factually

Are there configuration steps to force traffic through Secure Core on ProtonVPN apps?

Checked on December 7, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
Proton VPN
AdBoxify Blog
VPN.com
Fahim AI
Searched for:
"ProtonVPN Secure Core setup December 2025"
Found 12 sources

Executive summary

ProtonVPN’s Secure Core is a multi‑hop architecture that routes traffic first through hardened servers in privacy‑friendly countries (Switzerland, Iceland, Sweden and expanded locations) before exiting to a second server, and it’s built into Proton’s apps rather than requiring manual per‑packet routing [1] [2] [3]. Paid tiers (Plus or Visionary) are required to use Secure Core per third‑party guides, and some clients or releases historically lacked explicit Secure Core UI controls, requiring selection of Secure Core servers from the server list [4] [5].

1. What Secure Core is, in plain terms

Secure Core forces a second hop inside Proton’s own network so traffic leaves from an exit server rather than directly from your device; the client routes your connection through a hardened Secure Core server (located in countries with strong privacy laws) and then to an exit server, making tracing back to your device harder [1] [2]. Proton describes the servers as physically hardened, self‑owned, and deployed in high‑security facilities to reduce tamper risk [1] [2].

2. Can you “force” all traffic through Secure Core in the apps?

Proton’s documentation presents Secure Core as an in‑client feature that routes traffic via Secure Core servers when enabled or when you pick a Secure Core server; it is not framed as a separate system‑level routing tweak users must apply outside the app [1] [2]. Third‑party guides say you must be on a paid plan (Plus/Visionary) and have an updated client to enable Secure Core; that implies the app itself is the control point for forcing traffic through Secure Core [4].

3. Differences across platforms and historical caveats

Proton’s Linux v4 release once lacked an implemented Secure Core toggle, prompting support notes and forum discussion; later versions restored access but sometimes changed the UI so users select Secure Core servers from a country/server drop‑down rather than flipping a separate “Secure Core” button [5]. That history shows Proton’s control surface can vary by client/version, so “forcing” Secure Core may look different on desktop, mobile, or CLI clients [5].

4. Licensing and feature availability matters

At least one recent how‑to guide and coverage indicate Secure Core requires a Plus or Visionary subscription — Secure Core isn’t available on Free tier accounts — and users must run a current client to access the feature [4]. This means you cannot force Secure Core unless your account and client version make it available [4].

5. What “forcing traffic” practically means for users

When the Proton app connects via a Secure Core path, all app‑routed traffic flows through that multi‑hop chain as part of the VPN session; Proton’s materials describe Secure Core as routing your traffic through multiple servers before it leaves their network, not as a per‑app manual route you build yourself [1] [6]. If your goal is entire‑device protection, relying on the official client with Secure Core selected is the supported approach [1] [2].

6. Performance and tradeoffs to expect

Multiple sources and reviews note Secure Core introduces additional hops that can slow connections compared with a single exit server; Proton and reviewers call this an intentional privacy vs. latency trade‑off [7] [8]. Proton positions Secure Core as protection against advanced network attacks, accepting potential minor slowdowns in exchange for stronger anonymity back‑tracing protections [1] [2] [7].

7. Alternative interpretations and what’s not covered

Available sources do not mention a supported method for forcing Secure Core outside the official ProtonVPN clients (for example, by configuring system routing tables or third‑party OpenVPN/ WireGuard profiles to always prepend Secure Core hops) — Proton frames Secure Core as part of their infrastructure and client flows [1] [2]. Sources also don’t document a universal “always on” binary toggle across every platform; UI and availability have varied by client and release [5].

8. Practical advice and next steps

If you want all traffic routed via Secure Core, confirm you’re on a Plus or Visionary plan and update to the latest client, then select a Secure Core server from the app’s server list or enable the client’s Secure Core option if present; that is the user‑facing, supported way to route traffic through Secure Core [4] [1]. If you use Linux or an older client and don’t see Secure Core, Proton’s changelog and support threads show it has been added and the interaction model has changed, so check for client updates or Proton support guidance [5].

Limitations: this summary relies on Proton’s documentation and recent guides and forums; sources do not provide a developer‑level walkthrough for forcing Secure Core outside the official clients nor a complete matrix of per‑platform UI differences [1] [4] [5].

Want to dive deeper?
How do I enable Secure Core by default on ProtonVPN across devices?
Can I force all app traffic through Secure Core using ProtonVPN configuration files?
Do ProtonVPN routers support routing all LAN traffic through Secure Core?
What are the performance and privacy trade-offs when forcing Secure Core for all traffic?
Are there command-line or OpenVPN/IKEv2 options to ensure Secure Core is always used?
About
Blog
Contact
FAQ
Terms
Privacy
Manage data