Knowledge Base

Billing Questions

Do you offer any discounts for purchases over 100 GB?
Currently, PrivateTunnel does not offer any discounts for purchases over the 100 GB mark as our data packs are already heavily discounted at those rates.If you believe you have special needs that are not met with our available data packs, please contact us at support@privatetunnel.com and we will be happy to assist you further.

What payment methods do PrivateTunnel accept?
PrivateTunnel accepts the following payment methods for its data packs / services: PayPal All major credit / debit cards PayPal balance Bank account Credit Card Checkout All major credit / debit cards Apple Gift Cards Accepted via the Private Tunnel VPN iOS application BitCoin BitCoin wallet via Stripe Alipay (支付宝) Alipay E-Payments Other payment methods are not currently supported by our service, although this may or may not change in the future.

What is your refund policy?
PrivateTunnel allows refunds on our data packs given these scenarios: Single purchase, with usage amounts of less than 200 MB (free tier) Full refund, if purchase is made within the last 30 days. Single purchase, with usage amounts greater than 200 MB (free tier) Prorated refund, based on the usage that has been billed to the account, if purchase is made within the last 30 days. Single purchase, made over 30 days ago Not eligible for refund Multiple purchases, with all purchases made within 30 days Refund up to the last unused data pack (e.g. if you bought four $9.99 20 GB data packs worth 80 GB and you used 35 GB, then a refund of two $9.99 20 GB data packs should be due) Multiple purchases, with some purchases made within 30 days Same as above, although unused data packs purchased over 30 days ago cannot be refunded Multiple purchases, with all purchases made over 30 days ago Not eligible for refund Yearly Subscription Full refund, if purchase is made within the last 30 days Accounts terminated onrequest, or suspended due to abuse / misuse of service Not eligible for refund Accounts with no bandwidth left on data plan(s) Not eligible for refund Purchases made over Apple iTunes Not eligible for refund due to processor limitations To request a refund, please submit a request from your registered email address to support@privatetunnel.com and we will be more than happy to assist you further.

FAQs

Can I get free Internet access with PrivateTunnel?
No, unfortunately PrivateTunnel is not an Internet Service Provider (ISP) and using our data plans will not provide you Internet access.Instead, PrivateTunnel is designed to be used as a secure way to access resources on the Internet, especially at vulnerable access points such as Wi-Fi hotspots or untrusted computer networks. When used properly, PrivateTunnel will prevent hackers and other intruders from seeing your sensitive data and protect your computer from common dangers such as Man-in-the-Middle (MiTM) and/or DNS hijacking attacks.

Do you offer unlimited data plans for your service?
Yes, PrivateTunnel offers unlimited VPN data plans for a very affordable price.For a list of data plans available on PrivateTunnel, please visit our website and click the Buy Data link on top for a list of options available for purchase. * Please note that Unlimited VPN data plans are subject to device usage limits. See data plans page for details.

Do you encrypt the data that is going through the VPN connection?
Yes, PrivateTunnel encrypts your data transmissions with the 128-bit AES-GCM encryption standard. We chose this encryption standard since it is relatively fast, yet it provides strong security for the data it is encrypted with. This ensures that your VPN connection is fast and secure from malicious attacks on the Internet. While our competitors may be touting "higher number of bits" to attempt to persuade potential users that their VPN is more secure, this will most likely not be the case since encryption nowadays are frequently broken by finding weaknesses in the way encrypted data is processed, and not by attacking the encryption algorithm itself. Moreover, the higher number of bits will translate to more processing power used for encrypting / decrypting your data transmissions, causing delays and slow downs while you are using your VPN connection.

Is your service safe from the OpenSSL Heartbeat / Heartbleed vulnerability?
On Monday evening, April 7th, we were informed of a major vulnerability, dubbed 'Heartbleed' (CVE-2014-0160), within one of the Internet's most significant security libraries (OpenSSL). PrivateTunnel relies on our OpenVPN technology, and although the OpenVPN protocol is dependent on OpenSSL, OpenVPN uses specific precautions to guard against any attacks based on Heartbleed. For example, OpenVPN by design incorporates PFS (Perfect Forward Secrecy) since the beginning (even before the Heartbleed issue first appeared two years ago) which means even if the private keys are somehow stolen, they cannot be used to decrypt past or future VPN sessions. Private Tunnel also uses a privilege separation model, the web services run in a completely different process than the OpenVPN daemons handling the data connections; therefore the private keys for your OpenVPN connections are not likely to be at any risk. Given the minimal risk, to be safe we have also made sure all our Private Tunnel web servers and OpenVPN servers are using the latest versions of OpenSSL that are not vulnerable to the Heartbleed issue. The attack vector that is present on servers is not present on the client side, and so our OpenVPN and Private Tunnel client software is not affected by the Heartbeat vulnerability. Private Tunnel will also protect you against MITM (Man-In-The-Middle) attacks in case you are accessing other websites who have had private keys stolen via the Heartbleed vulnerability. The Private Tunnel client uses DNS protection methods to shield you from DNS spoofing or router hijacking, which are the most common attack methods used for MITM.

How can I try your service without paying?
If you would like to give our service a try, simply sign up for an account on our website and your account will be offered a free 200 MB allocation for testing purposes.This is a one-time courtesy credit that will allow you to try out whether our connection is working in your region and how satisfied you are with our service before committing to a purchase.Since 200 MB is not a large data amount, we encourage that you close any programs in the background that maybe consuming large amounts of data, such as download agents or video / audio streaming applications to prevent your trial from expiring prematurely.Once the allocation is used up, you will need to purchase a data pack if you would like to continue your service with PrivateTunnel.

Is PrivateTunnel a free service?
No, PrivateTunnel is not a free service. However, we do offer a trial period where users can demo our service with a limited amount of bandwidth so they can see if our service is right for them. If you would like to give our service a try, simply sign up for an account on our website and your account will be offered a free 200 MB allocation for testing purposes.This is a one-time courtesy credit that will allow you to try out whether our connection is working in your region and how satisfied you are with our service before committing to a purchase.Since 200 MB is not a large data amount, we encourage that you close any programs in the background that maybe consuming large amounts of data, such as download agents or video / audio streaming applications to prevent your trial from expiring prematurely.Once the allocation is used up, you will need to purchase a data pack if you would like to continue your service with PrivateTunnel.

Do you offer service / IP addresses in my local city / country?
PrivateTunnel's ability to offer service in a specific region is dependent on our presence in that area and the servers that we own in that region. As much as we want to offer IP addresses that are geographically diverse, it is not possible for us to offer service in just any part of the world without us having a presence in that area. If you currently live in a region that is not serviced directly by PrivateTunnel, you can submit your request for a region addition by emailing us at support@privatetunnel.com and we will base our future additions on the feedback we receive from our users. Unfortunately PrivateTunnel cannot guarantee that your region will be added in the future, and if it is indeed added, when it will become publicly available for our users.

How do I get started on PrivateTunnel?
Welcome to Private Tunnel! Here are the steps to using Private Tunnel for the first time: Go to www.privatetunnel.com and sign up with your email address. You will receive an activation email in the email account you used to sign up. Click on the activation link in that email. You will be taken to your account portal. At the top of the account portal you will see a Download button. After clicking that button, click on the icon appropriate for your platform and the download will begin. Download the file (.msi for Windows, .dmg for Mac) and then run the downloaded file to install Private Tunnel. After installation, the application will open the Connect screen. Provide your username and password, and select the region to which you wish to tunnel. Click Connect. Congratulations! At this point you are now connected to the Internet through Private Tunnel, and your browsing and other network traffic is now encrypted, hidden and protected. When you wish to stop using Private Tunnel, right click on the Private Tunnel icon in your system tray (bottom right of the screen on Windows, top of the screen on Mac). A menu will pop up, choose Disconnect.  

