Return to Facebook   Twitter   Reddit   ProtonMail
Support Center / General Information / What is Secure Core VPN?

What is Secure Core VPN?

ProtonVPN has a Secure Core mode to improve user privacy and data security by mitigating some of the risks from a compromised VPN server.

A common method to expose VPN traffic is by compromising the server that handles your traffic. This risk is particularly acute when the server is located in a high risk jurisdiction. To mitigate this risk, ProtonVPN employs a technique called Secure Core. This article provides an overview about the attacks that Secure Core mitigates, how it achieves higher VPN privacy, as well as instructions on how to activate Secure Core in ProtonVPN.


A. What does Secure Core protect against?

ProtonVPN’s unique Secure Core architecture allows us to defend against network attacks that other VPNs cannot defend against. A classical VPN setup involves a client passing traffic through a VPN server en-route to the final destination. This means an attacker that has control of the VPN server, or the ability to monitor the network of the VPN server, will be able to match VPN clients with their destination, nullifying the privacy benefits of the VPN.

Such timing/correlation attacks are not difficult to accomplish. In countries with restrictive Internet regulations (China, Russia, Iran, Turkey, etc), or countries with broad surveillance powers (USA, UK, etc), state surveillance agencies typically have the power to coerce either the VPN provider, or the network/server provider of the VPN provider, to assist with such network monitoring. Therefore, even though ProtonVPN is based in Switzerland, we cannot know for sure that our VPN servers in other countries such as the US or the UK are not being monitored and user privacy compromised.

B. How does Secure Core increase VPN privacy?

Secure Core allows us to defend against this threat to VPN privacy by passing user traffic through multiple servers. When you connect to a server in a high risk jurisdiction like the US, your traffic will first go through our Secure Core servers. Therefore, even if our US VPN server is being monitored, an attacker would only be able to follow the traffic back to the edge of our Secure Core network, thus making it far more difficult to discover the true IP address and location of ProtonVPN users.

We have also gone to extraordinary lengths to defend our Secure Core servers. First, servers are located in specifically selected countries with very strong privacy laws (Iceland, Switzerland, and Sweden). Secure Core servers are also located in extra high security datacenters to ensure strong physical security. ProtonVPN infrastructure in Switzerland and Sweden are located in underground datacenters, while our Iceland servers are located within a former military base. Furthermore, Secure Core servers are fully owned by us and also provisioned by us (shipped on-site directly from our offices). Finally, Secure Core servers are connected to the Internet using our own dedicated network with IP addresses that are owned and operated by our own Local Internet Registry (LIR).

These measures provide us with a much higher level of certainty that our Secure Core servers and network are not being tampered with. While there is no such thing as 100% security, Secure Core is just one of the many ways ProtonVPN delivers better VPN security and privacy by protecting against complex attacks other VPNs cannot defend against.

C. How do I activate Secure Core?

Secure Core is a feature included in our Plus and Visionary Plans and can be activated as follows:

Windows ProtonVPN application:

  • Download and install ProtonVPN, start the application and log in
  • Find and activate Secure Core under the country tab on the left.
  • Connect to the available servers in the list underneath.

Android ProtonVPN application:

  • Install the ProtonVPN Android VPN mobile app from the Play Store.
  • Tap the selector next to “Use Secure Core” to activate Secure Core.
  • Connect to one of the available secure core servers in the server listing.

On MacOS, GNU/Linux, iOS

  • Follow the step by step guide to set up ProtonVPN on MacOSLinuxiOS devices or Android devices
  • When selecting a server configuration file, simply choose a config file with a name structure similar to

Related articles

Does ProtonVPN store user information?

Installing ProtonVPN on Windows

Step by step guide to ProtonVPN on MacOS

Step by step guide to ProtonVPN on Linux

Post Comment


  1. Neil

    Hi, could you tell me what the percentage numbers are next to the coloured dots in the server list
    Also does a red dot mean a heavily loaded server and vice versa, thanks

  2. ProtonVPN Team

    Hello Neil,

    You can see how loaded the server is by observing how much filling the circle has. The less its filled (green circle) – the more free space there is on it and vice versa.

