Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

Virtual Server Locations & Rented VPN Servers Explained

JP Jones is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process.

Fact-checked by Simon Migliano

Every VPN service implements its server network differently. That means it's difficult to know exactly where your data goes and who is responsible for it. In this guide, we’ll explain how virtual servers, fake locations, and rented VPN servers work — so you’ll know exactly what to look out for.

vpn, dns, and proxy servers

Every VPN’s server network is slightly different. For example, some VPN services choose to rent large portions of their server infrastructure so their users can access a wider range of geographical locations.

It’s also common for VPN companies to use virtual server locations. These provide users with an IP address from one country, even though the server is physically located in a different country.

Both of these variables can come with privacy and security concerns if not implemented correctly. It’s possible for a VPN to be hacked through compromised servers, which why it’s important your VPN takes the management of each server seriously.

Quick Summary: Virtual Server Locations & Rented VPN Servers Explained

  • Fake/Virtual VPN server locations are servers that are not physically based in their advertised location. For example, a VPN server that offers an Australian IP address but is physically located in the US. These servers are safe to use, as long as there is transparency from the provider.
  • Virtual VPN servers are servers hosted on virtual machines. These are only a danger to users when the VPN provider doesn’t also own or rent the underlying physical hardware.
  • Rented VPN servers are servers leased from a third-party landlord, such as a data center. In theory, these VPN servers are no less safe than first-party owned servers, as long as the provider enforces a stringent vetting process and remotely monitors the server effectively.

In recent years, we’ve seen some VPN services come under scrutiny for how they manage their servers — the NordVPN hack in 2018 is a good example.

Some companies are upfront about how they control their network while others are less transparent.

In this guide, we’ll explain the different ways a VPN service can implement its server network, and how this can impact your online privacy and security.

Why Trust Us?

We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.

VPNs Tested65
Total Hours of Testing30,000+
Combined Years of Experience50+

Summary: How VPN Services Implement Their Server Networks

This guide explains the different ways a VPN service can implement its server network, and what that means for your privacy and security.

Here’s a summary of what you need to know:

  1. Server Ownership: VPN providers can either rent or own the servers that form their network. Though concerns are often raised over the safety of rented VPN servers, these are mostly mitigated by the use of Remote Console Access. As long as the VPN service is rigorous in its vetting of data centers and diligent in its remote monitoring of the server, rented servers shouldn’t be an issue for the majority of VPN users.
  2. Virtual and Physical Servers: VPN servers can be either physical or virtual. From a user’s perspective, the difference between these two is usually unimportant. The only danger arises when providers use general-purpose cloud hosting services to rent just a virtual server. When providers don’t also own or rent the underlying physical hardware, they put their user’s privacy at risk.
  3. Virtual Server Locations: VPN servers can be physically located in a different location to the IP address they assign. This practice is only problematic for VPN users when providers are not transparent about it. If a provider is explicit about which of its servers use virtual locations — and where those servers are really located — then fake server locations are not a threat to users.

The information in this guide serves to highlight the huge variation in how commercial VPN services choose to implement their networks.

Often, users aren’t aware of these nuances or simply don’t consider them. This makes picking the right VPN service all the more important.

If you’re truly concerned about privacy and security online, you should be using a VPN service that is transparent when it comes to issues such as data center vetting procedures, the use of fake server locations, and not using rented virtual servers.

While we can’t expect every VPN to own its network outright — or to openly discuss every detail of its operations — we should be holding the VPN industry accountable when it comes to acknowledging the way in which VPN servers are implemented and how this can affect users.

With greater transparency, users will be able to make informed decisions about who to trust with their data and which VPN service is right for them.

What Is a VPN Server?

When you use a virtual private network (VPN) you’ll usually choose between a list of server locations in different countries.

At the most basic level, VPN servers are simply computers designed to host and deliver encrypted tunneling services.

Once you’ve connected to a server and requested a website in your browser, the VPN software on your device encrypts your connection and routes it via your chosen server on its way to the internet.

