ExpressVPN

5 Best Linux VPN Services for 2017

If you care even slightly about privacy, you should use Linux rather than a commercial desktop Operating System (OS) such as Microsoft Windows or Apple OSX. Linux comes in various flavors (known as “distros”), but almost all of them are free and open source software (FOSS). Of course, if you use Linux, it is essential that protect yourself with a good Linux VPN!

5 Best VPN Services for Linux 2016

Linux distros are usually much more secure than their commercial rivals. And unlike them, do not send vast reams of personal data back to their parent companies. This makes Linux an ideal OS for the security or privacy conscious user (which since you are reading this article on a VPN website, I’m sure includes you!).

Linux is used as the primary OS on only a relatively small number of desktop computers, although it is the most popular OS used for servers. Fortunately, because Linux is favored by exactly the kind of privacy-heads who use VPNs, the OS is fairly well-supported by VPN providers.

In many cases, this support simply comes in the form of good setup support for the generic open source Linux client. But some providers offer their own fully-featured custom Linux software (or something in between)…

Best VPNs for Linux Summary

Rank Company Score Price Link

1

AirVPN Logo
Read Review10/10
$4.82 / monthVisit Site

2

Mullvad Logo
Read Review9.2/10
$5.50 / monthVisit Site

3

ExpressVPN Logo
Read Review8.4/10
$8.32 / monthVisit Site

4

PrivateInternetAccess Logo
Read Review8/10
$3.33 / monthVisit Site

5

iVPN Logo
Read Review7.4/10
$8.33 / monthVisit Site

*All prices shown in US dollars

* Advertiser Disclosure
Editor's Choice Award

Winner

AirVPN

5/5

Best Linux VPN

  • ProsPROS
  • Linux client (full GUI) with DNS leak protection and kill switch
  • No logs (at all)
  • VPN through Tor
  • Accepts Bitcoin
  • P2P: yes
  • ConsCONS
  • Techiness does put people off
  • Customer support could be better
  • Limited number of servers worldwide

Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not a hit with the average VPN user. This is a big shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.

This means that users benefit from a firewall-based kill switch and DNS leak protection, port selection, and more. And as always, AirVPN uses very strong encryption, permits VPN obfuscation using SSH and SSL tunneling, supports anonymous Linux VPN use via VPN through Tor, and allows port forwarding.

Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels,  3-day free trial, 3 simultaneous connections.

Get the Best VPN for Linux now!

Visit AirVPN »

3-day free trial

2nd place

Mullvad

4.6/5

Mullvad

  • ProsPROS
  • Linux client (full GUI) with internet kill switch, DNS leak protection & IPv6 routing
  • No logs (at all)
  • Accepts Bitcoin and cash
  • 3 simultaneous connections
  • 3 hour free trial
  • ConsCONS
  • Average performance
  • Limited number of servers

Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).

It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in only a very limited number locations in Europe and the US (with no UK server).

Additional features: Port forwarding.

Visit Mullvad »


3rd place

ExpressVPN

4.2/5

ExpressVPN

  • ProsPROS
  • Linux client (command line)
  • No usage logs
  • 30-day money back guarantee
  • 3 simultaneous connections
  • Servers in 78 countries
  • ConsCONS
  • Connection logs
  • A bit pricey

ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.

Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use.  The Ubuntu 64-bit version works just fine for me Mint. Update: The ExpressVPN Linux client now features DNS leak protection.

Additional features: “Stealth” servers in Hong Kong, free SmartDNS, DNS leak protection.

Visit ExpressVPN »


4th place

PrivateInternetAccess

4/5

PrivateInternetAccess

  • ProsPROS
  • No logs (at all)
  • 5 simultaneous connections
  • Accepts Bitcoins
  • P2P: yes
  • ConsCONS
  • No free trial
  • US based company

There was a time when PIA was the darling of the VPN world among privacy fans. So-so customer service and a variety of technical issues have removed a little of the shine, but Private Internet Access still provides a very impressive service. It keeps no logs at all, permits up to 5 devices to connect simultaneously, and yearly subscriptions are ridiculously cheap.