  3. A.R.D.

    Is there any possibility that Secure Core will be offered in the future for the free accounts? 🙂

  4. ProtonVPN Team

    We are sorry to say but there are no current plans for doing so. If you have any further questions feel free to contact us using our support form:

  5. Nicolas

    Can ProtonVPN provide a static IP address attached to our own domain name. We want to be sure that our internal mail server never looses a message and has a secure path to it.

  6. ProtonVPN Team

    Hello Nicolas,
    All of our servers have public static IP addresses that do not change. If you have any further questions feel free to contact our support:

  7. irishredbloke

    love the product guys – especially the core connect option. I think speed is lacking just a bit however I’ve only tested for a few hours. The deal killer is no netflix compatibility. I want to keep this core connect functionality so bad however my family is Youtube and Netflix all the way.

  8. ProtonVPN

    Hello, we appreciate your kind words! Regarding Netflix and streaming services, we are working on a potential resolution of the case. At this time we are focused towards privacy and security, therefore our main priority is providing the most secure connection to our users.

  9. Justin

    From the best impression ever made to the biggest let down for a VPN ever. Why is it so slow? I know it has to bounce around servers so do other vpns and they aren’t this slow. Modern VPN tech allows users to access Netflix so what’s up? If you aren’t going to do it best don’t do it at all. Where are the dedicated TOR servers? Dedicated p2p servers? This has been a great expectation that lead to a great disappointment.

  10. ProtonVPN Team

    Hey Justin, if you have any issues with connection speeds, please contact us via and our support team will help you out. Regarding dedicated TOR and P2P servers – both are available with a Plus plan. Regarding streaming services – as you may now, most popular streaming services tend to block VPNs heavily. We will be working on it, but right now our main goal is to release a stable and working service across all main operating systems, then we will see what we can do with the entertainment part.

  11. pm.user

    Dear Justin, ProtonMail/VPN is not “just another pvn/email service”. It is targeted for people with special needs, SERIOUS needs, not for downloading porn and watching Netflix. If you have ANY kind of principles, STOP using Netflix! If no one is using because they don’t agree with their rules, they will open up or go broke.
    Now, it is like you want to enter in MY house, and I only want Swiss people. WHY DO YOU TRY ? Desperate? …

    Keep up the good job @protonvpn & @protonmail.

  12. Charles Hsieh

    This vpn is very easy to use and it completely free. But how do you know that people won’t hack the tunnel and see what we are browsing? But I still trust Protonvpn. Thank you for making it free!

  13. Child

    So server load is lower (green) is the best for speed ?

  14. ProtonVPN Team

    This is just a color indicator to show which server is currently least loaded.

  15. 你能不能开通secure core

    protonvpn 公司,你好。你们能把你们的protonmail 能有中国的语言的版本吗?如果你们没有请迅速更新你的技术,如果你这样搞下去的话,你会丢掉很多很多潜在中国的客户。还有最要命的是花了48欧元买了你们的protonvpn,发现竟然是个阉割版的VPN,没有secure core ,就像人丢失一支手臂,那买你的VPN,就毫无意义。因为从价格来讲你比GOOGLE公司的蓝灯VPN,\setupvpn\nordvpn\tunnello vpn都要贵很多,而且他们一个账号可以提供5个设备连接.。而你的只有2个设备连接,而且网络速度是4K。综合上述情况,请你把你的SECURE CORE功能快速补充上来!我期待你的好消息!

  16. ProtonVPN


    We are working on the Chinese translation for ProtonMail. Regarding the Secure-Core feature, we do have it but only our Plus and Visionary subscribers have access to it. Also, with the Plus plan you get 5 simultaneous connections, and with the Visionary plan you get 10 connections and ProtonMail Visionary plan included, with the highest features.

  17. D. Cvetkovic

    Can I use the Secure Core VPN together with Tor browser? Or, for the Tor, I need to use only ?
    Thanks for fast answer!