This process establishes a secure communication channel between your device and the VPN server, known as a VPN tunnel.

how a virtual private network (VPN) works

VPN software connects your device to a remote server through an encrypted tunnel.

When you access a website, the VPN server decrypts your traffic and sends it onto its intended destination.

When these websites send information back to you, the data is again routed through the VPN server which encrypts and transmits it back to your device. The VPN software on your device then decrypts it so it can be loaded in your web browser.

If your VPN is working effectively, the websites and services you access will see the IP address of the VPN server you’re connected to, rather than your personal IP address.

VPN servers can be either physical or virtual, and VPN providers can either rent or own the servers they use.

In the next sections, we’ll discuss the issues of server ownership, virtual machines, and virtual server locations in more detail.

VPN Server Ownership & Rented VPN Servers

SUMMARY:

It is impractical for a commercial VPN service to own and manage all of its servers on-site. Of the remaining options, a rented VPN server is only marginally worse than a co-located server from a security perspective.

Both methods are subject to the same privacy risks when it comes to the monitoring of upstream traffic.

As long as the VPN service properly configures the rented server, remotely monitors it effectively, and understands the data center’s network environment, there is little increased risk with a rented VPN server versus a co-located server.

VPN services have the choice between renting or owning the servers in their network. This can have important consequences for privacy, security, and performance.

illustrations of the three vpn server ownership options: on-site ownership, co-location, and rented

Unfortunately, server ownership can often be a closely-guarded secret. Many VPN services are reluctant to disclose when they are using rented servers.

Here are the three main options when it comes to server ownership:

  1. On-Site Ownership: The company purchases, installs, and maintains its servers itself. The servers are owned outright and stored somewhere on company premises, so only trusted employees have physical access to them.
  2. Co-Location Agreement: The company owns and operates its servers but stores them off-site, usually in a data center. For a fee, the data center provides storage, air conditioning, and bandwidth. The company’s staff monitor the server remotely and visit the data center to repair hardware when needed.
  3. Rented Servers: The VPN service rents its servers straight from a data center. This allows it to avoid the expense, time, and expertise required to purchase, install, and maintain a physical server. The data center handles the hardware, and the VPN company is given remote access to handle the software.

In this section, we’ll explain the different ownership options available to VPN services, along with their advantages and disadvantages.

On-Site Ownership

From a privacy and security perspective, the ideal VPN service owns its entire server network and stores it on-site. This way, the VPN service knows everything about the hardware they use and also owns the surrounding network infrastructure.

It also means that no one could physically access the VPN servers other than the provider’s employees. There is no third party with physical access to the servers.

More importantly, it also prevents other third parties from logging server activity. VPN logging policies apply only to the VPN company, and not to any other parties they might work with.

A “zero-logs” policy means very little to users if there is a data center monitoring server activity and collecting logs.

For this reason, first-party on-site ownership is the gold standard for VPN server networks when it comes to privacy. It is the only way to ensure that there is absolutely no third-party involvement beyond the company that users have explicitly chosen to place their trust in.

Unfortunately, it is usually not practical for a commercial VPN service to run a server network that is entirely owned on-site.

Though great for security, on-site ownership simply isn’t a practical option for a commercial VPN service operating an international server network. Here’s why:

  • Huge up-front costs: The VPN would need to fund and power a network of servers, bandwidth and cooling facilities, back-up hardware, and a team of administrators. These costs can be enormous and would be multiplied for every additional location the provider wants to host a server in. It is far cheaper to host in a data center.

  • Weakened connection speeds: Data centers tend to be much closer to an internet exchange — in terms of network hops — than on-site servers. This can result in slower speeds and higher latency for users as their connections will have further to travel.

  • Small server networks: A key feature of any top-tier VPN is a large network of servers in a wide range of locations. However, on-site ownership restricts a provider’s ability to physically expand their network. To avoid using data centers, the company would have to own land in every location they want to place a physical server.

If a VPN service wants the security benefit of owning its VPN servers without the practical drawbacks of actually storing them, its best option is a co-location agreement with a trustworthy data center.

Co-Location Agreements & Rented Servers

In practical terms, most VPN companies have to make the choice between owning their servers through co-location or renting them from a data center.

