ASTRILL VPN REVIEW: Good for China but has security issues
|Pros of Astrill||Cons of Astrill|
Astrill VPN makes an impression of a very capable VPN service that can even bypass the Great Firewall of China. It doesn’t just use regular VPN technologies but also implements innovative VPN protocols and allows tuning a safe connection very precisely.
However, the prices of Astrill’s services are really over the top. At first glance, it seems reasonable: a respectable VPN costs a corresponding amount of money. I tried to dig into the tests as deeply as I could to better understand the uniqueness of Astrill and make sure that it is worth $10+ a month.
I could confirm the real efficiency of the service only in terms of some of the expected features. Moreover, I encountered certain difficulties and issues that can pose a serious threat to one’s privacy under some circumstances.
Do you know, for example, that Astrill VPN which sells services aimed at making the Internet anonymous and free, asks for a phone number when you sign up and forbids the citizens of politically sanctioned countries to use its service as well as restricts access to many resources?
And that’s just the tip of the iceberg. There are technical issues, too.
I’ll tell you everything about the confirmed characteristics and the problem I’ve found in this review.
You can read this article in order or skip forward to the section you want by using the quick nav:
- 7 differences from other VPNs
- First steps and first issues of Astrill
- Astrill in China
- Research of Astrill: Pros, cons, tests, advice
- Analysis of prices and plans of Astrill VPN
- History of Astrill and information about the owner
- My conclusion
Here are the main characteristics of Astrill:
|Supported platforms||All OSs, applet for routers|
|Encryption standard||AES 256 and others|
|VPN protocols||OpenVPN (L2TP and IKEv2 manually)|
|Servers||360+ in 64 countries|
|Logs||Doesn’t keep logs|
|Streaming||Netflix, Hulu, and others|
At the risk of jumping ahead, I should mention that I was disappointed with the results of the security tests. What’s more, I have found proof of that in one of the Reddit reviews.
As you can see in the spreadsheet, two fields are marked with red. It means that the corresponding characteristics are a threat to the users.
There’s a lot of detailed information about it in the “Research of Astrill: Pros, cons, tests, advice” section of the article.
Before I objectively rate Astrill, I will provide you with the whole picture of the service, emphasize its peculiarities and interesting features (there are quite a lot of these, actually).
I will tell you about the 7 main peculiarities of Astrill in short. You can find more detailed information about them in the following chapters.
What peculiarities does Astrill VPN have?
1. It uses not one but three ground-breaking VPN protocols along with the standard OpenVPN.
A VPN tunnel is established between the computers and the VPN server to protect data. A certain data transfer protocol – a VPN protocol – is used to do that. The OpenVPN protocol is the most popular one. It complies with the strictest safety requirements but slows the connection down considerably and is detected by tracking devices in China and some other censoring countries as well as many corporate networks.
As of late, alternative independent VPN protocols are on the rise. They don’t have OpenVPN’s flaws. Astrill indicates that it has three new protocols: OpenWeb, StealthVPN, and WireGuard.
2. The most “complete” version of Astrill is the one for Mac.
Unlike most VPNs that have the maximum functionality for Windows, Astrill’s fullest version is for macOS. All 4 protocols supported by the provider are available only on this platform.
3. The highest price among popular VPN services.
Are you willing to pay $10 to $20 per month for the basic feature pack and pay an extra fee of $10 to $100 per month for the VIP pack that allows you to use a chain of VPN servers and the fastest servers?
If it doesn’t tell you much, I’ll give you two VPN services as an example:
- NordVPN, the best VPN of today, doesn’t have any safety issues and costs starting at $3.49 per month. This sum buys you all of its features.
- Surfshark is a dynamically developed powerful VPN that works in China and also doesn’t have problems with safety. Its prices start at $1.99 per month.
4. Comprehensive functionality.
Settings available in Astrill’s apps (save for mobile devices) are going to surprise even experienced professionals. Jumping ahead, I’ll mention that Astrill has port forwarding, an expanded kill switch, choice of apps and sites that require/don’t require a VPN, and even the ability to share protected Wi-Fi from your desktop (I’ve seen a similar function only on Windscribe).
5. Speed test.
Astrill offers a convenient and effective way to sort VPN locations by speed using the built-in speed test. This isn’t a feature I see a lot. Furthermore, Astrill’s speed test shows real results.
6. Supports Netflix and Hulu.
Streaming is a real strong suit of Astrill. I have tested Netflix and Hulu. If Netflix is supported by at least 10 VPNs, Hulu support is rare. Astrill, though, consistently copes with this task.