What kind of support options do you offer for PrivateTunnel?
Because of PrivateTunnel's unique pricing structure relative to other VPN providers, we have to manage our operating costs well in order to provide our customers with excellent service.For this reason, we only provide support via email at support@privatetunnel.com. Phone support is not available at this time. Email tickets are answered on a first-come, first-serve basis and during business hours of Monday - Friday 09:00 AM - 5:00 PM Pacific Time (United States). Some support may be offered outside our standard business hours, however, a response time of 24 - 48 business hours should generally be expected, even though our typical response time is much shorter than this. Please refrain from submitting duplicate requests as doing so would only delay our response to you. To expedite the support process, you are encouraged to include as many details as you can regarding the problem you are having, so our support staff can diagnose your issue properly on your initial contact. Information such as the following maybe helpful depending on the issue you are experiencing: A brief description of your issue Is the issue reproducible and repeatable, if so, what are the steps? How long have you been experiencing the issue, and did it recently happen? Is there anything you have done recently prior to this happening? If something comes to mind, you may want to list them in your email. The country you are trying to connect from The type of connection you are using (e.g. Wi-Fi, 3G/4G, Dial-up, DSL, Cable, Fiber, etc) The Internet service provider (ISP) you are using The region you are trying to connect to If the connection is successful, the VPN IP address you are assigned with If the connection is unsuccessful, any screenshots of the errors and/or connection logs you obtain from your client The software client you are using to connect, the version number, and the operating system you are using with the client Whether an uninstall and reinstall of the client helped with your issue, including reverting to an older version that have worked for you The service you are trying to use or connect to

Do you guarantee that certain services are available while connected to PrivateTunnel?
PrivateTunnel does not block objectionable content while you are connected to our services, with the exception of destinations that have been reported to be spreading malicious malware or associated with viruses and network worms. As much as we try to ensure content availability for all of our users, we cannot provide any assurance that geo-restricted services can be accessed over our services. This includes streaming services such as Netflix, BBC iPlayer, Hulu, and other services that prohibit access from anonymizers and public VPN services. If you believe there is something we can do to make your experience better, please drop us a note at support@privatetunnel.com.

My service provider is saying that someone is hacking my account upon using PrivateTunnel. What's going on?
If this is your first time using PrivateTunnel, or you haven't been using our service in a long time, you may get warning or error messages warning that your account(s) might have been accessed without your permission or unauthorized access may have occurred. Please rest assured that PrivateTunnel nor its employees are not accessing your accounts, nor anyone else is looking at what you are doing and/or collecting your credentials. The reason why you are getting these messages is because the use of a VPN service has triggered a flag in your account. Most service providers keep track of where you are connecting from to deter fraud. This makes sense in generally most cases because if you are connecting from Australia and suddenly access was detected on your account from South Africa an hour later, the system will deem the activity suspicious and may lock or restrict your account to prevent unauthorized activity, considering that it is not yet possible to travel between these countries in that short amount of time. Some countries are likely to trigger these flags more frequently, depending on the algorithms being used and how the system is programmed. This is similar to how credit card companies deter stolen credit cards from being used, and by requiring a travel report to be submitted prior to travel to prevent the card from being blocked internationally. By using our service, your computer automatically assumes the identity of the hosting server. For example, by connecting to our San Jose, California region, your computer will appear as it is coming from the San Jose region during the duration while you are connected to our service. For the same reasons described above, you are likely to get a warning or error message if: The region you are connecting to is geographically distant from the region you are connecting from. You have recently used the service on your computer without the VPN service, hence giving your service provider an impression that your account was accessed "elsewhere" in a short period of time. You have not accessed the service from the region previously. You switched regions in your PrivateTunnel settings. You have not used PrivateTunnel in a while and returned back into using it again. Depending on the service you are using, it is likely that your service will learn these behaviors and stop warning you about this access, especially if you do not change regions frequently in your PrivateTunnel interface. If you want to verify whether an IP address belongs to PrivateTunnel, simply put the IP address in your browser and press Enter. If the IP address is from PrivateTunnel, you will receive a message similar to: 4086953345-PRIVATETUNNEL This confirms that the warning message was indeed triggered by your use of PrivateTunnel. If you are concerned about these messages, please email us at support@privatetunnel.com or contact your service provider for more details. Please note that since this is an expected behavior of using the VPN, we cannot stop your provider from displaying these messages, such inquiries should instead be directed to your provider for assistance.

Can I connect to PrivateTunnel from anywhere in the world?
PrivateTunnel is available anywhere in the world, given that you have an available connection to the Internet. However, under some circumstances, you may not be able to connect to our service. Here’s a list of reasons why our service may not be available: Internet access not available – You may not be connected to the Internet, or the network you are accessing does not have Internet access. Restricted Internet access available – You may be connected to a network where only partial Internet access is allowed. Your workplace may restrict the availability of certain services, or require that a corporate proxy server be used. Certain public places, such as libraries, may only allow access to content specified within their acceptable use policies. Unreliable connection – Depending on the provider used, some providers may not have provide a reliable connection to our servers that could lead to connection drops, slow speeds, or the inability to connect. Many satellite and mobile (3G/4G) Internet providers fall into this category. If you are using such connection, a workaround may be needed for you to connect to our service (although the performance may be severely degraded when such providers are used.) Unauthenticated public hotspots – Many public hotspots require authentication before Internet access is established. In these areas, you will need to open your browser and navigate to any webpage to accept the terms and conditions / enter your login credentials before PrivateTunnel can be used. After this is done, your PrivateTunnel connection should work normally. Firewall settings – Some security software installed on your computer could block or interfere with the VPN connection that PrivateTunnel attempts to make while connecting you to our service. If you are experiencing issues, please review the security configuration to make sure access is permitted to the software client making the connection.  Country based censorship – Some countries impose access restrictions to VPN services due to the censorship rules in place in the region. If you are traveling to these countries, our service is not likely to work until you return to your home country. Such countries include: o    China o    Saudi Arabia o    United Arab Emirates (UAE) o    Oman o    Iran o    Turkmenistan Service unavailability – PrivateTunnel currently does not offer service within the following countries. We advise that you seek alternative solutions prior to traveling to these countries: o    Nigeria o    Ghana o    Côte d'Ivoire If you have any questions or concerns regarding our service availability, please do not hesitate to send your support team an email at support@privatetunnel.com.

How do I uninstall PrivateTunnel?
If you wish to stop using Private Tunnel, you just need to uninstall the PrivateTunnel OpenVPN client. For Windows: Open Control Panel Open Add/Remove Programs (or Programs->Uninstall Program under Windows 7) Scroll down until you see "Private Tunnel" (or "OpenVPN Connect" for older clients) Right click on "Private Tunnel" and choose Uninstall. For Mac OS X: Navigate to Macintosh HD Open the Application Folder Open the "Private Tunnel" folder (or "OpenVPN" for older clients) There should be a file named "Uninstall Private Tunnel" (or "Uninstall OpenVPN Connect" for older clients). Launch this file and the uninstallation process should commence. If the uninstallation file is not present or did not uninstall properly, try to delete the following files from your computer and then reboot: /Applications/PrivateTunnel.app/ ~/Library/Application Support/PrivateTunnel/ /Library/Frameworks/PrivateTunnel.framework/ /Library/LaunchDaemons/net.privatetunnel.ovpnagent.plist If you require assistance in uninstalling your client, please contact us atsupport@privatetunnel.com for further assistance.