Co-located servers are purchased by the VPN company and hosted in a third-party data center. Usually, the server is locked in a cabinet where only members of the VPN provider’s staff are able to physically access it.

Rented servers are controlled remotely by the VPN company while the data center owns and manages the hardware.

an illustration of a man selecting between a rented VPN server and a co-located VPN server

In this section, we’ll compare co-locating with renting VPN servers, and assess whether you should avoid using VPN providers that rent their server network.

Privacy & Security

SUMMARY:

  • A co-located VPN server is marginally better than a rented server from a security perspective. The provider is able to fully audit and inspect the server’s hardware.
  • Remote access and system logs allow providers that rent VPN servers to monitor their hardware effectively. This mostly mitigates concerns about third parties having physical access to rented servers.
  • Both rented and co-located VPN servers are at risk of upstream traffic monitoring due to lack of control over the data center’s network infrastructure.

Co-location gives VPN providers the benefit of knowing exactly what has gone into their server’s hardware. The ability to physically inspect and audit this hardware is often not possible when servers are rented.

By contrast, rented VPN servers are usually installed, monitored, and maintained by data center employees. In theory, this carries the possibility that a third party — unknown to the VPN user — has the ability to tamper with the server’s hardware.

In practice, renting VPN servers is often not the privacy concern it is reported to be.

Most modern servers are equipped with a Remote System Management Card. Combined with real-time system logging, this means that VPN services are able to remotely monitor almost everything about a server’s operation, including any modifications made to its hardware.

This applies to both rented and co-located servers. If anything suspicious happens, the VPN company is able to investigate it and shut down operations accordingly.

This largely protects rented VPN servers from the dangers posed by physical tampering.

The extent to which these risks are mitigated, however, depends entirely on how diligent the provider is in its remote monitoring. For the most part, a rented VPN server is no more at risk from physical tampering than a co-located server.

A privacy issue that both co-located and rented VPN servers face is the status of the networking environment around them.

Any server in a data center — whether it is owned or rented — is connected to that data center’s network.

This means that VPN providers have very little knowledge of the network infrastructure that is upstream of their servers — and they certainly have no control over it.

This can pose a risk for VPN users because the service provider can never be completely sure that their server isn’t being monitored. Attackers and intelligence agencies are able to use the upstream network switch to record (and then mirror) all of the activity going in and out of a targeted server.

This is particularly relevant to data centers in countries with invasive data privacy laws. Local authorities could monitor upstream traffic or even compel the data center to store information locally and share it with them. This effectively amounts to logging on behalf of the data center without the VPN provider’s knowledge.

In the case of VPN traffic, the activity should be encrypted. However, traffic correlation attacks are still a possibility and attackers can still get access to certain metadata, like the user’s originating IP address.

Speed & Performance

SUMMARY:

  • Whether it’s owned or rented, any server stored in a data center benefits from being in close proximity to an internet exchange. This can improve connection speeds.
  • Without the commitment involved in owning a server network, VPN providers that rent their servers can offer larger server networks in a wider range of locations, and will find it much easier to cease operations when facing pressure from foreign governments.

In terms of connection speeds, both rented and co-located VPN servers share the benefits of being in a data center. This allows them to be close to (and sometimes even peer directly with) an internet exchange, which greatly improves performance.

VPN services who rent their server network are afforded a degree of flexibility that is harder to come by with co-location.

Rental agreements can be scaled up or scaled down to match user demand, whereas co-location agreements keep providers tied-down to the hardware they have purchased and installed.

Renting also makes it easier to offer a large number of servers in a wide range of locations. When providers don’t have to worry about maintaining their servers, they have greater freedom to expand their network globally.

A larger server network provide users with a more diverse array of IP addresses, which should also facilitate faster connection speeds

Which VPN Providers Rent Their Servers?

