ExpressVPN

5 Best Linux VPN Services for 2017

Windows sends a great deal of personal information back to Microsoft, and Mac OSX/MacOS is little better. On top of this, both Microsoft and Apple have cooperated closely with the NSA in the past to spy on their customers. Credible rumors also persist that both Windows and OSX have been backdoored by the NSA.

The Best VPNs for Linux

  1. AirVPN
  2. Mullvad
  3. ExpressVPN
  4. PrivateInternetAccess
  5. IVPN

Anyone who is serious about their privacy should therefore use Linux as their desktop operating system instead. Linux is a free and open source Operating System. This means that its code can be inspected to detect tampering. Although not perfect, open source is not just the best, but the only way to have confidence that your software will not spy on you.

Given that Linux is the OS of choice for anyone serious about privacy, it comes as little surprise that the OS is much better supported by VPN providers than its user-base might suggest.

Most providers offer setup guides for manually configuring their service for Linux, but this means missing out on important features offered by custom clients – most notably kill switches and DNS leak protection.

Best VPNs for Linux Summary

Rank Company Score Price Link

1

AirVPN LogoAirVPN
Read Review10/10
$4.82 / monthVisit Site

2

Mullvad LogoMullvad
Read Review9.2/10
$5.50 / monthVisit Site

3

ExpressVPN LogoExpressVPN
Read Review8.4/10
$8.32 / monthVisit Site

4

PrivateInternetAccess LogoPrivateInternetAccess
Read Review8/10
$3.33 / monthVisit Site

5

iVPN LogoiVPN
Read Review7.4/10
$8.33 / monthVisit Site

*All prices shown in US dollars

* Advertiser Disclosure
Editor's Choice Award

Winner

AirVPN

5/5

Best Linux VPN

  • ProsPROS
  • Linux client (full GUI) with DNS leak protection and kill switch
  • No logs (at all)
  • VPN through Tor
  • Accepts Bitcoin
  • P2P: yes
  • ConsCONS
  • Techiness puts people off
  • Customer support could be better
  • Limited number of servers worldwide

Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not a hit with the average VPN user. This is a big shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.

This means that users benefit from a firewall-based kill switch and DNS leak protection, port selection, and more. And as always, AirVPN uses very strong encryption, permits VPN obfuscation using SSH and SSL tunneling, supports anonymous Linux VPN use via VPN through Tor, and allows port forwarding.

Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels,  3-day free trial, 3 simultaneous connections.

Get the Best VPN for Linux now!

Visit AirVPN »

Three-day free trial

2nd place

Mullvad

4.6/5

Mullvad

  • ProsPROS
  • Linux client (full GUI) with internet kill switch, DNS leak protection & IPv6 routing
  • No logs (at all)
  • Accepts Bitcoin and cash
  • Three simultaneous connections
  • Three-hour free trial
  • ConsCONS
  • Average performance
  • Limited number of servers

Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).

It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in only a very limited number locations in Europe and the US (with no UK server).

Additional features: Port forwarding.

Visit Mullvad »


3rd place

ExpressVPN

4.2/5

ExpressVPN

  • ProsPROS
  • Linux client (command line)
  • No usage logs
  • 30-day money back guarantee
  • Three simultaneous connections
  • Servers in 78 countries
  • ConsCONS
  • Connection logs
  • A bit pricey

ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.

Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use.  The Ubuntu 64-bit version works just fine for my Mint.

Update: The ExpressVPN Linux client now features DNS leak protection.

Additional features: “Stealth” servers in Hong Kong, free SmartDNS, DNS leak protection.

Visit ExpressVPN »


4th place

PrivateInternetAccess

4/5

PrivateInternetAccess

  • ProsPROS
  • No logs (at all)
  • Five simultaneous connections
  • Accepts Bitcoins
  • P2P: yes
  • ConsCONS
  • No free trial
  • US-based company

There was a time when PIA was the darling of the VPN world among privacy fans. So-so customer service and a variety of technical issues have removed a little of the shine, but Private Internet Access still provides a very impressive service. It keeps no logs at all, permits up to five devices to connect simultaneously, and yearly subscriptions are ridiculously cheap.