Do I have to use the web shortcuts on the portal page to be protected?
When your connection to Private Tunnel is active, all Internet access from your computer is protected, not only web browsing. This includes: All Web browsers, including additional tabs or windows you may open or even different browsers on the same machine Software updates from Microsoft, Adobe and other companies Online games and MMORPGs Messenger applications like Yahoo Messenger, AIM, MSN Messenger and others Voice applications like Skype, VOIP or Magic Jack Streaming audio/video from Media Player, RealPlayer, Google Music, and others All other software that requires a connection to the Internet This means that Private Tunnel not only protects web pages you open from the shortcut links, it protects all your other web pages and browser, and all other data that you send and receive from the Internet.

I'm using secure browsing with HTTPS, why do I need Private Tunnel?
Virtually all secure websites (like banks and other financial institutions) already support secure browsing using the HTTPS protocol. Even popular sites like Facebook, Yahoo and Gmail encourage people to use the secure version of their sites, to protect against having usernames and passwords stolen. While browsing using just HTTPS is relatively safe, there have been some recent research showing weaknesses in the HTTPS protocol, as described in this article:http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ With Private Tunnel, we encrypt your traffic with a second layer of encryption that is not vulnerable to this BEAST attack (it is an attack targeted towards stealing your browser session cookie). While OpenVPN currently uses the same TLS protocol that HTTPS uses, it does not use session cookies or other browser features required by this attack. The OpenVPN protocol also does not use the default SSL/TLS renegotiation process, rather, it always starts a new TLS session from scratch. In short, Private Tunnel and OpenVPN do not have the same vulnerabilities of HTTPS/SSL, they protect your secure browsing with another layer of encryption, assuring your security even if HTTPS fails.

How do I change connection settings on my PrivateTunnel client?
To change connection oriented settings on your PrivateTunnel, look for a wheel icon on the top right-hand corner, and then select Settings. The following dialog will appear. If you cannot find the wheel icon on your client, please update your client to the latest ones found on our website or in the respective app stores. The settings are available as follows: Auto Start (desktop platforms only) Yes - Automatically start PrivateTunnel when your computer starts up. This will restore your previous VPN connection state to that when your computer has shut down or rebooted. No (default) - PrivateTunnel will start and connect on an on-demand basis. PrivateTunnel will not start up when your system starts up. Protocol (Sets the protocol used to connect to the servers): Adaptive - Default option, attempts connection using the UDP protocol first, and then other protocols if UDP fails. UDP - Only attempt connections using the UDP protocol. You will not be able to connect to our service if outbound UDP port 1194 is not available on the firewall. TCP - Only attempt connections using the TCP protocol. You will not be able to connect to our service if outbound TCP port 443 is not available on the firewall. HTTP Proxy - Attempt to connect to our service using a relay HTTP service. This may work if you are behind a restrictive firewall, although the available bandwidth when using this option may be significantly reduced. OBFS Proxy - Attempt to connect to our service using a relay OBFS service. This may work if you are behind a restrictive firewall, although the available bandwidth when using this option may be significantly reduced.   Connection Timeout (Sets the timeout before moving on to the next connection attempt): Generally speaking, the default 6 seconds timeout is sufficient for most systems and results in the fastest connectivity experience. On older systems or systems with a slower connection, however, the connection may not complete in the default timeout, and this may result in a connection loop. In these cases, raising the connection timeout value here may resolve this issue.

How do I connect to PrivateTunnel using OpenWrt?
To connect to the PrivateTunnel service using your OpenWrt router, please follow the steps below: If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website. Login to the LuCI web interface, and then go to System -> Software. Install the openvpn-polarssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK. After the packages have been installed, refresh the web page. The OpenVPN option should appear under Services. If the option does not appear, log out of the administration interface and then log back in. Download your PrivateTunnel profile by going to https://support.privatetunnel.com/dl, and then open the profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++). In the LuCI interface, go to Services -> OpenVPN. In the blank text box that appears, enter PrivateTunnel as the name, and use the Client configuration for a routed multi-client VPN drop down option, and click Add. In the profile editor that appears, click the Switch to advanced configuration >> link. In the Service tab of the profile editor: Check the fast_io checkbox. Click the Save button. In the Networking tab of the profile editor: Under -- Additional Field --, add the sndbuf and rcvbuf fields. Change the sndbuf and rcvbuf values to both 0. Change the dev textbox to read tun0. Select adaptive under the comp_lzo option. Click the Save button. In the VPN tab of the profile editor: Check the pull checkbox. In the remote text box, enter the remote value from your profile file. They should be near the top of the file and after the word remote (e.g. us-ca-sj-001.privatetunnel.com 1194 udp). Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. us-ca-sj-001.privatetunnel.com 443 tcp). Uncheck the remote_random option. Click the Save button. In the Cryptography tab of the profile editor: Under --Additional Field-- , add the ca field. In the profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the certificate into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the cert field. In the profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt. Repeat the above procedure for the <extra-certs> </extra-certs> tag, and paste the contents into the same file you have created. The -----BEGIN CERTIFICATE----- line from the extra-certs section should be on its own line, right after the -----END CERTIFICATE----- line from the section above. There should be a total of four certificate lines in the file. Upload the certificate into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the key field. In the profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the key into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the tls_auth field. In the profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a VPN profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format. Click Save & Apply to save the OpenVPN configuration on your router. On the top of the LuCI interface, go to Network -> Interfaces. Click Add new interfaces... Enter PrivateTunnel under the Name of the new interface text box. Select Unmanaged under the Protocol of the new interface text box. Click the radio button next to Custom Interface: and enter tun0 into the text box. Click Submit to save the custom interface. On the top of the LuCI interface, go to Network -> Firewall. Click the Add button. Use the following settings for the newly created zone: Name: PT Input: drop Output: accept Forward: drop Masquerading: Checked MSS Clamping: Unchecked Covered networks: PrivateTunnel (checked) Inter-Zone Forwarding -> Allow forward from source zones: lan (checked) Click Save & Apply to save the newly created zone. To start the VPN connection, go to Services -> OpenVPN, check the Enabled checkbox and then the start button under the PrivateTunnel profile.

Account Questions

How can I change the email address that's on my account?
In order to prevent fraudulent transactions on PrivateTunnel and to protect the security of your account, you will need to submit a ticket request by emailing our support team at support@privatetunnel.com if you would like to change the email address on your existing account, or if you are locked out due to not having access to your old email address and you do not remember your existing password. Please note this procedure applies to our paid accounts only. If you have a free account, simply register a new account under your new email address.To fulfill your request, please include the following information when emailing support: Your old email address Your new email address (you will need to first register for an account under your new email address if you have not done so already) The following details about your last paid transaction on PrivateTunnel: The transaction method (i.e. PayPal / Credit Card Checkout) The transaction date The transaction amount The transaction ID number For the security of our users' accounts, we will not be able to fulfill your request unless you are able to provide us with the information listed above.

How can I delete / cancel my PrivateTunnel account?
While we are sorry to see you go, we understand that you may have reasons to discontinue your relationship with us.If you would like to proceed in closing your account, please login to your account on https://www.privatetunnel.com/ and go to the Settings page. On that page, type your reason for cancelling and click on Cancel Account.  Note: Once an account is closed, any and all remaining credits on the account will be forfeited, and no refund will be made. Please make sure if you are within the refund period to request a refund before cancelling your account as we will lose your payment data once the account is deleted.  