The majority of commercial VPN server networks combine both rented and co-located servers. While many refuse to openly disclose this information, here is a list of VPN services that are honest and transparent about renting at least some of their servers:

  • CactusVPN
  • F-Secure Freedome
  • HideMyAss! (HMA)
  • NordVPN
  • Private Internet Access (PIA)
  • PrivateVPN
  • Proton VPN
  • Windscribe
  • X-VPN

A number of these providers go to great lengths to emphasize how careful they are when selecting a data center to rent from:

PIA, for example, told us they have a “stringent vetting process” when assessing potential third parties.

This highlights an important point: in general, rented VPN servers aren’t a danger to users as long as the data center is vetted and considered to be trustworthy.

It is impossible for the average user to know exactly which third parties are being entrusted with their data, so we have to trust our VPN service to choose its partners carefully.

A good VPN may rent its servers, but it will thoroughly vet the data center it is renting them from. This vetting process will include a full hardware audit and an inspection of the data center’s networking environment in order to understand any potential threats.

We urge any VPN service that uses rented servers to be more transparent about the specifics of their vetting process, so users can have full confidence that their servers are safe to use.

Virtual and Physical Servers

Summary: For the most part, virtual VPN servers are not something that users need to worry about. Most VPN services will rent or own the underlying physical hardware and run their own virtual machines on there, posing no additional risk to users.

The only danger comes from general-purpose cloud hosting. Here, providers rent just a virtual machine — meaning they have to share the physical hardware with other, potentially dangerous, third parties.

VPN servers can be either physical or virtual. So far, we’ve mostly focused on physical servers. These are the machines that are often seen on racks in data centers.

photo of physical servers stored in racks in data centers

Physical servers in a data center.

Virtual servers are virtualized environments run on physical servers. They can host VPN software and carry out tunneling services in just the same way as a bare-metal VPN server.

In short, a virtual machine behaves like a physical server in almost every aspect apart from the hardware.

Virtual VPN servers have all the same benefits as a bare-metal server, without the physical component.

Importantly, however, an individual physical server can run multiple virtual servers at once. This means you can host multiple VPN servers on one machine.

In the next section, we’ll evaluate the differences between physical and virtual VPN servers.

Physical vs. Virtual Servers

illustration depicting a physical server running multiple virtual servers

Hosting a VPN server on a virtual machine is not inherently dangerous – it is only a security risk in certain contexts.

If a VPN provider owns or rents the underlying physical server, there is very little difference between a VPN server that is virtualized and one that is physical in terms of user privacy and security.

In fact, there are some benefits to using a virtual VPN server:

  • Low Cost: Virtualization helps to maximize server utility. Normal physical servers use only a fraction of their available resources – running multiple virtual machines on them helps to solve this inefficiency, which can result in cheaper subscription fees for users.

  • Environmentally-friendly: Data centers have large carbon footprints, which can be reduced by making physical servers more efficient.

  • Easy Migration: It is possible to migrate virtual environments from one machine to another. If the underlying physical hardware starts to fail or needs updating, you can simply migrate the virtual server to another machine, reducing the VPN server’s downtime.

The main danger with virtual VPN servers comes with general-purpose cloud hosting or Virtual Private Servers (VPS). This is when providers rent virtual space on a physical server and host their VPN on there.

In this scenario, the provider does not own the virtual machine or the physical server it is hosted on.

A cloud-hosting service owns the physical server and runs multiple virtual machines which are rented out to different clients, each of whom uses their virtual machine for a different purpose. Some might run websites, some might store databases, and others might host VPN servers.

Until recently, this was considered a secure way to host a VPN server. However, a series of CPU side-channel attacks – such as Spectre, Meltdown, and Zombieland – have rendered general-purpose cloud hosting a privacy red-flag for VPN users.

For this reason, it is highly recommended that VPN providers using virtual servers also own or rent the entire underlying physical machine.

If a VPN provider owns or rents the underlying hardware and not just the virtual machine, they are not at risk of CPU side-channel attacks. This is because they have complete control over what is happening on the physical server’s other virtual machines.

Physical servers can also offer better performance than their virtual counterparts. By definition, virtual servers operate with only a portion of the physical server’s total computing power – they therefore have less resources at their disposal than their physical counterparts. In theory, this can lead to reduced performance and slower speeds for VPN users.

