To open the program options, please click on the entry 'Settings' in the upper menu.
The general program settings are used to determine the basic behavior of the application during program and system startup.
- Automatically run at system startup: Activates CyberGhost VPN automatically when the operating system starts. Note: The start of the program is NOT synonymous of being anonymized. Therefore you need also to activate the second option also (see below).
- Run this profile at startup: Runs the chosen profile automatically when CyberGhost starts (this can be the case at system start up, but doesn't necessarily have to). The profile will be run with the last valid settings. In case of custom defined connections the last valid country and server settings will also be re-established.
- Install Beta Updates: Installs automatically a beta version of CyberGhost as soon as one is available.
- Language: Specify here the program language (application needs to be restarted).
- Info: Displays the current CyberGhost version number.
Beta versions can provoke connection losses and/or hangers or might contain advertisements (to test banners, etc.). Please don't activate this option, if you want a stable and/or an ad free system.
The Internet addresses that you enter here will be visited unencrypted (and not via the CyberGhost network). You can add mail servers to the list as well as security servers (e.g. for your online banking) or FTP servers.
Due to Spam prevention it's not possible to send email anonymously over a VPN server, thus all outgoing traffic to a SMTP server (mails you want to send) is blocked. If you still want to send mails during an active CyberGhost VPN session, please put your e-mail server on this exception list. Web mailer require no exceptions.
To add an address, enter its URL or IP address (if known) in the top input field called 'Add Host/IP' (1). Then click on the 'Add exception' button (2).
Alternatively you can let CyberGhost try to detect your email settings. For that click on 'Auto-detect email settings'.
Please note, for this is very important: Connections to servers included in this list will NOT being established via CyberGhost VPN and therefore are NOT anonymized. Furthermore you need to restart the program for the added addresses to become valid.
Background: Proxy servers are intermediate communication interfaces in networks. They receive data traffic from clients und send it to the target while hiding the source. For the target it seems as if the proxy is the original source. When not using a 'full grown VPN' one can at least generate a certain degree of anonymity, but has to manually add the address of the proxy to be used in his Internet application settings, e.g. a web browser. Furthermore one really needs to trust the proxy provider - which sometimes is very hard to do, for you actually never know who really owns the proxy.
As with any other Internet program you can also use a proxy with CyberGhost. The advantage: Your traffic is encrypted before it reaches the proxy (and therefore invisible for its provider) and you can use all your Internet applications without configuring them additionally. Another benefit is that proxies help to prevent you from DNS leaks. The downside: Your surfing speed might be reduced drastically, because the proxy determines how fast you can attend the Internet.
To use a proxy just enter its address here and, if needed, the authentication to be used. You can configure local as well as distant proxies (the difference between SOCKS 5 and HTTP proxies is that both use different protocols).
The tab 'Connection' is home of some important technical details ...
- VPN protocol: Choose between the VPN protocol to be used. In general all secure protocols running under Windows are available, which are at the moment OpenVPN, L2TP and IKEv2 (PPTP is missing, because it can't be considered as safe anymore). L2TP and IKEv2 are native Windows programs and provided by Microsoft, while OpenVPN is a free software (under GNU GPL) and is provided by OpenVPN Technologies, Inc. If set to 'Auto' the client will activate IKEv2 (all Windows versions beginning with Windows 7) or L2TP (Windows Vista). In case no successful connection can be established the client will switch to OpenVPN.
- Prefer TCP instead of UDP connections (OpenVPN only): By default CyberGhost uses for its connections UDP, which allows higher speed due to its less restrictive data checking procedures. The downside: Downloads can be suddenly interrupted or corrupted and packages can get lost e.g. when playing online games. TCP stands for more stable connections, but lower speed due to more precise data checking. Please activate this option, if your Internet connection suffers from unstable traffic or if a provider blocks or slows down UDP connections. Note: This option is only effective, if using the OpenVPN protocol, which allows both different connection variations.
- Use random port to connect (OpenVPN only): This option allows CyberGhost to establish its connections through a randomly chosen port (which will be changed with each new connection), instead of a fixed port that makes it easy for providers to slow down or block CyberGhost connections. The used port range can be changed anytime if needed. All ports are secured internally by Firewall rules. Note: This option is only effective, if using the OpenVPN protocol.
- Force using CyberGhost DNS servers: Activated, this option forces your system to use the CyberGhost DNS servers instead those of your Internet provider. (A DNS server takes care of the correct access to an address. For example, if you enter 'www.cyberghostvpn.com' in your browser, he sends your wish to a DNS server which translates the address into numbers. Only then the connection can be established. This also means that a DNS server has complete control over the accessibility of each web address and therefore is the perfect tool for censors. When using the CyberGhost DNS servers you avoid this kind of manipulation.)
- Disable IPv6 connections outside VPN: To avoid data leaks provoked by IPv6 traffic running outside the safe VPN tunnel, when using a WebRTC leak vulnerable browser, activate this option. It blocks all IPv6 traffic on the network card and allows only IPv4 traffic.