Can I share my PrivateTunnel connection with multiple computers?
Yes, you may use PrivateTunnel on as many devices as you'd like, with the exception of our unlimited plan which is limited to 10 concurrent devices. Since PrivateTunnel is a pay-as-you-go service, all bandwidth consumed by your devices will be charged appropriately to your account (upload + download). To prevent unauthorized usage of your account, you are discouraged from connecting using a public computer (such as that in a library or a kiosk) or a shared computer where incidental usage may not be welcome (e.g. one-time use on a friend's machine). Unfortunately, we will not be able to make any credits for bandwidth consumed inadvertently in this manner.

I have not received my referral bonus, why?
Our referral system automatically credits your account after your eligible referrals have completed the promotion requirements. If you did not receive the promised bandwidth as promised, here are some of the possible reasons why this might be the case: Your referral did not use your referral link. To be eligible for the referral promotion, your referral MUST have used your referral link when signing up with our service. If this is not done at the time of signup, your account will NOT be eligible for the promotion. You have sent your referral an email to signup for our service, but the user has not signed up and activated their accounts. Your referral has signed up and activated their account, but has not started using our service by downloading the software client and connecting to our service. Your account will remain ineligible until your referral has connected at least once to our service. Your referral is connecting to our service at the same location of the sponsor. To be eligible for a referral bonus, your referral must connect from a different location from your own account. If this is not done, your referral may not be counted as being eligible for this promotion. Our system has detected potential fraudulent activity from your referral(s), such as duplicate account creation or invalid credit card transactions. Your referral has purchased a data pack, but the payment has not yet been cleared. Depending on the payment processor, it may take 24-48 hours for the payment to fully clear from the systems. Please note that it takes approximately 24-48 hours from the time your referral has completed all of these requirements before the credit will be reflected from your account. If you do not see this credit after a couple days and you believe that your referral(s) have completed the requirements as specified, please contact us and we will be more than happy to look at your account further.

Can I transfer my balance from privateinternetaccess to PrivateTunnel?
Unfortunately, PrivateTunnel is not affiliated with privateinternetaccess and therefore we are unable to process such a change. If you require assistance on your privateinternetaccess account, you will need to contact their support team.  

Why is my account in the locked status / deny list?
The most common reason why your account is being locked is because you ran out of bandwidth. If you are one of our trial users and has used up your initial 200 MB trial allocation, your account will be suspended and you will no longer be permitted to connect to our service. To resolve this issue, please login to your account and add a data pack. Once a data pack is added, access to your service will be restored once payment is received and successfully processed. Do note that there is a delay between the time you have placed the order and the time when the bandwidth will be available for use in your account. In other words, you cannot add a data pack and start using it right away. Generally this process takes 24-48 business hours, although this processing time may vary. Please be advised that international transactions may incur additional delays with our payment processors due to fraud prevention measures. If you do not have access to your account after this time has passed, please contact support at support@privatetunnel.com so your payment can be researched. Please include your registered email address and your payment receipt in your correspondence. If you contact us before this time has passed, it is unlikely that we will be able to resolve the issue since the payment has not been fully processed by our systems yet. Your account may also be locked for other reasons, such as violations against our Terms of Service or for returned payments. If our billing systems believe that your payment cannot be successfully processed, your payment account will automatically be refunded and your account will be locked automatically. For any inquiries regarding your payment transactions, please contact support at support@privatetunnel.com.

There is some unexpected usage on my account. What's going on?
Generally speaking, the unexpected increase in usage generally is caused by the following reasons: 1) The VPN connection is left on in the background - Unless you explicitly disconnect from the VPN connection, the tunnel remains on even after you restart your machine or after connection interruptions. The connection can also remain on if you quit the tray icon without selecting the option to disconnect the VPN connection. During this time, unintended usage may be traversing the connection and hence contributing to the increase you are seeing. To check to see if the connection is left on, look at the color of the status tray icon. If the icon is green, this means you are connected to our service. If the tray icon is not running and shows green upon starting the application, it's likely that the VPN connection was left on in the background. 2) Installations on other devices - If you installed PrivateTunnel on any other devices, their usage will be added to your account when their VPN connection is active. You may want to remove PrivateTunnel from any machine once you no longer plan to use the connection from that specific computer / device. If you believe your account is being used on another device that shouldn't be using the service, please let us know of this as soon as possible and we can go ahead and revoke any existing connection certificates so these devices will no longer be able to connect unless they have your existing account password. 3) Delay in bandwidth reporting - If you are using the bandwidth bar on the bottom of our official client as a reference, please note that usage is accurate to the last 24-72 hours, depending on when our servers report back your usage for accounting purposes. If there is a large amount of usage during a specific time, the usage will not appear in your client until 24-73 hours later. 4) Unauthorized usage - If you have previously downloaded your connection profiles on your computer, please note that these files can be used as credentials to access your VPN account. In addition, anyone who has your account password can also retrieve these profiles. If you believe either your password or the profiles themselves have been compromised, please let us know as soon as possible and we can revoke any previously downloaded certificates for your account. At that time you could change your password so no one else can download your VPN connection profiles on your account. Please be vigilant regarding your account's bandwidth usage, as PrivateTunnel is not responsible for any unauthorized or accidental usages. Charges involving such usages will not be refunded. For this reason, please treat your account allocations as you would with cash. You can always email us regarding your concerns at support@privatetunnel.com.  

How do I change my password?
To change your password, please login to your web account portal by visiting our main website at https://www.privatetunnel.com/. Once logged in, click the My Button on the top of the page. Afterward, fill in your old and new passwords and click the Change password button. Once this is completed, your new password will be effective immediately. Note: You will not be able to use this form if you do not remember what your password is. If you are currently logged in, please log out of your account, and then use the Forget password function when logging into your account again.

Connection Questions

What mobile platforms does PrivateTunnel currently support?
PrivateTunnel currently supports the iOS 6.1+ and Android 4.0+ mobile operating systems. Most Android devices running the 4.0+ operating system are supported, however, the following devices are not supported due to their limited support for the OpenVPN driver:          USB TV sticks          Set-top TV boxes          Specialty tablets Depending on the manufacturer of these devices, the connection may or may not succeed, and you may experience connectivity issues upon a successful connection. These are known issues for using a VPN connection over such devices, and unfortunately cannot be fixed unless the manufacturer provides an update to the device firmware. Some third-party firmware updates may be available for your device that enables such support, however, PrivateTunnel does not endorse the use of such firmware unless you have experience in applying such updates and understand the consequences of a bad device update. Other device platforms, such as Windows Phone, Blackberry, and Symbian are not currently supported by PrivateTunnel. These devices do not have a connection framework for the OpenVPN protocol, and hence cannot be used by PrivateTunnel to connect to our service. Until a connection framework is available for these platforms, please use a supported platform to connect to our service. Do note that PrivateTunnel is a OpenVPN protocol service only. Connection via other connection protocols, such as PPTP, L2TP/IPsec, or SSTP will not lead to a successful connection.

How do I connect to PrivateTunnel using the Linux operating system?
The easiest way to connect to our service using a Linux operating system is through the command line.Although there is no graphical interface when connecting using the command line, it is the most secure way to connect to our service since it is using all of the security directives in the configuration file as directed by PrivateTunnel.To connect using the command line, open the Terminal app on your system. Download the openvpn package using your package manager if you have not already done so (e.g. sudo apt-get install openvpn when using a Debian/Ubuntu based system or yum install openvpn / dnf install openvpn on a RedHat type distribution).In addition, if you do not have your PrivateTunnel profile, you can download it from https://support.privatetunnel.com/dlAfterwards, use the following command: sudo openvpn --config "path to your .ovpn file"where path to your .ovpn file refers to the file you have saved from our profile download site, such as "/home/ubuntu/San Jose.ovpn".Once you see a line that says Initialization Sequence Completed, the VPN should be connected successfully and you should be able to browse normally. To disconnect from the VPN tunnel, simply close the window, or press CTRL+C on that command line to return back to the command prompt.If you are having problems with these instructions, please feel free to contact our support team at support@privatetunnel.com.