Linux support is limited to providing a script that automates installation and configuration of the generic open source OpenVPN client. This is way better than nothing, but you do gain none of the advanced features available to users of PIA’s Windows and Mac OSX clients. Although PIA states that its Linux script is for Ubuntu, it also works without problem in Mint (and probably in most other Linux distros).

Edit: Thanks to a comment from reader Nigel H, I downloaded the PIA Linux/Ubuntu software again (using Mint). It has the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position.

Visit PrivateInternetAccess »


5th place

IVPN

3.7/5

IVPN

  • ProsPROS
  • No logs (at all)
  • Three simultaneous connections
  • Multi-hop VPN
  • Seven-day unconditional refund
  • Port forwarding
  • ConsCONS
  • Server network on the smaller side

IVPN is a new entry to our 5 Best lists. Based in Gibraltar, IVPN impresses us with blazing fast connection speeds, a great attitude to privacy (no logs at all), and rock-solid encryption. I am somewhat dubious about the value of its double-hop VPN feature, but others may find it interesting. Those wanting servers in more exotic locations, however, should look elsewhere.

IVPN does not provide any dedicated Linux software, but caters to Linux users with  excellent Linux VPN tutorials for the open source OpenVPN client (using either NetworkManager GUI or Terminal).

Visit IVPN »


VPNs for Linux Distros Considerations

Linux Distros

There are currently over 250 Linux distros (versions) available. User-friendly distros such as Ubuntu and Mint make a good introduction to Linux for newbies.

Although not as secure and/or private as the likes of Tails or Qubes, these are still much more secure and privacy-friendly than Windows or Mac OSX/MacOS.

Both Ubuntu and Mint are based on Debian, and many people in the privacy community consider baseline Debian to be a good compromise between user-friendliness and privacy/security.

A few years ago Ubuntu angered many in the privacy community by introducing Amazon ads and related spyware. Since Ubuntu 16.04 LTS, however, these have been disabled by default. Although some bad will still exists over the issue, this means that Ubuntu is yet again an acceptable choice when it comes to picking an OS that respects your privacy.

If you are willing to sacrifice a little convenience in the name of privacy, then check out my article on Linux distributions built for security and anonymity.

Custom Linux VPN clients

Most providers offer setup guides for manually configuring their services for Linux. This is fine, but means missing out on important features offered by custom clients. The most notable of these are kill switches and DNS leak protection.

AirVPN in Linux

At present the only VPN providers I know of to offer Linux clients with the full range of features typically found in Widows and MacOS software are AirVPN and Mullvad.

Mullvad Linux 2

ExpressVPN also offers a custom Linux client, but it is command-line only and is not as fully-featured.

ExpressVPN 2

The Linux OpenVPN client

The official open source OpenVPN client for Linux works well, but in order to ensure no ip leaks occur you should configure iptables. Such iptable firewall rules also act as a kill switch.

OpenVPN can be run using either NetworkManager GUI or directly via Terminal.  NetworkManager is easier, but it sometimes kills the OpenVPN connection if the network is disrupted.

It is therefore particularly important to setup iptables to prevent leaks when using NetworkManager. IVPN has an excellent tutorial for doing this here.

Linux Live CD/DVD/USB

Most Linux distros can be booted and run directly from a Live CD/ DVD, and / or a LiveUSB stick. This allows you to try out the distro without installing it on your PC. It is a great way to try out different Linux Operating Systems in order to find one that suits you best.

Linux Live distros are also great for privacy and security. Indeed, distros built specially with security and privacy in mind are designed primarily run in “Live” mode only. This is because Live distros, by default, do not save any data locally except in temporary RAM.

This means that when the PC is turned off/rebooted, no trace of the OS, or anything you did on it, remains. For the same reason, Live distros are also pretty much immune to malware attacks.

Note that less secure Live distros may request permission to store data on local drives. This can be handy, but removes many of the security and privacy advantages of using a Live CD/DVD/USB.

VPN inside a Linux Virtual Machine

Another popular way to run Linux is inside a Virtual Machine (VM). The fact that many versions of Linux are very resource-light lends them to this. In the context of VPNs, running Linux inside a VM opens up a couple of interesting possibilities.