In practice, however, the inefficiencies of physical servers are so vast that the majority of users won’t notice any loss in performance when using a virtual server over a physical one.

In summary, the advantages and disadvantages of physical vs virtual servers are:

  • Virtualized VPN servers pose no extra risk to users than physical ones, as long as the provider also rents or owns the underlying machine.
  • Virtual servers that run in general-purpose cloud environments pose a security risk and should be avoided.
  • Virtual servers are cheaper, more easily migrated, and more environmentally-friendly than physical VPN servers.
  • In theory, physical VPN servers provide faster speeds and better performance than virtual servers. However, in practice, the difference is usually negligible.

Which VPN Providers Use Virtual Servers?

While most VPN providers refuse to disclose whether their VPN servers are virtualized or not, there are a few services that are open and honest, including:

  • CactusVPN
  • F-Secure Freedome
  • Hotspot Shield
  • PureVPN
  • SaferVPN

Using virtual servers is not usually a risk as long as the VPN provider owns or rents the underlying physical machine.

Unfortunately, this isn’t always the case. CactusVPN’s support team informed us that they “rent Virtual Private SSD Servers”. This is the type of server vulnerable to CPU side-channel attacks, and we would urge CactusVPN and any other provider renting VPS systems to reconsider this practice.

By contrast, VPNs such as Perfect Privacy openly reject the use of rented virtual servers. Their website states that they “renounce virtual servers”, and told us that “VPS is simply unsuitable for a VPN service, and it’s fraudulent to advertise privacy”.

an email from Perfect Privacy support staff stating "VPS is simply unsuitable for a VPN service"

Perfect Privacy highlights the importance of VPN providers using secure infrastructure.

A number of other VPN providers have also made it clear to us that they do not host any of their VPN servers on virtual machines. These include:

  • CyberGhost
  • PrivateVPN
  • Private Internet Access (PIA)
  • TunnelBear

Virtual VPN Server Locations

illustration of a map showing servers in a different location to where their IP address is registered

Summary: Virtual server locations can be both beneficial and detrimental to VPN users. The key is transparency.

If VPN services are open and honest about when and where they use fake locations, then the disadvantages of them are largely mitigated. If it is clear where a server is actually located, users who want to avoid certain jurisdictions or optimize their connection speeds will be free to do so.

Virtual servers are often confused with virtual VPN server locations. As we’ve seen, a virtual server is simply a server running on a virtualized machine on a physical server.

A virtual server location, on the other hand, is when a VPN server’s physical location differs from where its IP address is registered.

ExpressVPN, for example, have VPN servers that give users a Mongolian IP address even though the server they connect to is physically located in Singapore.

VPN companies use virtual server locations to expand their server networks, provide faster speeds, and test new locations. In doing so, however, they can affect user privacy and connection speeds.

How Do Virtual VPN Server Locations Work?

When websites check the physical location of their visitors, they look up the connection’s IP address in a geolocation database. VPN providers spoof these databases in order to set-up VPN servers with fake locations.

To do this, VPN providers purchase blocks of IP addresses from the huge global registries that are responsible for linking individual IP addresses to physical locations.

These registries tend to be region-specific: ARIN serves much of North America; AFRINIC serves Africa; APNIC serves the Asia-Pacific region; LACNIC serves much of Central and South America; and RIPE NCC serves Europe and some parts of Asia.

The same organizations are also in charge of allocating their region’s registered IP addresses. This means that for a fee, anyone can go through a registration process and obtain an IP address for a specific location within that registry’s region.

All a VPN provider needs to do is purchase a block of IP addresses registered to New York, for example, and by making some changes to the BGP routing protocol, they can assign these IP addresses to servers physically located elsewhere.

When websites look up the VPN server’s IP address in a geolocation database, they see that the server is registered in New York and so grant the user access to US-specific content, such as the US Netflix library. Meanwhile, the VPN server is physically located in London, Moscow, or wherever.

Virtual Servers vs. Fake Server Locations

Virtual servers and fake server locations are often confused and conflated in the VPN industry.