Why is my Internet service bandwidth allocation being used while on PrivateTunnel?
PrivateTunnel is not an Internet service provider, and therefore it cannot be used as a standalone Internet connection.For this reason, connecting to our VPN service will consume both your Internet service provider's bandwidth allocation as well as the PrivateTunnel allocation that is in your account. If you are looking for alternative bandwidth allocation options, you will need to contact your Internet service provider directly.

How can I speed up my PrivateTunnel connection?
As much as we would like to give you a speedier connection, both speed and latency (ping times) are governed by the following factors (generally not controlled by us): Your native connection speed (if you have a 1.5 Mbps DSL connection, connecting to PrivateTunnel will not give you a higher speed; in other words, your max speed is still 1.5 Mbps) The network congestion on your link (the busier your connection is, the slower the resultant VPN connection will also be) Your ISP routing to our servers (if your ISP does not have good routing to our servers, then the resultant VPN connection will not perform well) The connection type you are using (some connection types have inherent high latency, such as satellite and mobile 3G/4G connections; this latency will be translated directly onto your VPN connection since it takes longer for your computer to reach our servers) Any applicable country / network restrictions (some countries / networks restrict or throttle network traffic that are outside of what's permitted on their network; if you are in this type of network, your connection to PrivateTunnel may suffer a performance degradation) The distance you are away from our servers (if you are in Hong Kong, and are connecting to our servers in the United States, there will naturally be an unavoidable latency increase and speed degradation as compared to your native connection; the amount of such degradation is determined by the other factors listed here. Generally speaking, the further you are away from our servers, the more noticeable the performance degradation will be on your VPN connection.) The amount of time it takes for our servers to reach the destination server in question (if it takes our servers longer to retrieve the data it needs to return it back to you, then your VPN connection will not perform as well. The worst case scenario is when you are accessing domestic resources over an international VPN link, since this will result in a loop in order to complete your request. For example, if you are in the Netherlands and are connecting to our San Jose region in the United States, but are accessing domestic resources in the Netherlands, the VPN link will naturally be very slow since your computer will have to reach out to the United States to make the request, our servers have to go out from the United States to the Netherlands to request the information, and wait for it to come back from Europe to the United States. Once the information is received, it has to go back out again from the United States to the Netherlands to return the information to you. Since the distance the data has to travel is very great in this scenario, both your connection speeds and latency is likely to be very poor in this case) The compressibility of your data (PrivateTunnel utilizes compression to make your VPN connection speedier - the more compressible your data, the faster the resulting connection. Please note that this will likely cause a higher than normal uplink speed reading when doing a speed test, although real-life speed differences are likely to be less since only a limited number of data types can be compressed while transferred over the Internet) The connection protocol used (PrivateTunnel uses both TCP and UDP for its VPN connections, although the UDP protocol is preferred due to its performance advantages. If your provider does not support UDP connections, there will be a significant performance penalty to your connection performance while connected to our service.) In order to improve your VPN connection speed, doing the following may help you achieve a more performant connection: Close any bandwidth intensive background applications such as BitTorrent, download managers, or software updaters during your PrivateTunnel session. When possible, connect using an Ethernet connection instead of a Wi-Fi connection (this can resolve certain issues with signal strength or interference especially if you live in a crowded area such as a big city) Contact your Internet service provider for a connection upgrade (while this may not be feasible for everyone, doing so is likely to have a positive effect on your VPN connection) Pick to connect to a region that is physically closer to you or the server(s) / service(s) you are connecting to When possible, select servers that are closer to your servicing region (for example, if you are inside a multiplayer game, selecting a U.S. region while you are connected to our San Jose region will likely result in better latency rates than if you are connecting to a European server while connected to the same region) If these tips do not seem to help with your connection, and you have reasons to believe your issue is caused by an issue that can be resolved on our end, please contact us at support@privatetunnel.com and we will be more than happy to investigate this further.  

Windows is saying "No Internet access" after connecting to PrivateTunnel, how come?
After connecting to PrivateTunnel, you may notice that Windows is reporting there is "No Internet access" on one of the connections, like the screenshot below: Note that this behavior is normal since a VPN connection does not provide true Internet access by itself. That being said, your data is still being protected by our service and there should be no reason to worry about this indicator unless you are not able to browse the Internet once connected to our service. If this happens, please contact us on the support portal or via email with the following information: The region you are trying to connect to The public IP address you are using (which can be acquired from www.ipchicken.com) The ISP you are using, if known The country you are connecting from The medium you are trying to connect using (e.g. Ethernet cable, Wi-Fi, public-Wi-Fi, 3G/4G air-card, etc.) Any connection errors you have received, and log files from your software client (if available) We will then try our best to diagnose the issue after receiving this information.

Why does my VPN connection keep dropping every couple minutes?
There are many reasons why PrivateTunnel might be dropping its connection. Here are some of the more common reasons: Inadequate Signal Strength - If you are connected to a signal based network such as Wi-Fi or on a mobile Internet connection, low signal strength will likely cause your connection to drop due to excessive data losses. To resolve this issue, try using a wired connection or a signal booster which can help increase the reliability of your connection. Network Congestion - When connected to a network that is shared with other individuals, such as coffee shops, airports, apartment complexes, heavy utilization of the Internet connection can cause your PrivateTunnel VPN connection to become unstable. Whenever possible, try to connect to a connection that is not heavily utilized when you require consistent connectivity to our service. High Network Latency - High latency network links, such as those using satellite type uplinks, may cause excessive data losses that results in a connection timeout. While PrivateTunnel generally works fine under these situations, the VPN connection will not be optimal when subjected to very high network latencies. Misconfigured Firewall / Routers - PrivateTunnel operates primarily on the connectionless UDP protocol and improper configuration of your firewalls / routers may cause your connection to drop frequently. Unfortunately, this scenario also happens with many smaller, international mobile carriers, and adjustments to your configuration may be necessary to maintain consistent connectivity. If you suspect misconfiguration, you are encouraged to check the following: a. Windows - On your local computer, make sure that any security software that may be installed on your computer is allowing both ptcore.exe and PrivateTunnel.exe access to the Internet. b. If restrictive firewalls are being used, make sure these firewalls allow outbound connections to TCP/80, TCP/443, and UDP/1194. If non-stateful firewall rules are used, the reverse direction must also be allowed. c. Make sure that the UDP connection / state timeout setting on your router is set to at least 300 seconds (5 minutes). Some optimization guides online advise smaller values that causes the connections to expire prematurely, and therefore causing a timeout on your VPN connection. d. If you do not have access to any of these settings (e.g. if you are a subscriber to a mobile Internet service and have no access to these settings), force the client to connect using TCP mode. Do note that you will encounter a performance penalty under TCP mode so please refrain from using this unless it is your last option of choice. Please contact support if you require directions on how to do this on your device. Device Sleep Modes - Some mobile devices, such as the iPhone and some Android devices, disables the Internet connection when the device is in sleep mode to conserve battery power (i.e. if you turn your screen off.) Under these circumstances, the VPN connection will also be put on standby until a connection is made available. If you frequently turn your screen on and off, you may notice that the VPN connection will attempt to reconnect as soon as the device is turned on. This is normal behavior and should not be a reason for concern. If this behavior is undesirable, consult your device manual on how to disable these power-saving features on your device.