7. Port forwarding.
This function is even rarer to come by than Hulu support. It is needed to maximize the torrenting speed.
Nevertheless, I don’t recommend using Astrill for torrenting because of its security problems. Besides, there are reports of the customers who used Astrill for torrenting having issues.
I haven’t enumerated any of the flaws I have found that differentiate it from many other VPNs. We’ll focus on them in the two following chapters.
The first step you take with Astrill VPN, the signing-up process, is going to bring you the first issues.
After I visited its website and learned about the prices, I chose to pay with a credit card. As usual, I used another VPN to protect my personal data, selected the respective points, and entered my email as most VPNs require. Imagine my shock when after that, Astrill asked me for my phone number!
This is the first VPN I know of that asks the phone number when signing up. It basically defeats the purpose of using a VPN and destroys the anonymity. But that’s not it. The only phone numbers you can enter are those originating from China, the United Emirates, and the country that my IP address belongs to.
I was hiding my IP with NordVPN and my location was DE. Because of it, I couldn’t enter my phone number. I was only able to register after I turned NordVPN off. Then, the country code that my phone number has appeared on the list.
Immediately, a question popped up in my mind: what if I were abroad and had no access to other VPNs? The answer is self-evident: I wouldn’t be able to sign up for Astrill.
I first learned about Astrill on Reddit where I read comments about how VPNs work in China. There, I found many positive reviews by real users about bypassing the Great Firewall of China.
As I studied the provider’s features and technologies that help to solve this difficult task, I became convinced that Astrill VPN is one of the best VPNs for China.
And here’s why:
- Smart Mode is the most efficient and safe solution for China, the UAE, and some other countries;
- It has more servers in Asia than most other providers;
- 3 (+1 on demand) VPN protocols that are detection-proof.
Let’s discuss all three features in greater detail.
This mode is only available in China. What it does is connect you not to a foreign but a regional server via the OpenWeb protocol. The regional server then connects to the location the user chooses, providing the IP address change.
This technology fully hides the fact of using a foreign IP address. OpenWeb works in such a way that it bypasses the VPN detection algorithms.
As a result, the user bypasses all the blocks and restrictions with their ISP doesn’t know about it.
Most of Astrill’s popularity comes from China. In the picture, you can see how traffic is spread by countries according to SimilarWeb. As you see, China accounts for more than 58% of the traffic. The service is also more popular than others in Hong Kong and Taiwan.
Here’s the list of the locations available in Asia:
- Hong Kong
3 (+1 on demand) detection-proof VPN protocols
Astrill emphasizes bypassing VPN detection and blocking. It makes 3 efficient protocols available in its basic version:
Moreover, the OpenConnect protocol can be added on demand.
All these protocols are some of the most state-of-the-art developments. They are fast and protect the users in China, the UAE, and other countries with censorship.
So, Astrill has everything needed to work under the most pressing political conditions.
Is it one of the best VPNs for China? Undoubtedly, it is.
In this section, I’ll provide you with answers to all the main questions of Astrill VPN’s work. My in-depth analysis has confirmed some of its important advantages but also uncovered several hidden security and privacy-related issues as well as flaws in the app performance and significant differences between functionality on various platforms.
- Security of Astrill
- Astrill features tests
- Astrill for Windows
- Astrill for Mac
- Astrill for Android
- Astrill for iOS
- Astrill for Linux
- Astrill for other platforms
Security and privacy that a VPN provides are composed of 4 factors:
- Hiding the IP address by establishing a virtual tunnel from the client to the VPN server;
- Encryption of all the incoming and outgoing information including the addresses of the websites you visit (some VPN apps allow you to set specific programs to be used with a VPN but the default settings always encrypt the entirety of the traffic);
- This information is transferred to the virtual tunnel;
- Safe DNS is reassigned (thanks to DNS queries, the connection between the visited domain name and its IP address is established).
Astrill VPN has a serious issue with protecting connection safety. I have found three issues with factors #2 and #4. Any connections from the device that go outside of the VPN channel and are not caused by special app settings lead to an IP leak. Besides, unencrypted data can be intercepted at any spot the traffic passes (by bad actors in a public Wi-Fi network, the network administrator, the ISP, or the governmental agencies).
I used Wireshark tuned for traffic interception from the Wi-Fi adapter to analyze Astrill.
First of all, I found a connection outside of the VPN tunnel:
I found connections to the IP address located in my country (shown inside the red rectangle in the pic above). At the same time, the computer was connected to the US location of the VPN. It means that some part of the traffic is transferred unencrypted.
