This site is migrating to wiki.safing.io, which is being maintained by Safing and the community alike.

VPN Compatibility

  1. Setup
  2. Where Incompatibility Comes From
  3. Workaround: OpenVPN
  4. DNS Leak Detection
  5. Community Reports

Overall, the Portmaster is compatible with VPNs. Here we describe what to look out for and known issues with special VPN software.

Setup

Under normal circumstances, VPNs should work right out of the box. If not, you can always use OpenVPN as a workaround.

Where Incompatibility Comes From

Incompatibility is created when both Portmaster and a VPN client hook into DNS. Check your VPN app if you can somewhere disable DNS redirection.

Portmaster needs to hook into DNS in order to understand which connection goes where and to which app it belongs. Without it, users would have to start filtering by IP address, making Portmaster basically useless.

Portmaster automatically secures DNS requests by encrypting them to a secured DNS resolver - which you can configure if you do not like the defaults. You can even set your VPN provider as the resolver if you want. We are all about empowering users.

VPNs do sometimes hook into DNS too - creating the compatibility conflict. Their idea is that since you redirect all your normal traffic through them, you might as well redirect all your DNS to them too. Now that comes from good intentions - but if they do not provide a way to disable this behavior, then this goes against user choice.

The same can apply when VPNs enforce traffic re-routing with kill switches.

There sadly is not much we can do than to ask VPN providers to empower users and allow them to disable their various integrations.

Workaround: OpenVPN

If a VPN Client does not work, you can try restoring compatibility with this FAQ guide. Or alternatively, you can always work around this by using OpenVPN instead. This is a bit more technical but worth a shot if the normal VPN client does not work out.

DNS Leak Detection

Please note that pretty much all the DNS leak detection tests by the VPN providers will be a false positive, as the only thing they check is if you are using their DNS servers. Rest assured that your DNS queries are well protected by the Portmaster and there is no need to be concerned.

Community Reports

Please report your experience to help others know whether Portmaster works with a certain VPN client or not.

Native Client OS Mode Status Link
MullvadVPN OpenVPN 🚫 issue confirmed #445
WireGuard 🚫 issue confirmed #445
OpenVPN 🟢 confirmed compatible, setup required → #313
WireGuard 🟢 confirmed compatible, setup required → #313
Mysterium VPN 🟡 issue reported #649
NordVPN <= v3.12.4 NordLynx 🟢 reported compatible #297
OpenVPN 🟢 reported compatible #297
NordVPN >= v3.12.5 NordLynx 🚫 issue confirmed #643
OpenVPN 🚫 issue confirmed #643
PIA VPN OpenVPN 🟢 reported compatible #317
WireGuard 🟡 issue reported #317
ProtonVPN 🟢 reported compatible #320
🟢 confirmed compatible #160
RiseupVPN 🟡 issue reported #284
Surfshark VPN OpenVPN 🟢 confirmed compatible #785
WireGuard 🚫 issue confirmed #785
VyprVPN OpenVPN 🚫 issue confirmed #563
IKEv2 🚫 issue confirmed #563
WindscribeVPN 🟢 confirmed compatible, setup required → #311
WireGuard native 🟡 issue confirmed, workaround available #292