What protocol does PrivateTunnel use to connect to the VPN server?
PrivateTunnel is a OpenVPN protocol service only. Connection via other connection protocols, such as PPTP, L2TP/IPsec, or SSTP will not lead to a successful connection. For this reason, a compatible OpenVPN client, such as our official client downloaded from our website, must be used to connect to our service.

Can I use the built-in VPN client to connect to PrivateTunnel?
PrivateTunnel is a OpenVPN protocol service only. Connection via other connection protocols, such as PPTP, L2TP/IPsec, or SSTP will not lead to a successful connection. For this reason, a compatible OpenVPN client, such as our official client downloaded from our website, must be used to connect to our service. Most devices only provide built-in support for PPTP, L2TP/IPsec, or SSTP, and therefore will not work with our service. For those devices that contain an integrated OpenVPN client, please consult the device documentation for instructions on how to configure your device to connect to our service. Your connection profile (.ovpn file) may be acquired by logging in to our website portal, and then clicking the My Account button on top of the page.

Can I connect to PrivateTunnel from anywhere in the world?
PrivateTunnel is available anywhere in the world, given that you have an available connection to the Internet. However, under some circumstances, you may not be able to connect to our service. Here’s a list of reasons why our service may not be available: Internet access not available – You may not be connected to the Internet, or the network you are accessing does not have Internet access. Restricted Internet access available – You may be connected to a network where only partial Internet access is allowed. Your workplace may restrict the availability of certain services, or require that a corporate proxy server be used. Certain public places, such as libraries, may only allow access to content specified within their acceptable use policies. Unreliable connection – Depending on the provider used, some providers may not have provide a reliable connection to our servers that could lead to connection drops, slow speeds, or the inability to connect. Many satellite and mobile (3G/4G) Internet providers fall into this category. If you are using such connection, a workaround may be needed for you to connect to our service (although the performance may be severely degraded when such providers are used.) Unauthenticated public hotspots – Many public hotspots require authentication before Internet access is established. In these areas, you will need to open your browser and navigate to any webpage to accept the terms and conditions / enter your login credentials before PrivateTunnel can be used. After this is done, your PrivateTunnel connection should work normally. Firewall settings – Some security software installed on your computer could block or interfere with the VPN connection that PrivateTunnel attempts to make while connecting you to our service. If you are experiencing issues, please review the security configuration to make sure access is permitted to the software client making the connection.  Country based censorship – Some countries impose access restrictions to VPN services due to the censorship rules in place in the region. If you are traveling to these countries, our service is not likely to work until you return to your home country. Such countries include: o    China o    Saudi Arabia o    United Arab Emirates (UAE) o    Oman o    Iran o    Turkmenistan Service unavailability – PrivateTunnel currently does not offer service within the following countries. We advise that you seek alternative solutions prior to traveling to these countries: o    Nigeria o    Ghana o    Côte d'Ivoire If you have any questions or concerns regarding our service availability, please do not hesitate to send your support team an email at support@privatetunnel.com.

How do I use Tunnelblick to connect to PrivateTunnel?
To connect to PrivateTunnel using the Tunnelblick client, please make sure you have the latest version of the client installed on your computer. Make sure your operating system is supported by the specific Tunnelblick version before installing it on your computer. The latest version can be downloaded from this URL: https://code.google.com/p/tunnelblick/wiki/DownloadsEntry After the Tunnelblick client is installed, please follow the instructions in this article to retrieve your connection profile: https://support.privatetunnel.com/dl Once the profile is downloaded, open it in Finder: You may get a warning about the profile you have downloaded. Simply click Open to continue: Tunnelblick should then ask you to install the configuration. Select All Users to continue (if Tunnelblick does not appear, exit any open instances of Tunnelblick and try again): An administrator password is needed to install the profile. Provide the administrative credentials and then click OK: After the connection profile has been imported, the Tunnelblick icon should present you with the option to connect to the region that was imported. You may continue to import other regions until you have all the regions available to you within Tunnelblick. If you are experiencing issues with the connection, select the VPN Details... option and then click the Log tab that appears: Select the Copy Diagnostic Info to Clipboard button, paste the contents into a text editor such as TextEdit, and save the file. Afterwards, email the attachment to support@privatetunnel.com and we will be more than happy to look over the log file for you. If you are receiving error messages that no dev tun or dev tap is found while importing the profile, it indicates that the profile download process has failed. In that case, you may want to retry downloading the profile under a different browser or computer, or try again later. If you are continuing to have issues, please ensure that your account has adequate bandwidth to connect to the VPN service, or submit an email to support@privatetunnel.com and we will look at the issue more closely.  

How do I use the Windows community client to connect to PrivateTunnel?
To connect to PrivateTunnel using the Windows community client, please make sure you have the latest version of the client installed on your computer. The latest version can be downloaded from this URL: http://openvpn.net/index.php/open-source/downloads.html Please use the I601 versions unless otherwise directed, or if you are experiencing connectivity issues with the I601 version. Please also observe that you are using the right download for your operating system (e.g. 32-bit vs 64-bit). After the Windows community client is installed, please follow the instructions in this article to retrieve your connection profile: https://support.privatetunnel.com/dl First, close the OpenVPN GUI client if it is already open. The client tray icon should look like a gray rectangular box with a unlocked pad lock on it. Right click on the icon, and select Exit. Afterwards, right click the OpenVPN GUI shortcut on the Desktop, and click Properties on the bottom of the list. If you are using Windows XP, you may skip these shortcut instructions directly to moving your profile into the config directory (see below.) Click the Advanced... button on the window that appears: Check the Run as administrator checkbox in the dialog that appears, and then click OK. Click OK again to exit out of the dialog. Accept the following dialog that warns you about administrative credentials. Repeat this step for the shortcut in the Start Menu, as well as any copies of the shortcut that you may make in the future.   Next, open the C:\Program Files\OpenVPN\config folder on your computer, and then drag the connection profile you have downloaded previously into that folder. If you are using Windows Vista or later, you may see the following dialog prompting you for administrator permissions. Click Continue to proceed. VERY IMPORTANT for Windows Vista or later users: If support has requested that you modify your connection profile using a text editor such as Notepad++ or Wordpad, the profile must be modified outside of the config directory. After moving the profile inside the config directory, the configuration will no longer be modifiable. To modify it in the future, you will need to drag it out of the config directory, modify it, and then move it back into the config directory. Alternatively, you can select to launch your text editor with administrative rights by right clicking on the text editor, and selecting Run as administrator. The text editor will then be able to modify the configurations inside the config directory directly for the time you have the text editor open. After moving the configuration to the config directory, you can double click the OpenVPN GUI shortcut to open the client application. VERY IMPORTANT for Windows Vista or later users: Unless you have User Account Control (UAC) explicitly disabled, the following dialog should appear when you open the shortcut. If you do not see this dialog, please repeat the shortcut instructions above, or the client will not work properly. The application should open without any error or notification messages. If an error appears stating an error creating hklm software openvpn-gui key, that indicates that the program was not launched with proper administrative privileges. Please repeat the shortcut procedures above to resolve the issue. After right clicking the tray icon, the Connect option should appear. You can repeat the region download procedures for the other regions and they should also show up in this menu once the profile has been moved over to the config folder. If you are experiencing issues with the connection, select the View Log option and then save the file to your desktop.Afterwards, email the attachment to support@privatetunnel.com and we will be more than happy to look over the log file for you. If you are receiving an error popup similar to the one above, it indicates that the profile download process has failed. In that case, you may want to retry downloading the profile under a different browser or computer, or try again later. If you are continuing to have issues, please ensure that your account has adequate bandwidth to connect to the VPN service, or submit an email to support@privatetunnel.com and we will look at the issue more closely.