After I analyzed the traffic transmitted over the course of a longer period, I found 3 IP addresses that my computer had connected to outside of the VPN tunnel:
These IPs are marked red.
I got the same results using all the VPN protocols available in the Windows app: OpenWeb (full protection mode), OpenVPN, and StealthVPN.
Additionally, I found an unencrypted packets leak when using OpenWeb in the full protection mode (outlined in red):
The address of the VPN server is shown in blue.
As a result, I found two problems at once: a part of data goes outside of the VPN tunnel and at least some of it is unencrypted.
OpenWeb has another issue: not all DNS queries go through the channel (though the settings show the DNS of Astrill). Some of the queries went to my ISP:
An unencrypted address of the website I was visiting sent to the DNS server of my ISP is clearly seen inside the red rectangle in the image.
I publish such a detailed report to prevent any possible attempts to protest the test results.
In this and the following sections, I will delineate the functions of Astrill that are available with the basic paid plan. To get access to other VPN protocols, you have to contact the support team. Additional features are also present in the VIP packet which I will tell you about in the “Analysis of prices and plans of Astrill VPN” section.
Speed is Astrill’s strong suit. All the locations tested showed an above-average result:
|Location||Download/upload speed (Mbps)|
|Los Angeles, US||66/47|
It should be noted that Astrill caters to the Oriental market. It has more Asian locations than most of its competitors save for, perhaps, VPN Gate who offers more IPs in the Asian region.
Another advantage of Astrill that is in especially high demand lately is the unblocking of geo-restricted video content. Streaming services take active countermeasures against VPNs to protect their contracts with rightsholders.
Only a small fraction of VPN services help watch Netflix. Astrill is also capable of consistently bypassing Netflix and Hulu blocks.
I tested its US servers and got positive results:
For some reason, Astrill removed its webpage on streaming and many other features (you can view its incomplete saved copy) in 2019. Today, there’s no full list of streaming services and TV channels that this provider supports.
I could only find a mention of a few of them:
Torrenting with Astrill is a controversial activity. On one hand, Astrill allows it and has an advanced kill switch and special servers with port forwarding. On the other hand, Astrill leaks data by not packing the entirety of traffic into a VPN tunnel.
I have also found a negative user review speaking about a customer’s issues with their ISP after torrenting with Astrill:
It’s unknown what settings this user had launched Astrill with but the combination of the technical issues I found during the tests and the case described by the user is a convincing reason to look for another VPN for torrenting.
4. Google search and the use of Gmail
Within 5 days of testing, I didn’t have a single problem with accessing Gmail. Google search also worked without asking for verification that the user is not a robot (which happens with some other VPNs).
5. IP leak test with an unstable connection
It only makes sense to test how reliable the VPN protection is under duress (unstable connection, moving from one access point to another, etc.) when a VPN app has the kill switch function that blocks the traffic if a VPN tunnel fails.
Astrill doesn’t have a kill switch on Android and iOS. In case there is a kill switch despite not being listed in the settings menu (CyberGhost VPN works like that – it doesn’t have a kill switch in its settings but it is integrated into the apps for mobile devices), I checked how Astrill for Android behaves in non-standard conditions:
You can see in the picture how the device’s connection to a network changes.
First, a virtual IP address is determined (the VPN is active). Then, as the Internet connection is lost, the VPN turns off while the device searches for an available network (Reconnect). Then, the smartphone connects to a new network and the real IP address is being leaked for as long as it takes Astrill to restore its connection to a VPN server. The same thing takes place on iOS.
It confirms that the mobile apps don’t have a kill switch and, therefore, do not protect your data and location during a connection loss, switching to another access point, and other cases.
6. Other issues with Astrill
In this section, I will enumerate other issues and flaws I’ve encountered more than once during my tests of Astrill.
1. Frequent DNS issues. During the tests, Astrill couldn’t open websites many times.
It happened both while working and after a long time of being idle during the night. At some point, websites just stopped opening. I recorded one of those occasions on video:
Almost every time this problem emerged was when my computer lost the Internet connection temporarily. Astrill reconnected automatically but it caused a DNS issue that blocked the work of the VPN.
The video shows that Astrill’s DNS is used but the same issue happens with any other settings as well.
An inexperienced user may get “trapped” for a long time solving this problem. It can be solved by turning the VPN off and if that doesn’t work (which has also happened), by reconnecting to the Wi-Fi network.
2. Lack of protection with the VPN on. When I was testing the VPN Sharing function, the PC app lost its ability to protect my IP address and traffic. Even after I turned that function off, Astrill didn’t resume working.