Double-hop VPN

Under this setup you connect to one VPN server in your primary OS (VPN 1), and another in your VM (VPN 2). This creates a “double-hop VPN” if you surf the internet from inside the Virtual Machine.

Primary OS -> VPN 1 -> Virtual Machine  -> VPN 2 -> Internet

These VPN servers can be run by the same VPN provider, or by different ones. Please see my article on Chaining VPN servers for a full discussion on this subject.

Chaining VPN servers

Here we can see double-hop VPN using a Linux VM in action

It is probably worth noting that if you do not install a VPN inside the VM (or use Tor), your outfacing IP address with be the same inside the VM as for your primary OS. So if you use a VPN in your primary OS, it will also protect internet connections inside the Virtual Machine.

Split-tunneling

Split-tunneling allows you to access some websites using a VPN, and some websites without. Using Linux inside a VM is one way to do this.  Simply install and run a VPN inside the Virtual Machine, and ta-da!

Websites accessed from within the VM will be protected by the VPN, while those accessed via your primary OS (or another VM) won’t be

Setting up OpenVPN in Linux (Uisng NetworkManager in Ubuntu)

1. Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:

sudo apt-get install network-manager-openvpn openvpn

2. Restart the NetworkManager. This can be done by restarting Ubuntu or logging out and in again, but the easiest way is to enter the following at the Terminal command prompt:

sudo restart network-manager

3. Download the VPN provider’s OpenVPN configuration guides, and Extract them to a convenient location.

ub 13

4. Open Network Manager and click VPN Connections -> Configure VPN…

ub 4

5. Click on ‘Add’.

ub 15

6. Select ‘OpenVPN’ from the drop-down menu and click ‘Create…’

ub 6

8. Ensure the ‘VPN’ tab is selected, and enter the VPN server address supplied by your provider in the ‘Gateway’ field. Under ‘Authentication’, select ‘Password’ from the dropdown ‘Type’ menu and enter your account details. Then Click on the ‘CA Certificate Field’ and navigate to the .crt file at the location you unzipped the OpenVPN config files to in Step 2. Click on ‘Advanced’…

ub 9

9. Check ‘Use LZO data compression’ (note that is step may not be required, or may require different settings depending on your VPN provider). Click ‘OK’ and ‘Save’, and setup is complete!

ub 10

10. To start the VPN connection, simply go to NetworkManager -> VPN Connections -> your connection

ub 11

11. You are now connected! Notice that the NetworkManager taskbar icon now has a tiny padlock on the bottom right to let you know the VPN connection is active. Now also configure iptables in order to prevent any ip leaks. Doimng so also acts as a kill switch.

Conclusion

Any VPN service should be able to work with Linux, and most provide good manual setup guides for doing so. Linux supports the PPTP and L2TP protocols, but I strongly recommend using OpenVPN intread.

The official OpenVPN client is good, but to ensure no IP leaks occur it is important to also use and correctly configure iptables. This is especially true if using OpenVPN via NetworkManager. This should be no great effort for most Linux users, though, who are used to a certain lack of hand-holding!

Alternatively, AirVPN and Mullvad offer open source Linux clients that have all the bells and whistles of their Windows and MacOS siblings, including IP leak protection and kill switches.

Best VPN for your Linux OS Summary

Rank Company Score Price Link

1

AirVPN LogoAirVPN
Read Review10/10
$4.82 / monthVisit Site

2

Mullvad LogoMullvad
Read Review9.2/10
$5.50 / monthVisit Site

3

ExpressVPN LogoExpressVPN
Read Review8.4/10
$8.32 / monthVisit Site

4

PrivateInternetAccess LogoPrivateInternetAccess
Read Review8/10
$3.33 / monthVisit Site

5

iVPN LogoiVPN
Read Review7.4/10
$8.33 / monthVisit Site

*All prices shown in US dollars

* Advertiser Disclosure

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


16 responses to “5 Best Linux VPN Services for 2017

  1. Hi Douglas,

    I was wondering would you be open to increasing the number in the definition of best because to be quite honest I think you’re being extremely unfair to some other VPN Service Providers that are just as as good if not better and most certainly work just as hard as the others into devlivery a brillaint client for their current customers and to newcomers that are looking for a proprietery Linux client that offer similar if not exactly the same functionality and security overall in contrast to their client on other OS’s.