Linux support is limited to providing a script that automates installation and configuration of the generic open source OpenVPN client. This is way better than nothing, but you do gain none of the advanced features available to users of PIA’s Windows and Mac OSX clients. Although PIA states that its Linux script is for Ubuntu, it also works without problem in Mint (and probably in most other Linux distros).

Edit: Thanks to a comment from reader Nigel H, I downloaded the PIA Linux/Ubuntu software again (using Mint). It has the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position.

Visit PrivateInternetAccess »


5th place

IVPN

3.7/5

IVPN

  • ProsPROS
  • No logs (at all)3 simultaneous connectionsMulti-hop VPN7-day unconditional refund
  • Port forwarding
  • ConsCONS
  • Cons come here

IVPN is a new entry to our 5 Best lists. Based in Gibraltar, IVPN impresses us with blazing fast connection speeds, a great attitude to privacy (no logs at all), and rock-solid encryption. I am somewhat dubious about the value of its double-hop VPN feature, but others may find it interesting. Those wanting servers in more exotic locations, however, should look elsewhere.

IVPN does not provide any dedicated Linux software, but caters to Linux users with  excellent Linux VPN tutorials for the open source OpenVPN client (using either NetworkManager GUI or Terminal).

Visit IVPN »


VPNs for Linux Distros Considerations

There are a ridiculously large number of Linux Distros out there, often catering to very specialized requirements. Secure Linux distributions such as Tails are a good example of this, but their strong focus on security make them rather too specialized for a day-to-day use  a “Windows replacement” OS.

Although some compromises are made, popular Linux versions such as Linux Ubuntu and Linux Mint are still much more secure than Windows, and do not phone home.

AirVPN in Linux

The AirVPN client for Linux (“Eddie”) is identical to its fully featured Windows and OSX siblings

It is probably worth noting here that Ubuntu caused a fair amount of alarm among privacy activists thanks to a number of “features” that leaked users’ data to third party advertisers, most notably to Amazon. Thankfully, these adware “features” have been turned off by default from Ubuntu 16.04 LTS onward.

Custom Linux VPN clients

If you have read the VPN summaries above, you will likely have noticed that only AirVPN and Mullvad (edit: and PIA) offer full custom VPN software for Linux systems. In both cases, these clients are open source, and by some not very surprising co-incidence, AirVPN and Mullvad are also two of my personal favorite VPN services.

At the time of writing, these are the only VPN providers I know of to offer such software. Others may exist, but if so, they have not otherwise come to my attention as offering great Linux VPN services.

Mullvad Linux 2

The advantage of using custom Linux VPN software is that it provides users with valuable advanced features such as DNS leak protection and a kill switch

ExpressVPN 2

ExpressVPN’s command line client is a much simpler affair.

The open source OpenVPN client

The open source OpenVPN package for Linux from OpenVPN Technologies is a fine piece of software, and works very well. Most VPN providers who do not support Linux with custom VPN clients, but many do provide detailed setup guides for configuring the generic OpenVPN Linux client for their service.

Most such guides are specifically aimed at Ubuntu/Debian users, but assuming that you are familiar with using your favorite brand of Linux, you should not have much difficulty getting things to work correctly in other distros.

It is worth noting that even when a provider does not provide any Linux support, its OpenVPN configuration files can almost certainly be used with the open source OpenVPN Linux client. This means that you should be able to use any VPN service that supports OpenVPN (almost all of them) with your Linux system.

The downside of using the generic client with this is that you do not benefit from advanced features such as DNS leak protection and a kill switch, which can be often found in custom software. The good news is that those familiar iptables should have no problem creating their own firewall rules to ensure that no connections are permitted outside the VPN.

VPN inside a Linux Virtual Machine

In addition to acting as a replacement desktop OS,the  Linux Operating System works very well when run inside a Virtual Machine (VM) such as Oracle VM VirtualBox. This can help to shield your “real” OS from viruses and suchlike picked up on the internet. It can also help to foil fingerprinting and other forms of online tracking, as you can simply turn the VM off (and therefore reset your entire OS back to its default settings) at the end of a session.