The two are in fact entirely different concepts. In short, the term ‘virtual server’ names the process of running a VPN server within a virtualized environment.

A ‘virtual server location’, on the other hand, describes instances where there is a disconnect between the VPN server’s physical location and its IP address.

Virtual locations can be implemented on both physical servers and virtual servers. A server doesn’t need to be virtual to use a fake location, and a fake location is not always hosted on a virtual server.

A virtual server “gives users the benefits of a physical server, minus the physically placed part”, while a fake server location “mimics being physically hosted at a particular location, without actually being physically present at that location”.

Here are the main differences between virtual servers and virtual locations:

  • Virtual servers and fake locations are two distinct features of VPN servers, though they can be used in conjunction.
  • A virtual server can assign an IP address that matches the physical location of the machine it is hosted on. It can also assign an IP address that does not match this location.
  • A physical server can assign an IP address that matches its true location. It can also use a fake location.

Virtual Server Locations: Advantages & Disadvantages

Using virtual server locations is often reported as an unquestionably bad thing for VPN services to do. In reality, the issue is far more complex. There are certainly some advantages to using virtual locations:

five small illustrations depicting the advantages of using virtual/fake server locations

  • Faster Speeds: When a VPN server is physically closer to a user than the country it is registered in, it will deliver faster speeds.

  • Poor Internet Infrastructure: Some countries do not have the network infrastructure to support a reliable and secure VPN server network. Here, VPN companies can use fake server locations to provide users with an IP address in those countries without having to risk using unreliable data centers.

  • Avoid Authoritarian Governments: A good VPN company might avoid placing physical servers in countries with authoritarian or censorious governments. Instead, they may deploy VPN servers in safer countries and utilize virtual locations in order to provide IP addresses in the country they need.

  • Test New Locations: VyprVPN uses virtual locations to test out where they should deploy new physical servers. By assessing which locations are popular with its customers, VyprVPN are able to determine where it is worth investing the time and money to place new physical servers.

  • Larger Server Networks: Virtual locations allow VPN providers to increase the size of their server network.

There are also some legitimate concerns when it comes to using virtual server locations:

two small illustrations depicting the disadvantages of using virtual/fake server locations

  • Dangerous Jurisdictions: Every country has different laws and practices when it comes to logging and data sharing, which we refer to as VPN jurisdictions. It becomes much harder to assess the impact of a jurisdiction on your privacy if your provider is using virtual locations.

  • Slower Speeds: Some users might purposefully connect to a VPN server that is close to their real location in order to maximize connection speeds. If the server is actually physically located elsewhere, the user will experience slower speeds than anticipated.

Which VPN Providers Use Fake Server Locations?

There are honest VPN providers that have taken a transparent approach to virtual server locations. However, there are still many providers using virtual server locations without publicly disclosing it.

We’ve spoken to a number of VPN companies that are keen to emphasize that they do not use fake server locations. This means all of their servers are physically located in the country advertised. These providers include:

  • CactusVPN
  • IPVanish
  • NordVPN
  • PrivateVPN

However, fake server locations aren’t an issue as long as the VPN provider is transparent. The following VPN providers are open about their use of virtual locations:

  • CyberGhost
  • ExpressVPN
  • HideMyAss (HMA)
  • PureVPN
  • Surfshark
  • VyprVPN

While we commend all of these providers for their honesty, only ExpressVPN and HMA inform users where their servers are actually located. The other providers acknowledge that their server locations are fake without stating where that server’s true location is.

We urge the other VPN services on this list to follow ExpressVPN and HMA’s lead by publicly disclosing the true location of their VPN servers.

How to Test Your VPN Server For a Virtual Location

In this section we’ll teach you how to discover where a VPN server is really located.

Using a few online tools, you can find out whether your provider is being honest about its use of fake server locations.

These tests might seem daunting at first, but we’ll walk you through a simple step-by-step process that you can use to test your VPN server’s physical location. We’ll then present a few case studies so you can see the testing process in action.

1. Find the VPN Server’s IP Address

To start, you’ll need to identify the IP address of the VPN server you want to test.