    Further more, I think if you were to at least restrict it a top 9 or 14 it would make sense though you may still be unfair to a some toher but it would be understanding in terms of the effort you put into research and the actually credibilty behind the term, ‘best’. I say this because having got some brillaint suggestions for you related to your website, I was further surprised you didn’t come across Proxy.sh as one to list in this page and other pages and wish you’d include it in your list if you take one of my suggestions by increasing the number of ‘best’ providers.

    I wish to enagage in further discussions with you relating to this and similar things as well as particular project, you may be interested in.

    I’ll look foward to your reply.

    Regards

    1. Hi Count,

      We have restrictive out lists to “5 Best” because we feel that most visitors will bet bored reading through even longer lists. Of course such lists are not exclusive, and there are many other fine providers out there. We have a Proxy.sh Review, but it is, admittedly, very old and badly in need of updating.

  2. proprietary software & hardware “component” = gps activation/module ?

    Do not let’s forget that the industry answers to the request of their clients & customers and if the gps is often a hardware feature or an electronic component it could be also a function, some lines of codes, a micro_module inserted/embedded inside the gpu:cpu (topics about that were posted long years ago but seem to have been erased since from the web) and , even if a commercial project makes money with a proprietary software ; it can be run using free soft/gratis.

    ^ blue-tooth are often (if not always) gps embedded and a chipset-processor function / built-in Global Positioning System.
    ^ Phones with Qualcomm X12 modems use Qualcomm transceiver chips, and those using the Intel XMM 7360 use Intel’s transceivers.
    ^ Quad-band GSM/GPRS module with embedded Bluetooth module and embedded cell tower locator.

    – Dell latitude 10 : integrated Broadcom GNSS Receiver BCM47511 (GPS,Glonass…).
    driver from Lenovo (which makes Broadcom GNSS work properly)
    – Rugged Extreme laptops
    – Dell Latitude E6500

    + http://www.curiousmentality.co.uk/2009/06/using-the-dell-latitude-e6400-built-in-gps/
    + https://www-ssl.intel.com/content/www/us/en/mobile/modem-solutions.html
    + http://forums.appleinsider.com/discussion/194666/low-end-intel-kaby-lake-processors-detailed-macbook-pro-version-absent
    [Intel can build both Apple’s processors in it’s 10nm fab. Intel can also help build integrated A-processor CPU/GPU/Wifi/LTE.BT/GPS/etc on single chip like this news — Samsung launches first Exynos chip with all radios built in( to handle LTE, FM, Bluetooth, WiFi and GPS.]

    *uninstall telnet
    *replace their dns by your dns
    *read vpn-reviews

    # i wonder why the vpn provider have missed the target of the sub-note (10°) and why you have not test their hardware performance/security/privacy : ikit(in the palm of a hand) : storex(in a pocket) : asus/hp(in a bag) … seem to be a quick & discreet way to be connected through vpn.
    # i should wish they improve their product with a good network card and a safe cpu (i do not like the wifi:blue-tooth).

  3. > Perhaps
    Depending on the brand & the serie & the country where your computer/laptop/subnote is coming from … some vulnerabilities/feature_malware/backdoor_system management/hijacking_bios/rootkit/gps embedded could be an option and enabled or could be slept as a ‘suspend’ service.)
    # the price includes all the improvement.

    ibm (Thinkpad) & dell (Latitude) are famous for their bizare configuration …
    #are there ingeniors working in their team ?

    A lot of clones are strange (quality/price are good) – (acer/hp/iKit/storex)
    # who have reviewed it with privacy in mind ?