With reference to VPNs, running a Linux VPN inside a Linux Virtual Machine can useful for two things:

  1. Faux split-tunneling

You can run a Linux VPN inside the VM, but not on your main OS. This allows you to use your primary OS to visit websites were you do not want to hide your real IP. But for website you do want to hide your IP (or otherwise protect yourself, such as when P2P torrenting), you use the Virtual Machine.

This configuration allows you to readily access services that refuse to play ball with VPN users, for example, if you are a US resident and wish to access US Netflix. It is also great for those worried about their real ID becoming associated with their VPN account when they use services such as Google and Facebook.

  1. Double-hop VPN

You can connect to a Linux VPN inside the Virtual Machine, and a VPN in your primary OS. This can be done to completely different VPN services, and can help to obfuscate your VPN “trail”, as an adversary would need to trace you back through 2 (or more)* separate VPN servers and/or services.

I personally am a little dubious about the value of doing this, for reasons described in my guide to Chaining VPN servers (or “Double VPN”). Other opinions are available, however.

Chaining VPN servers

Here we can see double-hop VPN using  Linux VM in action

*In theory you can run multiple VMs nested inside other VMs to achieve a multi-hop VPN configuration. In practice, I have never managed to get a VM to run inside another VM.

Note that if you connect to a VPN using your primary OS, but do not use a VPN inside the VM, your internet connection will route through the VPN. This means that when browsing inside the Linux Virtual Machine, your IP address will be that of the VPN server your primary OS is connected to.

Conclusion

If you want the full GUI VPN experience in Linux, then AirVPN and Mullvad are pretty much your only good Linux VPN options. This is hardly a problem, however, as these are both great services! Users of other VPN services need not worry too much, however, as the open source OpenVPN Linux VPN client works very well.

If you really want bells and whistles such as DNS leak protection and a firewall-based kill switch, then this can be done using iptables. As a Linux user, I’m sure that you are no stranger to rolling up your sleeves and tinkering in order to get things working just as you like them!

Best VPN for your Linux OS Summary

Rank Company Score Price Link

1

AirVPN Logo
Read Review10/10
$4.82 / monthVisit Site

2

Mullvad Logo
Read Review9.2/10
$5.50 / monthVisit Site

3

ExpressVPN Logo
Read Review8.4/10
$8.32 / monthVisit Site

4

PrivateInternetAccess Logo
Read Review8/10
$3.33 / monthVisit Site

5

iVPN Logo
Read Review7.4/10
$8.33 / monthVisit Site

*All prices shown in US dollars

* Advertiser Disclosure

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


14 responses to “5 Best Linux VPN Services for 2017

  1. Hi Douglas,

    I was wondering would you be open to increasing the number in the definition of best because to be quite honest I think you’re being extremely unfair to some other VPN Service Providers that are just as as good if not better and most certainly work just as hard as the others into devlivery a brillaint client for their current customers and to newcomers that are looking for a proprietery Linux client that offer similar if not exactly the same functionality and security overall in contrast to their client on other OS’s.

    Further more, I think if you were to at least restrict it a top 9 or 14 it would make sense though you may still be unfair to a some toher but it would be understanding in terms of the effort you put into research and the actually credibilty behind the term, ‘best’. I say this because having got some brillaint suggestions for you related to your website, I was further surprised you didn’t come across Proxy.sh as one to list in this page and other pages and wish you’d include it in your list if you take one of my suggestions by increasing the number of ‘best’ providers.

    I wish to enagage in further discussions with you relating to this and similar things as well as particular project, you may be interested in.

    I’ll look foward to your reply.

    Regards

    1. Hi Count,

      We have restrictive out lists to “5 Best” because we feel that most visitors will bet bored reading through even longer lists. Of course such lists are not exclusive, and there are many other fine providers out there. We have a Proxy.sh Review, but it is, admittedly, very old and badly in need of updating.

  2. proprietary software & hardware “component” = gps activation/module ?

    Do not let’s forget that the industry answers to the request of their clients & customers and if the gps is often a hardware feature or an electronic component it could be also a function, some lines of codes, a micro_module inserted/embedded inside the gpu:cpu (topics about that were posted long years ago but seem to have been erased since from the web) and , even if a commercial project makes money with a proprietary software ; it can be run using free soft/gratis.

