where they advertise?
Here’s something alarming: A number of VPN providers are advertising VPN locations around the world that are actually located in the US. They’re only updating the IP ownership information to make it appear that they IP address is location in another country. Not only are they’re making ambiguous claims, but overcharging customers since it’s much cheaper than actually setting up servers in offshore locations..
Most users never check if their VPN connection is routed to the location advertised. They expect their VPN provider to be highly transparent and up front. If a service gateway is not located in the country which it is advertised for, users can face issues such as:
- Failure to geolocate to the desired location
- Slow speeds to the desired location
- Undesirable legal jurisdiction
These are instances that defeat the full purpose of using a VPN service.
Traceroutes/Pings Tell a Different Story
If you have the technical knowhow, you can perform traceroutes/pings to tell where a gateway is actually located. The results from this test/experiment would look something like this:
ExampleVPN is supposed to have a location in Auckland, NZ. If a traceroute (tracert) to its hostname is performed from Chicago, USA:
Tracing the path to ExampleVPN New Zealand IP location (18.104.22.168) on TCP port 80 (http), 30 hops max 1 10.1.2.25 0.479 ms 0.428 ms 0.556 ms 2 10ge-2.ge146.chi1.
colocrossing.com (22.214.171.124) 0.684 ms 0.633 ms 0.595 ms 3 ae16-386.chi11.ip4.gtt.net (126.96.36.199) 1.156 ms 1.163 ms 1.137 ms 4 xe-9-1-0.chi11.ip4.gtt.net (188.8.131.52) 1.148 ms 1.161 ms 1.166 ms 5 be3027.ccr41.ord03.atlas. cogentco.com (184.108.40.206) 1.675 ms 1.621 ms 1.440 ms 6 be2461.rcr12.b002281-5.ord03. atlas.cogentco.com (220.127.116.11) 2.011 ms 2.192 ms 2.087 ms 7 18.104.22.168 1.695 ms 18.736 ms 2.145 ms 8 22.214.171.124 [open] 1.565 ms 1.565 ms 1.513 ms
It is apparent from the ping times and traceroute that the server is located in Chicago, not NZ. It’s impossible to go from Chicago to NZ in 1.5ms since that’s faster than the speed of light.
And when you connect to ExampleVPN’s New Zealand IP location and traceroute out:
traceroute: Warning: www.google.com has multiple addresses; using 126.96.36.199 traceroute to www.google.com (188.8.131.52), 64 hops max, 52 byte packets 1 184.108.40.206 (220.127.116.11) 1533.225 ms 67.066 ms 61.497 ms 2 18.104.22.168 (22.214.171.124) 60.668 ms 61.971 ms 60.919 ms 3 126.96.36.199.in-addr.arpa (188.8.131.52) 61.250 ms 72.902 ms 69.437 ms 4 ip81.208-100-42.static.
steadfastdns.net (184.108.40.206) 69.190 ms 67.959 ms 70.124 ms 5 xe-0-0-1.core4.chi02. steadfast.net (220.127.116.11) 74.908 ms 65.975 ms 61.235 m 6 eqix-ch-100g.google.com (18.104.22.168) 62.341 ms 61.326 ms 60.149 ms
First few hops confirm that you’re in Chicago.
For comparison, the same experiment for SlickVPN shows that the gateway is actually in NZ:
Tracing the path to gw1.akl1.slickvpn.com (22.214.171.124) on TCP port 80 (http), 30 hops max 1 10.1.2.25 0.488 ms 0.434 ms 0.422 ms 2 10ge-2.ge146.chi1.
colocrossing.com (126.96.36.199) 0.568 ms 0.722 ms 0.503 ms 3 ae16-385.chi11.ip4.gtt.net (188.8.131.52) 1.162 ms 1.170 ms 1.137 ms 4 xe-1-0-0.lax21.ip4.gtt.net (184.108.40.206) 54.472 ms 54.403 ms 54.463 ms 5 i-4-peer.tlot02.pr. telstraglobal.net (220.127.116.11) 55.054 ms 56.239 ms 55.324 ms 6 i-0-7-0-13.tlot-core01.bi. telstraglobal.net (18.104.22.168) 57.810 ms 57.102 ms 55.917 ms 7 i-0-4-1-0.hptw-core01.bx. telstraglobal.net (22.214.171.124) 180.991 ms 182.778 ms 180.292 ms 8 unknown.telstraglobal.net (126.96.36.199) 180.154 ms 179.181 ms 179.039 ms 9 ie1-g-0-0-0.telstraclear.net (188.8.131.52) 179.047 ms 178.945 ms 178.957 ms 10 * * * 11 184.108.40.206 179.699 ms 179.549 ms 179.701 ms 12 220.127.116.11 [open] 179.544 ms 180.871 ms 179.610 ms
You can tell from the traceroute that the packet leaves Chicago, jumps to LAX, and then jumps over to NZ. Ping times are reasonable for the distance.
If users run a traceroute to the public/external IP address of a specific VPN endpoint they would then see the packet’s path in their traceroute results.
Note that the traceroute identifies each host by hostname when it’s possible, but users won’t always get a full name resolution. Some results will fail DNS lookup and will be identified by their IP address. This is not a big deal usually. Users should not think the process failed because the host is not identifiable by name when they perform a traceroute to a VPN gateway.
What This Means for You?
When you sign up for a VPN service, you place your trust in the VPN provider. When you connect to their servers and network, you assume they are being honest when they say your exit IP is in Amsterdam, for example, and that the provider is not just obfuscating something else.
So if a VPN you sign up with advertises that its servers are located in different countries but tests show that they’re located in the US, your online identity is at risk. It may be much easier for your ISP, hackers, various agencies, and governments to track you down.
Therefore, you should definitely conduct as much research as possible. VPN providers have to generate sales and profits, and if their gateways are not in the locations you’re paying for, you should assume they’re making their money off of your lack of knowledge, and using false claims for marketing purposes.
Some providers are transparent about security, but not so much about their gateway locations. You may use their services to stay secure online, but don’t assume the gateway is located where they say. Just a bit of testing is all it takes to figure out where the gateway is actually located.