  18. ProtonVPN Team

    Hello, you can use Tor browser while connected to VPN, just keep in mind that Tor browser will use the IP address you will get assigned from TOR network on top of the IP address you will receive from the VPN server. Hope this helps!

  19. RB

    RE: ProtonVPN August 3, 2017: “The dedicated Mac application is already in the works (internal testing has begun as well) which will include all the advanced features. Stay tuned for more information towards q4 2017”

    Now that we are into 2018 and had changed from ExpressVPN to ProtonVPN – Plus for 2 years…. It would be nice to have a full featured product that loads Bank of America, using Secure Core, without having slow loading problems and having to use “Tunnelblick” for an iMac, we are paying for this anticipated service. Other household Users would like me to switch back to ExpressVPN, that has a Kill Switch.

  20. ProtonVPN Team

    Hey, currently our macOS application is in closed beta. Please write us an e-mail via and we will send you an invite.

  21. Nelson Melina

    Does the “Fastest” profile use SecureCore by default ?

  22. ProtonVPN Team

    Hey Nelson – no, “Fastest” profile will always connect you to a server which has least load and is closest to your current location. You can set up your preferred Secure Core server as a profile and Quick Connect will use it instead.

  23. Al

    Does securecore count as two device slots? How are device slots counted? By tunnel, or by device? IE: 4 tunnels from one device counts as one device, or 4 devices?

  24. ProtonVPN


    The secure core connection is counted as one connection, not two. You can set-up ProtonVPN on numerous devices, but you can simultaneously connect the number of devices according to your plan. If you have a Windows PC, smartphone and a Mac connected at the same time, that’s 3 simultaneous connections that you have active at that certain period of time.

  25. G.

    For mac users, can we benefit of all features even if there no specific app !?
    Because with tunnel blick we can not access directly to features like kill switch, dns leak, etc.

  26. ProtonVPN

    The dedicated Mac application is already in the works (internal testing has begun as well) which will include all the advanced features. Stay tuned for more information towards q4 2017

  27. Xcvbsugi

    Do I still have access to Bank of America page with the VPN on? If not, can I access this page, after I did certain adjustments to my VPN? If not, do you think I should close my Bank of America account in the USA? Thanks a lot.
    And what do I use on the phone as an app to access the VPN and turn it on and off or on a ipad? (Might have been asked before…) But thanks for repeating.

  28. ProtonVPN

    Hi xcvbsugi, whether third party sites work with the VPN is up to the setting of said site. We do not restrict access to any pages. It is also not our place to recommend financial institutions. What we can help with is mobile VPN access: check out

  29. John

    Something does not add up with the SecureCore servers:
    All the configs used were freshly downloaded from the login interface again, no matter if macos or linux udp/tcp:

    1) Entry server ips in the configs are in the exit destination. Final exit ip equals entry ip. E.g. IS-DE = DE entry ip and exit ip = same ip. IS-NL = NL entry + same as exit. Shouldnt both have IS entry ips?
    2) Latency equals latency through only the exit ip e.g. i got 40ms through IS-DE although the latency to IS is already much more and through IS alone about 130.
    3) Throughput also equals going directly through the exit server but not through the multihop. 40mbit through IS-DE while 4mbit through only IS.

    The math and entry ips tell me im clearly not being routed through IS but stay in DE or NL (doesnt matter if you use IS-DE or IS-NL or CH-UK etc)

    Am i missing something? OpenVPN + macos or linux UDP/TCP configs downloaded from protonvpn logged in interface.

  30. ProtonVPN

    Hi John, we are unable to reproduce at this point. Example:
    IS-NL secure core remote IP start with, NL server IP’s start with
    Connecting with the IS-NL config file, an ip check reveals the exit node IP.
    If the issue persist for you please drop us a line via the support form with detailed log output of your OpenVPN connection and a traceroute from the CLI (e.g. traceroute -n on linux)

  31. T

    If the same protonvpn’s openvpn account is used Linux workstation and iPhone and the iPhone gets compromised (attacker gets openvpn username and password and config) does this affect user’s privacy on the Linux workstation usage?