    ^ blue-tooth are often (if not always) gps embedded and a chipset-processor function / built-in Global Positioning System.
    ^ Phones with Qualcomm X12 modems use Qualcomm transceiver chips, and those using the Intel XMM 7360 use Intel’s transceivers.
    ^ Quad-band GSM/GPRS module with embedded Bluetooth module and embedded cell tower locator.

    – Dell latitude 10 : integrated Broadcom GNSS Receiver BCM47511 (GPS,Glonass…).
    driver from Lenovo (which makes Broadcom GNSS work properly)
    – Rugged Extreme laptops
    – Dell Latitude E6500

    + http://www.curiousmentality.co.uk/2009/06/using-the-dell-latitude-e6400-built-in-gps/
    + https://www-ssl.intel.com/content/www/us/en/mobile/modem-solutions.html
    + http://forums.appleinsider.com/discussion/194666/low-end-intel-kaby-lake-processors-detailed-macbook-pro-version-absent
    [Intel can build both Apple’s processors in it’s 10nm fab. Intel can also help build integrated A-processor CPU/GPU/Wifi/LTE.BT/GPS/etc on single chip like this news — Samsung launches first Exynos chip with all radios built in( to handle LTE, FM, Bluetooth, WiFi and GPS.]

    *uninstall telnet
    *replace their dns by your dns
    *read vpn-reviews

    # i wonder why the vpn provider have missed the target of the sub-note (10°) and why you have not test their hardware performance/security/privacy : ikit(in the palm of a hand) : storex(in a pocket) : asus/hp(in a bag) … seem to be a quick & discreet way to be connected through vpn.
    # i should wish they improve their product with a good network card and a safe cpu (i do not like the wifi:blue-tooth).

  3. > Perhaps
    Depending on the brand & the serie & the country where your computer/laptop/subnote is coming from … some vulnerabilities/feature_malware/backdoor_system management/hijacking_bios/rootkit/gps embedded could be an option and enabled or could be slept as a ‘suspend’ service.)
    # the price includes all the improvement.

    ibm (Thinkpad) & dell (Latitude) are famous for their bizare configuration …
    #are there ingeniors working in their team ?

    A lot of clones are strange (quality/price are good) – (acer/hp/iKit/storex)
    # who have reviewed it with privacy in mind ?

    Is coreduo a danger ?
    # no, it is not but a lot of misinformation & brain washing -propaganda- are confusing the user and it is not fair. The user wants to be independant/autonomous owner of his tool.

    https://security.stackexchange.com/questions/50907/are-there-gps-tracker-for-laptops
    https://stackoverflow.com/questions/15702355/what-is-the-difference-between-the-firmware-and-the-operating-system

    Some laptops and netbooks are GPS-enabled and provide navigational information while on the go.
    gps-backdoor/remote coontrol :
    -rtc & gps & WebRTC
    -firmware & battery
    -anti-theft/Data Protection
    -builtin GPS in a mini-pci card + SIM
    -A full array of wireless communications options come built in: 802.11n Wi-Fi, Bluetooth, WWAN, and even GPS (2008)
    -Trusted Platform Module
    -Internal GPS fitted to Tablets and laptops.
    Computer peripheral devices :
    Devices connecting to the computer via USB, Bluetooth or expansion slots (sd card/card reader e.g.) allow the computer to utilize the GPS system.

    *wake on lan must be turned off , the browser must be tweaked a little , you must also -if you are paranoid- unplug your internet cable from your computer when it is not in use.

    *sparsky vs ubuntu ? both are built from unstable debian version and both are fun, user friendly, etc.
    unstable means untrust.

    1. Hi malik,

      Re. GPS. I am not disputing that it exists in some laptops, but (as I understand it) this is an additional hardware module, not part of the Intel processor. I would also think that to work it would require propriety software – something that would be removed if you install a Linux distro instead of the software the laptop ships with.