3. Weird behavior of the Android app. While the team of Astrill works hard to further develop the service, supports operations in China as well as Netflix and Hulu, offers state-of-the-art protocols, it is also responsible for a weird app for one of the most popular OSs, Android.
Take a look at the video captured on a test tablet. The app turns off on its own first when I spin the device and then servers on the country list go missing:
4. WireGuard is only available on macOS, Linux, and Android. It is arguably the best protocol supported by Astrill but it’s not present on Windows and iOS.
More on WireGuard in the VPN settings section of the main page.
Most of the cons I have listed concern the Windows app more than others. Astrill doesn’t offer WireGuard and has DNS issues on this platform.
What features of Astrill are available on PC?
- Three VPN protocols;
- Choosing specific sites or apps to work with the VPN;
- Port forwarding;
- VPN sharing. It’s an interesting feature that allows using the VPN on the devices connected to the same router as the computer. It requires you to adjust some of the system settings of the devices you connect.
Be careful with this function, though. When I was testing it, I discovered an issue with the VPN connection. My computer lost its protection despite the app being shown as active.
- Expanded kill switch. It contains two options: App Guard and Kill Switch in the Privacy menu. You can set just certain apps as well as the entire traffic of your computer up.
- Speed Test, an effective way of checking the speed of the VPN server you need with high precision.
Generally speaking, the impression left by the use of Astrill on Windows is ambiguous. On one side, the provider offers a wide range of extra options and features while on the other, it all works only when there’s no DNS issue. Said the issue, however, occurred with irritating frequency during the tests.
Pros of using Astrill on Windows:
- Powerful functionality
- Supports streaming including Hulu
- VPN sharing
- 3 VPN protocols
- Speed test
- DNS failures that lead to connection errors
- Leaks of unencrypted data with the IP address of the customer’s country
- Leaks of some DNS queries to the DNS of the customer’s ISP
- Impractical settings menu. You have to open the entire menu every time you want to change anything
You can download the Astrill app for Windows from this page of its official website.
As I have mentioned already, the fullest version of Astrill is the Mac one. Only the app for this platform and the Linux one support all 4 protocols including WireGuard. Other than that, this app copies the functionality of the version for Windows.
I encountered the same DNS failures while testing the macOS version as on PC.
I found no unencrypted data leaks or connections to undesirable DNS servers. This, however, is more likely a result of not running as many programs and utilities on Mac as on Windows.
You can download the Astrill app for macOS from this page of its official website.
The app for Android is very different from the desktop versions. It doesn’t have the most extra features and settings.
- Three VPN protocols (WireGuard is available while OpenVPN is not);
- Application filter (sets the VPN up for definite apps)
I should note that the app doesn’t have a kill switch, which makes it unsafe for torrenting.
On the opposite side, you can go to the Android safety settings menu right from the app. There, you can remove Astrill from the list of apps that are turned off in sleep mode. Many other VPN services lack such an option, sadly.
Pros of Astrill on Android:
- supports WireGuard
Cons of Astrill on Android:
- no OpenVPN
- no Kill Switch
- VPN turns off if you spin the device
Astrill VPN doesn’t offer an APK installer. You can download Astrill’s Android app only from Google Play Market.
The functionality of the version for iPhone and iPad is barebones. Only one protocol is available for iOS (I couldn’t determine whether it is OpenVPN or StealthVPN). At the same time, there are no settings but the choice between TCP and UDP and port selection.
It’s nothing out of the ordinary, though. iOS apps made by most VPN providers have very few functions (even fewer than Astrill).
You can install Astrill for iOS from the Apple App Store.
Astrill warns us:
PLEASE BEWARE OF IMPOSTER APPS
There are multiple fake apps on the App Store - some disguise as Speed Testing apps, some as Astrill Free VPN app, some just use star logo, blue colors and VPN in name. Do not log into these fake apps, as they will steal your login details. Do not pay through these imposter apps, as you will lose your money. Only download Astrill app using official link below. If in doubts, contact our support via Live Chat or e-mail.
The Linux version is identical to the one for Mac.
Astrill’s software for Linux is available as a .DEB file.
The .deb installer can be downloaded from this page of the official website of Astrill.
Astrill VPN doesn’t offer any extensions for Chrome or other browsers. It also doesn’t have apps for TV platforms as well as Kodi.
The only software that is available is an OpenVPN applet for Asus Merlin and DD-WRT routers. Astrill also sells routers with preinstalled software. They can be ordered from any country.