  32. ProtonVPN

    It should not because we don’t log.

  33. Oldman

    Could I just ask a noob question please? I am using a IOS device and was just wondering do I leave the VPN on 24/7 or just when I need to connect to the internet? Also does this use up data in your phones data plan?
    Thanks 🙂


    When using the Windows ProtonVPN app with a secure core connection, my IP listed in the ProtonVPN app when connected is often different that what a website reports is that because the App reports the first core server and the external website shows the second? If so, it would be nice if the app could be updated to include the external IP we will be seen as in addition to the IP assigned at the first server (e.g. Connected to Iceland->Germany core server). App shows Iceland IP, external connections see Germany IP. Would be cool to see both somewhere.

  35. ProtonVPN

    thanks for the feedback. This is currently being worked on and will be included in future updates!

  36. hallo

    im planing to use vpn for streming video(kodi) .are basic offer secure enough?

  37. Joe

    Sounds almost like a dual-VPN tunnel with the multiple servers use. How is Secure Core different from a dual-VPN connection?

  38. SOCKS

    So does secure core serve the same purpose as running through a proxy/SOCK5 before connecting to the VPN. I also thought it would be good to list what programs tend to leak your IP. Because I recall someone from one of the hacking groups got popped because he logged into IRC without logging into TOR. Then the cops convinced them they had flipped on each other.
    Could you add one to explain what ProtonMail Visionary is I can’t quite figure it out. I can infer that Plus Servers are better servers? I also wasn’t aware that not all VPNs cover TOR and I was thinking you could still be compromised by malicious Tor exit nodes and there is a way to mitigate that if not solve it completely somehow. I understand this is aimed at privacy advocates but I was wondering how you intend to prevent abuse without logs? Correct me if I am wrong but if someone was to torrent using this VPN with Tor would that slow down the VPN or how fast Tor will go? If I am going through the core do I need to obfuscate my Tor traffic to avoid correlation attacks or simply because the network admin doesn’t allow it.

  39. ProtonVPN

    Tor will generally see performance drops due to the nature of how its implemented. When connected through ProtonVPN Tor node, your information stops at the TOR server and we pass on the traffic for you. ProtonMail Visionary info can be found here

  40. Joseph McAteer

    AirVPN in my opinion, is top rated as far as tech is concerned. It appears you might be giving them a run for our money. great job Proton.

  41. robert

    just signed up for Plus. thank you for all you are doing. re:speed of secure core in US. i have 80 mbs up and down without vpn and close with your basic vpn without secure core. however, with secure core i drop to 12 mbs down and 1.5mbs second up. i am in between Phila & NY in the US. can anything be done about that speed which is just not workable?

  42. SOCKS

    Unlikely dude because the Core is in Sweden since it’s “Privacy Friendly” the most they could do is find somewhere closer to NA that is equally privacy friendly but it will still be across the ocean where as their VPN service has servers all over the world. You could look into a SOCK5 or something similar but there are similar issues where the privacy friendly one’s are all in the EU. I think it’s best to use Core only when browsing sensitive material and use the VPN without Core for things where your speed matters like playing games in browser, facebook or streaming video.

  43. ProtonVPN

    generally, users have reported speeds of around 75% of their full speed, even with secure core (however the ping will be impacted, due to the nature of rerouting through two countries instead of one)

  44. Rob

    With Core, can you route through more than 2 servers? i.e. 4 hops (servers) for ultra secure?

  45. byu

    so with secure core download speed will go lot down even I pick a server closest to me? I’m an located in east coast USA. I want to have maximum security and download speed. which plan should I choose?

  46. Badr

    Which plan is the best to use when within China? And what servers should be used?

  47. Robert

    Testing 0.9.7 on Win10.
    What is the meaning of the partial Yellow in the “Countries” tab?
    Some have no Yellow, some more…

  48. ProtonVPN

    the yellow country tab represents the current load of the VPN server, if you hover over it with your mouse, you should see the numerical value

  49. Liam

    I am on a steep learning curve with this stuff. Thanks Jim White for the webopedia link. Are there any other specific resources that cover these topics or do I have to piecemeal stuff? What exactly is considered a ”high-risk jurisdiction’…? I’m currently switching from iPhone to Galaxy s8…are there specific concerns to be addressed with doing so…? Thanks!