How do I download my account connection profiles from PrivateTunnel?
To download your PrivateTunnel connection profiles, please login using your PrivateTunnel account using the links below. Your PrivateTunnel username and password must be active for you to be able to use this service. If you need assistance with another VPN service, please contact your VPN service provider directly for assistance. Note: If you are using the Android operating system, please note that the stock Browser app will not work properly with these downloads due to an issue identified in the application. Another browser, such as Google Chrome or Opera [Mini] can be used without any issues. If this is the first time you have downloaded your profile, it may take up to 2 minutes before the profile is ready for download. Please be patient as clicking the link multiple times may delay the availability of the profile. If you encounter any issues downloading your connection profiles, please send us an email at support@privatetunnel.com and we will review the issue further.   PrivateTunnel Profile Download Section  San Jose, CA Profile Download Chicago, IL Profile Download New York, NY Profile Download Miami, FL Profile Download London, UK Profile Download Switzerland, CH Profile Download Montreal, QC Profile Download Amsterdam, NL Profile Download Stockholm, SE Profile Download Hong Kong, HK Profile Download Frankfurt, DE Profile Download Tokyo, JP Profile Download  

How do I use DD-WRT with Private Tunnel?
To use DD-WRT with your Private Tunnel account, please download your connection profile by clicking here. Once the profile has been downloaded, open it your favorite text editor. Please note that if you are using the Windows operating system, you will need to use a text editor that understands the Unix EOL convention. Thus, text editors such as notepad will not work. In this case, use text editors such as Notepad++, Wordpad, or Microsoft Word. ** IMPORTANT: The instructions below will only work on more recent versions of DD-WRT. Generally speaking, any versions dated before late 2014 will not work (the date is displayed on the right top hand corner of the router configuration page). In other words, if you are running the stock version of DD-WRT provided on the main website, these instructions will NOT work for you. To update to the latest version, please update to the latest versions by visiting here: ftp://ftp.dd-wrt.com/betas. You should make sure that you follow all flashing instructions for your particular device, otherwise your device could be rendered inoperable. We are not be responsible for any devices that are unusable due to incompatible or bad flashes. Before you begin, make sure your router is properly configured for a NTP server. This setting could be found under the Setup tab in your router configuration. Under Time settings, make sure the NTP Client is set to Enable and the Server IP / Name is populated with a proper time server. If you do not know what your time server is, please fill in time.nist.gov in the text box as indicated. If an NTP server is not configured properly, your connection will fail to connect even though all the settings have been configured properly. Afterwards, visit the Services tab, then the VPN tab. Under the section Start OpenVPN Client, click the Enable radio box. If you do not see this section, it is possible that your DD-WRT build is not OpenVPN enabled. Please consult the proper DD-WRT documentation for more information on the various DD-WRT builds. Once you have selected that option, also check the Enable option under Advanced Options, this will allow you to define options required by Access Server and for the VPN connection to work. The following screen should then be displayed, as depicted below. Please note that if you are not seeing the same list of options as listed above, then you are probably running an outdated DD-WRT version. Please update your firmware using the link previously to the latest version and the options should then match. Configuration Descriptions: Start OpenVPN Client: Enables/Disables the OpenVPN client connection. Server IP/Name: The hostname of the VPN server you are trying to connect to. If you do not know what this is, look inside your profile for entries starting with remote. For example, the entry remote us-ca-sj-001.privatetunnel.com 1194 udp indicates that the hostname is us-ca-sj-001.privatetunnel.com. (Note that this is the default server for Private Tunnel's San Jose, CA server) Port: The port number the VPN server is listening on. Private Tunnel currently listens on UDP port 1194 and TCP port 443. Tunnel Device: What operating mode your Access Server is operating on. Please select TUN as a tunnel device for Private Tunnel. Tunnel Protocol: Preferably, for best performance, you should select UDP here. However, you may also elect to use TCP if you are under technical restrictions that prevent you from using UDP. When using UDP, please make sure the port is set to 1194. Likewise for TCP, the port should be set to 443. Encryption Cipher: Private Tunnel uses BF-CBC as an encryption cipher. You may not select any other encryption ciphers in this list or the connection will fail to function. Hash Algorithm: SHA1 is the hash algorithm used by Private Tunnel, so you should select this here. User Pass Authentication: PrivateTunnel uses certificates to authenticate to its services. You should select Disable for this function. Advanced Options: As described previously, this option must be Enabled for you to set the required options necessary for a successful VPN connection. TLS Cipher: What encryption algorithm OpenVPN should use for encrypting its control channel. Selecting None will allow DD-WRT to auto-negotiate the strongest available cipher. LZO Compression: Enables compression over VPN. This option is controlled by the server, so selecting No is appropriate here. NAT: Creates a NAT layer over the VPN tunnel. This should be Enabled for your connection to work successfully. Firewall Protection: Enables the internal firewall for the VPN tunnel. PrivateTunnel by default already firewalls any external traffic before reaching your device, so this option can either be Enabled or Disabled at your discretion. IP Address: Please leave this field blank. Subnet Mask: Please leave this field blank. Tunnel MTU setting: The maximum transmission unit (MTU) used over the VPN tunnel. This value should be set at 1500. Tunnel UDP Fragment: Please leave this field blank. Tunnel UDP MSS-Fix: Whether to limit the TCP MSS values to fit the tunnel MTU. Select Disable unless instructed by our support staff. nsCertType verification: Checks to see if the remote server is using a valid type of certificate meant for OpenVPN connections. As this is a security feature of OpenVPN, it should be left enabled.   TLS Auth Key: The static key OpenVPN should use for generating HMAC send/receive keys. You may find this key surrounded by the <tls-auth>..</tls-auth> brackets. Copy the contents from your profile, starting from --BEGIN OpenVPN Static key V1-- until you reach --END OpenVPN Static key V1--. Additional Config: Any additional configurations you want to define for the VPN connection. If you would like to run a split tunnel over the VPN, you can use the directive syntax below: route-nopullroute <VPN server address> 255.255.255.255 net_gatewayroute <hostname or IP of subnet here> <subnet mask here> vpn_gatewayroute <hostname 2 or IP of subnet 2 here> <subnet mask 2 here> vpn_gateway For example, to redirect only secretnet.exampletronix.com over the us-ca-sj-001.privatetunnel.com VPN server, use the following directives: route-nopullroute us-ca-sj-001.privatetunnel.com 255.255.255.255 net_gatewayroute secretnet.exampletronix.com 255.255.255.255 vpn_gateway Policy based Routing: This field should be left blank. PKCS12 Key: This field should be left blank. Static Key: This field should be left blank. CA Cert: The CA certificate used by the VPN server, found between the <ca>...</ca> brackets inside the profile. Start copying from --BEGIN CERTIFICATE-- until you hit the first --END CERTIFICATE--. Public Client Cert: The CA certificate used by the VPN client, found between the <cert>..</cert> and <extra-certs>..</extra-certs> brackets inside the profile. Start copying from --BEGIN CERTIFICATE-- until you hit --END CERTIFICATE--. Please make sure you have copied both sections from <cert> and <extra-certs> into this field. Private Client Key: The client’s private key used by the VPN client, found between the <key>..</key> brackets inside the profile. Start copying from --BEGIN RSA PRIVATE KEY-- until you hit --END RSA PRIVATE KEY--. To start the VPN connection, click the Apply Settings towards the bottom of the page. You may view the status of your VPN connection by visiting the Status tab, and then the OpenVPN tab.