Devices that do not have such software installed can be set up by using multi-purpose OpenVPN settings that are available on the website of Astrill.
Our system keeps track of active sessions - connection time, IP address, device type and Astrill VPN application version during the duration of your VPN session. Once you disconnect from VPN this information is removed permanently from our system.
What does it mean? It means that your IP address is kept while you’re using the VPN.
Is it bad? Probably not.
Even had this service not put your IP address down, it would still be quite easy to track active connections without logs.
Astrill’s Terms of service contain some very important information:
“You are not allowed to access or use Astrill Services if you are located, incorporated or otherwise established in, or a citizen or resident of:
- a country or region that is subject to comprehensive U.S. economic sanctions (such as those maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”))
- a country or region that is subject to comprehensive E.U. economic sanctions
- Belarus, Burma, Benin, Burkina Faso, Cameroon, Cote D'Ivoire, Cuba, Democratic Republic of Congo, Ghana, Iran, Iraq, Liberia, Niger, Nigeria, North Korea, Senegal, Seychelles, Sudan, Syrian Arab Republic, Togo, United Arab Emirates or Zimbabwe
- a jurisdiction where it would be illegal according to Applicable Law for you (by reason of your nationality, domicile, citizenship, residence or otherwise) to access or use the Services; or
- where the publication or availability of the Services is prohibited or contrary to local law or regulation, or could subject Astrill to any local registration or licensing requirements”
So a service intended to help people gain freedom on the Internet and protect themselves actually stands against it.
At the same time, Astrill’s main market is based on bypassing the Great Firewall of China which is one of the world’s strictest censorships. Then why does it discriminate against other countries so much?
I checked what happens if you connect to an Astrill server from one of the countries on the list. It turns out, there are no issues.
It’s impossible to tell if Astrill just tries to secure its noninvolvement in case some trouble happens or actually doesn’t want to help people from the listed countries.
You’d be hard-pressed to find a more expensive VPN than Astrill. And if you take the extra VIP plan into consideration, the price skyrockets.
Lowest and highest prices of Astrill
|Lowest price per month||$10|
|Highest price per month||$110 and more|
Such a huge difference between prices comes from the extra features that Astrill provides for a surcharge:
- Dedicated IPs. $5 for every IP address;
- VIP add-on. It is aimed at customers from Asia and gamers. It allows using Multi-hop VPN (chaining up to 3 servers), optimizes speeds and decreases latency. This add-on costs $10 to $100 depending on how much traffic is included.
Prices of the major plans:
- $20 per month on a 1-month subscription
- $15 per month on a 6-month subscription
- $10 per month on a 1-year subscription (+ 3 months for free)
Astrill can be used free of charge for 7 days. The free trial is available for all countries but China as well as for all platforms and doesn’t require a credit card.
Astrill doesn’t issue refunds when you cancel your subscription. The reasons it gives are that customers are going to like the quality of services and that they can test how the service work with the free trial.
Though Astrill doesn’t sell coupons, there is sometimes a time-limited possibility to win one, for example, by playing a simple game on a certain page of the Astrill website. However, this isn’t a reliable method because it involves a lot of randomness: your discount can be anything from 5% to 50% while your chance of getting it is 75%.
I did not test the features of the trial version because its short duration isn’t attractive for free use.
Astrill was founded in 2009. Astrill Systems Corp is registered offshore in Seychelles. It is a good jurisdiction that allows the provider to avoid political and economic pressure. Besides, Astrill is located far from 5, 9, and 14 Eyes intelligence alliances.
The company and its services have never been involved in any scandals or investigations.
Astrill Systems Corp address:
Oliaji Trade Centre, 1st floor,
Victoria, Mahe, Seychelles
Quite a sizeable review, isn’t it? During my tests, I have discovered and verified some significant advantages but also serious drawbacks:
+ Convenient 7-day free trial;
+ Optimized for China;
+ High speeds;
+ Doesn’t keep logs and has safe jurisdiction;
+ Supports streaming including Netflix and Hulu;
+ Supports paying with cryptocurrencies;
- Leaks data and DNS queries;
- High prices;
- Failures that block access to all websites;
- Requires a phone number when signing up.
Do I recommend Astrill?
If you live or travel to China, the UAE, or other countries that restrict the use of VPNs, then my answer is 100% yes!
It is also a good service for streaming.
Otherwise, a lot depends on how much you value your privacy because Astrill can leak certain data. If your tasks are sensitive, my advice to you is to find a more secure VPN.
Don’t hesitate to leave a comment or ask us a question. We’ll be right happy to answer them!