  50. Wilf K

    Wouldn’t a “high risk jurisdiction, be considered a member of the so-called” 14 Eyes” countries?

  51. Jeffrey Julius

    How do I ell the location of a server in a country, so that I can connect to the closest server?

  52. ProtonVPN

    For now, this information is not yet available. We’ll be adding server region information in the near future, stay tuned on that.

  53. User

    Secure Core terminating in USA is no longer available on server list, so I switched to another country. I use online services in the USA, and this does cause some inconvenience when I connect to websites that are sensitive to the apparent origin of a user’s connection. I now need to do a lot more two-factor authentication for services I use. Will USA be coming back?

  54. ProtonVPN

    Secure Core in the US is still available. We just added Swiss Secure Core servers and have shifted the US connection to run via Switzerland. Look for ch-us connection

  55. Stephen

    I will always support Proton. I have enjoyed the mail and will utilize the VPN religiously. Just a thought. Mobile VPN for android or iOS would be great for those of us always on the go!

    Loving the Beta so far.

  56. ProtonVPN

    Mobile apps are in the works! In the meantime, you can already connect using third party clients, check our guides for Android: ; and iOS:

  57. Morten

    Your explanation of “Secure Core VPN” is a bit vague.
    If I use, say, the config file named “”, I end up in the Netherlands (NL).
    I understand that the “is-” part means that I first go to Iceland, but what security-related tasks are you doing there?

    Are you terminating my tunnel on Iceland and establishing a new tunnel from Iceland to the Netherlands – or are you simply routing the tunnel via Iceland?
    What other security-tricks are you doing, that makes this trip via Iceland more secure than going directly to the Netherlands?

    Please explain a little more about what “Secure Core VPN” is and how it works?

  58. ProtonVPN

    More technical info will be published as we progress with beta and move closer to launch, stay tuned!

  59. Wilf K

    Now that we are launched with ProtonVPN… Can we get more info on how the Secure Core works?

  60. xamessuer

    Yes, I am also interested in what security measures you take at the first location. What if someone monitors the first server? Is there a double encryption at the end? Do you run the Service on RAM disks? Thanks for helping! I love the Service please give some more information on secure core.

    Are you planning to do something against DPI and other actions? This is Important for all in restrictive countries.

  61. ProtonVPN

    The measures taken are described in the article actually if you read through it entirely. And yes, we are working on things to foil DPI.

  62. John Connett

    Any plans to support IPSec VPNs in addition to OpenVPN?

  63. Joseph Pihkal

    Very nice layout and design.
    Does it have a fail safe? Like lock the computer if it losses the VPN connection?

    Don’t want to wait to find out !!!

  64. Flea

    +1 on that one. would be great if that would be implemented.

  65. SOCKS

    It says in faq that there’s a built in kill switch that prevents IP leak

  66. ProtonVPN

    the built in killswitch is available in the native clients. At launch it’s available on Windows with other platforms coming soon. (more info in Q4 this year)

  67. j

    Now all you guys need is a drop box alternative!

  68. Jonathan do the job

  69. Slavo

    try Mega, I’m very pleased with that service

  70. Tilt

    Try the swiss zeroknowledge

  71. Ken

    I too have a turris and would like to add protonvpn to it. The process to add your vpn to my Ubuntu was documented perfectly, thank you.

  72. David

    Awesome will be a user of your service forever.

  73. jim white

    For those (like me) not as verbal on what a vpn is : I came across this update which explains partly the vpn. Seems to me they have (yet) to define the forward thinking and service your providing. Salutes. jpw

  74. jim white

    Humbled to MS load your invention in Beta! Best to all, jpw.

  75. yuri

    Will it be possible to use this service taking into account for example turris omnia router on devices?

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't find your answer? We're happy to help you!     Contact Our Support Team

Secure Your Internet Today

Get ProtonVPN