The easiest way to do this is to connect to your VPN server of choice and head to our IP checker tool. It’ll show you your current public IP address.

EXPERT TIP: If your geographic location is showing up as similar to your true location, it’s possible your VPN is leaking. To check whether this is the case, use our VPN leak test tool.

2. Ping the VPN Server From a Range of Locations

A ping test measures the time it takes for a request to be sent to a server and for a response to be sent back. This helps test the rough distance between two points in a network: the higher the ping, the longer the distance between the two points.

To test where your server is physically located, you need to ping it from a number of locations around the world. By finding the lowest ping rate we can hone in on the server’s real physical location.

There are a number of online tools that allow you to run a ping test on a specific server from multiple locations worldwide. Our favorite is the CA App Synthetic Monitor ping tool, but you can also use MapLatency.com.

screenshot of a ping test to determine a VPN server's true location

To begin, enter the VPN server’s IP address into the search box at the top and click the start button.

The tool will ping the server from each of their monitoring stations and record how long it takes. The CA App Synthetic Monitor tool has over 50 stations located around the world.

In this tool, rtt stands for ‘round trip time’ and refers to the amount of time (ms) it takes for a signal to be sent and an acknowledgement of that signal to be received.

You can analyze the results of this ping test to see which locations have the lowest round trip time and then infer the rough physical location of the server from there. Networking complications can sometimes lead to anomalous results, so the “minimum rtt” figure is usually the most reliable number to use.

If the rough location you can infer from the shortest round trip time differs significantly from the VPN server’s advertised country, it is likely that the server is using a fake location.

3. Run Traceroute Tests to Investigate the Findings

Using the traceroute tools offered by Looking Glass or CA App Synthetic Monitor, you can plot a data packet’s journey through the network from a monitoring station to your chosen VPN server.

The number of network hops, the location of the network hops, and the transmission time all help you investigate where your server is really located.

a traceroute test from a monitoring station Charleston, South Carolina

To start, run the traceroute that should be the closest to the VPN server. In other words, select a location that is as close as possible to the server’s advertised country.

Then, test the locations which had the smallest round trip times in the initial ping test.

Roughly speaking, if these locations show faster speeds and fewer network hops than the advertised location, it’s likely that your server’s location is fake.

4. Verify Your Results With a Separate Ping Tool

Network variability can sometimes lead to anomalous results, so it’s worth running each of the above tests multiple times in order to ensure your results are reliable. To finish, it is also worth running a second ping test, using a different online tool.

We like to use ping.pe as it has a good range of monitoring locations.

Input your server’s IP address in the box at the top and the tool with start pinging it from a range of locations. The ping times should hopefully match your previous findings, giving an indication of your server’s true location.

screenshot of a ping test to determine a VPN server's real location

With these four easy steps you should be able to get a rough idea of where your VPN server is physically located. If the country you’ve found differs significantly from the location of the server’s advertised IP address, you’ve probably found a fake VPN server location.

It’s worth noting that this is not an exact science. Ping time is an indicator of geographic location, but a number of factors can distort it. The steps described in this guide will give you a rough idea of where a server is (or is not) located, but you should be wary of using these methods to draw definitive conclusions.

In the remainder of this report, we’ll run through a few case studies to demonstrate the investigation process in action.

Case Study #1: ExpressVPN

ExpressVPN offers users a server in Vietnam, but is transparent about the fact that it is a fake location. The server is actually located in Singapore.

We can verify that this is indeed a fake location using the steps described below.

1. Server’s IP address: 45.10.234.90

We can see the server’s IP address by connecting to ExpressVPN’s Vietnam server and checking browserleaks.com.

browerleaks.com screenshot showing ExpressVPN's Vietnam server's IP address

2. An initial ping test strongly suggests the server is physically located in Singapore and not Vietnam.

When we pinged the VPN server from a range of global locations, the shortest ping times came from Singapore, India, and China – with Singapore being the fastest by a significant margin.

ping test results from ExpressVPN's Vietnam server showing a 0.945ms ping from Singapore

Shortest Pings:

    1. Singapore — Singapore (0.945ms)
    2. India — Chennai (33.227ms)
    3. China — Hong Kong (37.918ms)
    4. India — Bangalore (38.497ms)
    5. India — Mumbai (60.718ms)

In contrast, a ping from Ho Chi Minh City – where the IP address is registered – took a minimum of 74.881ms.

ping test results from ExpressVPN's Vietnam server showing a 74.881ms ping from Vietnam

The 0.945ms ping time from Singapore is significantly smaller than those from other locations. This alone is enough to infer a better idea of the server’s real location.