  4. some mistakes :
    * https://www.anonymousvpn.eu/ is not https://www.anonymousvpn.org/
    * Actually there are vulnerability in all Intel CPUs (skylab backdoor + IME + joint-venture + gps)
    * Actually there are vulnerability in all ubuntu version (ubuntu 16.04 backdoor + policy of the o.s/soft)
    * Ubuntu is shunned for spying (free software foundation). The latest stable release is Ubuntu (GNOME_3.20) 16.10 _ many apps have been updated to their GNOME 3.22 versions.
    * unity was one of the ubuntu backdoor known like ime is one of the intel backdoor known ; another “bugs” are present and hidden by the discover of unity/ime.
    * Tor has a blog where the comments are censored and where the posts are rarely opened for discusion – tweet mode –

    1. Hi aka_meli,

      – My mistake. I am not aware of https://www.anonymousvpn.eu/.
      – As already noted, I am fully aware of the IME backdoor in all Intel chips more recent than 2006. I am not, however, aware of the other vulnerabilities you mention, and a quick search is not helping me. Perhaps you could explain (although I’m prettey sure that at least most Intel chips do not contain a GPS component)?
      – Ubuntu was widely shunned because of a feature of the Unity desktop environment called Dash, a unified search bar that allows users to search for apps, documents, music, and other data locally, as well as to perform searches on the internet. Thing is, though, that in its desire to monetize what is a free OS, developer Canonical Lmt., has struck a deal with the devil Amazon. All search queries are also sent to Amazon, and you will then be shown ads for Amazon products relating to your search terms! Even worse, these highly intrusive ads load in a very insecure way that can allow hackers to spy searches.

      This “feature” could be disabled, but if Ubuntu has switched to the Gnome desktop (something I was not aware of), this should no longer be an issue.

  5. > “vpn is an option with tor.”
    > ubuntu must be avoided
    2017/january/
    – Ubuntu : avoided / backdoor inside the O.S and the new intel ship contains also one (cf : richard stallman conference)
    – Ubuntu & derivative are user-friendly & fun but not at all designed with security/anonimity/privacy in mind.
    – {tor + vpn} are options in serious discussions in different place/time : advantages vs cons.
    _+ In fact you must try & test and depending on your location, your usage, your habits and your vpn , the option 1° can be better than the option 2° but it is not supported by all vpn provider : Tor + vpn is rare ; most of users take the option 2° : vpn + Tor.
    note : Tor team recommend using TorBundle without vpn ; these options add a layer but it is not proven that it could be better without
    _+ Available does not never mean “updated” or “solid & validated by expert” – it is never the case :
    (e.g : https://www.anonymousvpn.eu/ = bad _ except maybe for usa guys living in the same state of the vpn provider/relays but who will trust an obscure service as anonimity/security tool again ?)).
    (e.g : tor in the depo = bad _ always download tor at the official site and check it with its official pgpkey.)

    1. Hi alikerom,

      – The main privacy worried in Ubuntu Unity can now be disabled. A more nuclear option is to replace the Unity desktop entirely. GNOME 3 (Ubuntu GNOME 15.10 is now available,) KDE, or Cinnamon are all good options.. For more information on this please see here.
      – The IME “backdoor” in all newer Intel chips is almost impossible to avoid (and all major alternative platforms have a similar issue). Please see this article for more details.
      – Please see 5 Best VPNs when using Tor for discussion o the pros and cons of using VPN through Tor and Tor through VPN.
      – This is true, but the very fact Open source / Source available code can be interdependently audited is the best protection we have.
      – Our reviewer (no longer with us) gave AnonymousVPN a real kicking in his review.

  6. – ubuntu is user-friendly but like said kalimero must be avoided for two important risks :
    1- it contains some backdoor
    2- it is built on the testing (unstable) version of debian

    – Using tor , a vpn is an option and that because tor needs to be run by all the users in the same way_configuration = without vpn , tor alone.

    – tor + vpn or vpn + tor is better according on my point of view but choose carefully the vpn provider.

    1. Hi Nigel,

      So… I downloaded the PIA Linux/Ubuntu software again (using Mint), and it does indeed have the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position. Thanks for bringing this to my attention. I have made a couple of edits in order to include this information.

    1. Hi kalimero,

      I’m afraid that I don’t really understand what you mean by “vpn is an option with tor.” It is certainly possible to use VPN and Tor together. Ubuntu did come bundled with adware/malware, but this has been made opt-in, so is much less of a concern.

Leave a Reply

Your email address will not be published. Required fields are marked *