- Repair virtual network card: If you experience driver problems (e.g. after installing a different VPN) use this function to repair the original drivers installed by CyberGhost.
The register 'Wi-Fi' determines how CyberGhost should react in general to the detection of an unknown Wi-Fi Hotspot as well as the type of reaction to a network, when re-visiting:
- Default action for unknown Wi-Fi networks: If CyberGhost enters an unknown (and therefore potentially unsafe) network, you can advise the program to do one of the following actions:
- Ask: CyberGhost asks with each Wi-Fi detection, if it should start the 'Protect my Wi-Fi' profile.
- Never protect: CyberGhost never asks, if it should start the 'Protect my Wi-Fi' profile, when entering a Wi-Fi network. Neither does it start the profile automatically, it has to be started manually then.
- Always protect: CyberGhost doesn't ask for automatic protection, instead initiates the 'Protect my Wi-Fi' profile as soon as it detects an unknown network.
- Default action for known Wi-Fi networks: If CyberGhost once recognized a network, it will be added to the list of known Wi-Fis. After that you can advise the program how to react to each network by marking the respective network and then deciding for one of following four options:
- Never protect: The 'Protect my Wi-Fi' profile won't be started automatically. However, any profile can of course be started manually.
- Ask: CyberGhost asks immediately with detection of the respective network, if it should start the 'Protect my Wi-Fi' profile.
- Always protect: CyberGhost automatically activates the 'Protect my Wi-Fi' profile with the last valid settings every time it detects the respective network.
- Disconnect at known Wi-Fi: CyberGhost disconnects any other current connection, if it detects this specific network.
Here you can define programs to be protected by an encrypted VPN connection every time you start them. That way you make sure, the respective program, such as a media streaming app, will never be used without a VPN.
To protect an app first enable the function. Then click on 'Add App', search for the application to protect, click on 'Open' and choose the profile you want the function to be started with, such as 'Choose my VPN server'. The profile chosen will be executed with the last valid settings. Note: It's not possible to bind different profiles to different programs.
If you want to remove an app, mark the respective entry in the list of protected apps and click on 'Remove selected'.
CyberGhost's browser protection enables you to automatically initiate a VPN connection each time you start the respective browser. As of now supported browsers are Firefox, Chrome and Internet Explorer. In case you use a different one or want to activate a specific profile (other than 'Anonymous Surfing') along with the browser, please use the feature 'App Protection' for now.
Browser protection detects automatically, if one of the supported browsers had been started and asks for the default action for the respective program:
- Always anonymize: Keeps the browser start on hold, until the profile 'Surf Anonymously' had been activated automatically. In the list of programs of the 'Browser Protection' feature inside the CyberGhost settings the entry 'Always protect' will show up for this specific browser.
- Never anonymize: Ignores the start of this specific browser and skips the start of the 'Surf Anonymously' profile. In the list of programs of the 'Browser Protection' feature inside the CyberGhost settings the entry 'Never protect' will show up for this specific browser.
- Anonymize once: Keeps the browser start on hold, until the profile 'Surf Anonymously' had been activated automatically. In the list of programs of the 'Browser Protection' feature inside the CyberGhost settings the entry 'Ask' will show up for this specific browser.
- Cancel: Skips the start of the 'Surf Anonymously' profile. In the list of programs of the 'Browser Protection' feature inside the CyberGhost settings the entry 'Ask' will show up for this specific browser.
- Country selection: Allows to choose a specific country to surf from.
The 'Browser Protection' settings allow to change the default behavior of the function itself as well as the default behavior of a specific browser, which was initially defined when the specific browser got detected the first time:
- Settings for unknown browsers: Defines, if and how CyberGhost should react to the start of a supported browser.
- On: Detects a browser's start and offers a couple of switches on how to react.
- Off: Deactivates the browser detection.
- Settings for known browsers: Allows to change the default action, as defined at the specific browser's first detection.
- Ask: CyberGhost asks again about how to react the next time this specific browser starts .
- Always protect: This browser will be protected automatically by the 'Surf Anonymously' profile.
- Never protect: This browser will never be protected automatically.
When contacting support you might be asked to fine tune options, which usually are not available. These values are crucial for correct functioning of the CyberGhost app and therefore only to be changed, if necessary. If that is the case, support will tell you, how to reach the needed settings.
- Use SecureConnect: Activated by default, this options takes care of data security after sudden disconnections.
- Login server: Allows to choose between different login servers. Available are the regular, a beta, and an developer login server.
- Fragment Size: The maximum package size has an direct input on your Internet speed.
- Activate virtual network card only on demand: Limits the TAP adapter to start only when used and a connection shall be established - which is only necessary on some systems to avoid connection problems. In seldom cases this option will even be set automatically by CyberGhost. The downside: each connection will take longer than usual to be established.
- Don't restart virtual network card at startup: Avoids errors due to virtual card setbacks during connection attempts .