Why can't I connect to PrivateTunnel while using a public hotspot?
Many public hotspots require you to authenticate or accept a terms of conditions agreement before allowing you access to the Internet. If you tried to connect to our service before you have gone through this step, the connection will likely fail and alternate between connecting and reconnecting states. When using such public hotspot, open a browser and navigate to any website (e.g. http://www.whatismyip.com/). If you see your content properly displayed, then the Internet connection is working properly and you should be able to use PrivateTunnel normally. If not, please follow the steps on screen to complete the authentication process. After the authentication process is complete, you should be able to connect with the software client as you normally do.

Does PrivateTunnel replace my mobile Internet connection?
No, unfortunately PrivateTunnel is not an Internet Service Provider (ISP) and using our data plans will not provide you Internet access.Instead, PrivateTunnel is designed to be used as a secure way to access resources on the Internet, especially at vulnerable access points such as Wi-Fi hotspots or untrusted computer networks. When used properly, PrivateTunnel will prevent hackers and other intruders from seeing your sensitive data and protect your computer from common dangers such as Man-in-the-Middle (MiTM) and/or DNS hijacking attacks.

Does PrivateTunnel provide dedicated / static IP services?
No, in order to protect the identities of our users on PrivateTunnel, all of our IP addresses are shared and are dynamic in nature.

How can I connect to Private Tunnel using my Chromebook?
Although the Chromebook has built-in support for the OpenVPN protocol, the operating system has implemented a very limited subset of the OpenVPN client in its interface. The limitation that is in place now would not allow the operating system to connect to our services. Please consider using a supported operating system in order to connect to our services, or use a compatible router that is able to connect all of your devices to our VPN network.

Do I have to use the web shortcuts on the portal page to be protected?
When your connection to Private Tunnel is active, all Internet access from your computer is protected, not only web browsing. This includes: All Web browsers, including additional tabs or windows you may open or even different browsers on the same machine Software updates from Microsoft, Adobe and other companies Online games and MMORPGs Messenger applications like Yahoo Messenger, AIM, MSN Messenger and others Voice applications like Skype, VOIP or Magic Jack Streaming audio/video from Media Player, RealPlayer, Google Music, and others All other software that requires a connection to the Internet This means that Private Tunnel not only protects web pages you open from the shortcut links, it protects all your other web pages and browser, and all other data that you send and receive from the Internet.

How do I switch to another region / server?
Private Tunnel provides several VPN servers in different countries which allow you to make your computer appear as if you are accessing the Internet from that country. If you are using the Private Tunnel 2.x client, you can switch servers by either choosing a particular server when you first log onto the application, or by selecting a new server from the dropdown box once you are logged in and connected. For all other clients that use our standalone profiles, please download the appropriate profile for your region from https://support.privatetunnel.com/dl.

How do I change connection settings on my PrivateTunnel client?
To change connection oriented settings on your PrivateTunnel, look for a wheel icon on the top right-hand corner, and then select Settings. The following dialog will appear. If you cannot find the wheel icon on your client, please update your client to the latest ones found on our website or in the respective app stores. The settings are available as follows: Auto Start (desktop platforms only) Yes - Automatically start PrivateTunnel when your computer starts up. This will restore your previous VPN connection state to that when your computer has shut down or rebooted. No (default) - PrivateTunnel will start and connect on an on-demand basis. PrivateTunnel will not start up when your system starts up. Protocol (Sets the protocol used to connect to the servers): Adaptive - Default option, attempts connection using the UDP protocol first, and then other protocols if UDP fails. UDP - Only attempt connections using the UDP protocol. You will not be able to connect to our service if outbound UDP port 1194 is not available on the firewall. TCP - Only attempt connections using the TCP protocol. You will not be able to connect to our service if outbound TCP port 443 is not available on the firewall. HTTP Proxy - Attempt to connect to our service using a relay HTTP service. This may work if you are behind a restrictive firewall, although the available bandwidth when using this option may be significantly reduced. OBFS Proxy - Attempt to connect to our service using a relay OBFS service. This may work if you are behind a restrictive firewall, although the available bandwidth when using this option may be significantly reduced.   Connection Timeout (Sets the timeout before moving on to the next connection attempt): Generally speaking, the default 6 seconds timeout is sufficient for most systems and results in the fastest connectivity experience. On older systems or systems with a slower connection, however, the connection may not complete in the default timeout, and this may result in a connection loop. In these cases, raising the connection timeout value here may resolve this issue.

How do I connect to PrivateTunnel using OpenWrt?
To connect to the PrivateTunnel service using your OpenWrt router, please follow the steps below: If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website. Login to the LuCI web interface, and then go to System -> Software. Install the openvpn-polarssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK. After the packages have been installed, refresh the web page. The OpenVPN option should appear under Services. If the option does not appear, log out of the administration interface and then log back in. Download your PrivateTunnel profile by going to https://support.privatetunnel.com/dl, and then open the profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++). In the LuCI interface, go to Services -> OpenVPN. In the blank text box that appears, enter PrivateTunnel as the name, and use the Client configuration for a routed multi-client VPN drop down option, and click Add. In the profile editor that appears, click the Switch to advanced configuration >> link. In the Service tab of the profile editor: Check the fast_io checkbox. Click the Save button. In the Networking tab of the profile editor: Under -- Additional Field --, add the sndbuf and rcvbuf fields. Change the sndbuf and rcvbuf values to both 0. Change the dev textbox to read tun0. Select adaptive under the comp_lzo option. Click the Save button. In the VPN tab of the profile editor: Check the pull checkbox. In the remote text box, enter the remote value from your profile file. They should be near the top of the file and after the word remote (e.g. us-ca-sj-001.privatetunnel.com 1194 udp). Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. us-ca-sj-001.privatetunnel.com 443 tcp). Uncheck the remote_random option. Click the Save button. In the Cryptography tab of the profile editor: Under --Additional Field-- , add the ca field. In the profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the certificate into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the cert field. In the profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt. Repeat the above procedure for the <extra-certs> </extra-certs> tag, and paste the contents into the same file you have created. The -----BEGIN CERTIFICATE----- line from the extra-certs section should be on its own line, right after the -----END CERTIFICATE----- line from the section above. There should be a total of four certificate lines in the file. Upload the certificate into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the key field. In the profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the key into OpenWrt by selecting the new file you have created. Under --Additional Field-- , add the tls_auth field. In the profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a VPN profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format. Click Save & Apply to save the OpenVPN configuration on your router. On the top of the LuCI interface, go to Network -> Interfaces. Click Add new interfaces... Enter PrivateTunnel under the Name of the new interface text box. Select Unmanaged under the Protocol of the new interface text box. Click the radio button next to Custom Interface: and enter tun0 into the text box. Click Submit to save the custom interface. On the top of the LuCI interface, go to Network -> Firewall. Click the Add button. Use the following settings for the newly created zone: Name: PT Input: drop Output: accept Forward: drop Masquerading: Checked MSS Clamping: Unchecked Covered networks: PrivateTunnel (checked) Inter-Zone Forwarding -> Allow forward from source zones: lan (checked) Click Save & Apply to save the newly created zone. To start the VPN connection, go to Services -> OpenVPN, check the Enabled checkbox and then the start button under the PrivateTunnel profile.

Better Safe Than Sorry