However, some small calculations show us that, even moving at the speed of light (300km/ms), data from the Singapore monitoring station can travel a maximum of 283km in 0.945ms. The data has to travel to and from the VPN server in this timeframe (0.945ms).

As the shortest distance between Singapore and Vietnam is 1,488km, this makes it impossible for the VPN server to be located in Vietnam.

We can therefore conclude with confidence that the ExpressVPN Vietnam server is not physically located in Vietnam. It is most likely based in Singapore, just as ExpressVPN states.

3. Our findings are supported by a traceroute and a separate ping test.

When we cross-checked our results with a traceroute test and with a separate ping tool, we found very similar stories.

Although the ping.pe tool doesn’t have a monitoring station in Vietnam, the extremely low ping times recorded at the Singapore monitoring station strongly suggest this VPN server is physically located in Singapore.

ping test results from ExpressVPN's Vietnam server showing a 1.13ms ping from Singapore

Case Study #2: CyberGhost

Like ExpressVPN, CyberGhost is transparent about which of its servers use fake locations. Unfortunately, it isn’t also transparent about where these servers are actually located.

CyberGhost state that their Isle of Man servers use virtual locations.

We used the methods described in this section to investigate where these VPN servers are really located.

1. Server’s IP address: 45.132.140.22

When you connect to a CyberGhost server location, the application helpfully tells you what your new IP address is. We confirmed this using several IP address checking tools.

2. An initial ping test suggests the VPN server is located in Western Mainland Europe.

When we pinged the VPN server from global monitoring stations, the results indicated that it was located in mainland Europe, near the Netherlands or Belgium.

Shortest Pings:

    1. Netherlands — Eemshaven (4.901ms)
    2. Belgium — St. Ghislain (5.691ms)
    3. Germany — Frankfurt (8.017ms)
    4. UK — London (8.638ms)
    5. Denmark — Copenhagen (13.007ms)

ping test results from CyberGhost's Isle of Man server

3. Traceroute testing suggests the server might be located in Amsterdam, Netherlands.

We ran a traceroute on Looking Glass comparing Dublin (which is closest to the Isle of Man geographically) and Amsterdam.

The results showed an increased transmission time and several additional network hops when connecting to the server from Dublin as opposed to from Amsterdam. Also of interest was that network hop 3 in the Dublin traceroute connected it to the Amsterdam internet exchange.

This all suggests that the VPN server is not located in the Isle of Man, but is probably based somewhere closer to Amsterdam, Netherlands.

traceroute tests from Dublin and Amsterdam to the CyberGhost Isle of Man VPN Server

Traceroute tests from Amsterdam (top) and Dublin (bottom) to CyberGhost’s Isle of Man VPN server

4. A second ping test supports our findings that the VPN server is most likely located somewhere in the Netherlands.

We then cross-checked our findings with a ping test tool that uses a monitoring station in Amsterdam. The ping time averaged under 2ms.

ping test results from CyberGhost's Isle of Man server

With a bit of math, we can work out that the furthest possible distance our VPN server can be from Amsterdam is 177km. We get this from the speed of light (300km/ms) multiplied by the shortest ping time (1.18ms) and divided by two (because it’s a round trip).

When we plot this on map, we can see that it is highly probable the CyberGhost Isle of Man server is in fact located in the Netherlands — most likely somewhere near Amsterdam.

a map plotting an 177km radius around Amsterdam, Netherlands

CyberGhost’s Isle of Man server has to be within a 177km radius around Amsterdam, Netherlands (Map made using mapdevelopers.com).