    Is coreduo a danger ?
    # no, it is not but a lot of misinformation & brain washing -propaganda- are confusing the user and it is not fair. The user wants to be independant/autonomous owner of his tool.

    https://security.stackexchange.com/questions/50907/are-there-gps-tracker-for-laptops
    https://stackoverflow.com/questions/15702355/what-is-the-difference-between-the-firmware-and-the-operating-system

    Some laptops and netbooks are GPS-enabled and provide navigational information while on the go.
    gps-backdoor/remote coontrol :
    -rtc & gps & WebRTC
    -firmware & battery
    -anti-theft/Data Protection
    -builtin GPS in a mini-pci card + SIM
    -A full array of wireless communications options come built in: 802.11n Wi-Fi, Bluetooth, WWAN, and even GPS (2008)
    -Trusted Platform Module
    -Internal GPS fitted to Tablets and laptops.
    Computer peripheral devices :
    Devices connecting to the computer via USB, Bluetooth or expansion slots (sd card/card reader e.g.) allow the computer to utilize the GPS system.

    *wake on lan must be turned off , the browser must be tweaked a little , you must also -if you are paranoid- unplug your internet cable from your computer when it is not in use.

    *sparsky vs ubuntu ? both are built from unstable debian version and both are fun, user friendly, etc.
    unstable means untrust.

    1. Hi malik,

      Re. GPS. I am not disputing that it exists in some laptops, but (as I understand it) this is an additional hardware module, not part of the Intel processor. I would also think that to work it would require propriety software – something that would be removed if you install a Linux distro instead of the software the laptop ships with.

  4. some mistakes :
    * https://www.anonymousvpn.eu/ is not https://www.anonymousvpn.org/
    * Actually there are vulnerability in all Intel CPUs (skylab backdoor + IME + joint-venture + gps)
    * Actually there are vulnerability in all ubuntu version (ubuntu 16.04 backdoor + policy of the o.s/soft)
    * Ubuntu is shunned for spying (free software foundation). The latest stable release is Ubuntu (GNOME_3.20) 16.10 _ many apps have been updated to their GNOME 3.22 versions.
    * unity was one of the ubuntu backdoor known like ime is one of the intel backdoor known ; another “bugs” are present and hidden by the discover of unity/ime.
    * Tor has a blog where the comments are censored and where the posts are rarely opened for discusion – tweet mode –

    1. Hi aka_meli,

      – My mistake. I am not aware of https://www.anonymousvpn.eu/.
      – As already noted, I am fully aware of the IME backdoor in all Intel chips more recent than 2006. I am not, however, aware of the other vulnerabilities you mention, and a quick search is not helping me. Perhaps you could explain (although I’m prettey sure that at least most Intel chips do not contain a GPS component)?
      – Ubuntu was widely shunned because of a feature of the Unity desktop environment called Dash, a unified search bar that allows users to search for apps, documents, music, and other data locally, as well as to perform searches on the internet. Thing is, though, that in its desire to monetize what is a free OS, developer Canonical Lmt., has struck a deal with the devil Amazon. All search queries are also sent to Amazon, and you will then be shown ads for Amazon products relating to your search terms! Even worse, these highly intrusive ads load in a very insecure way that can allow hackers to spy searches.

      This “feature” could be disabled, but if Ubuntu has switched to the Gnome desktop (something I was not aware of), this should no longer be an issue.

  5. > “vpn is an option with tor.”
    > ubuntu must be avoided
    2017/january/
    – Ubuntu : avoided / backdoor inside the O.S and the new intel ship contains also one (cf : richard stallman conference)
    – Ubuntu & derivative are user-friendly & fun but not at all designed with security/anonimity/privacy in mind.
    – {tor + vpn} are options in serious discussions in different place/time : advantages vs cons.
    _+ In fact you must try & test and depending on your location, your usage, your habits and your vpn , the option 1° can be better than the option 2° but it is not supported by all vpn provider : Tor + vpn is rare ; most of users take the option 2° : vpn + Tor.
    note : Tor team recommend using TorBundle without vpn ; these options add a layer but it is not proven that it could be better without
    _+ Available does not never mean “updated” or “solid & validated by expert” – it is never the case :
    (e.g : https://www.anonymousvpn.eu/ = bad _ except maybe for usa guys living in the same state of the vpn provider/relays but who will trust an obscure service as anonimity/security tool again ?)).
    (e.g : tor in the depo = bad _ always download tor at the official site and check it with its official pgpkey.)

    1. Hi alikerom,

      – The main privacy worried in Ubuntu Unity can now be disabled. A more nuclear option is to replace the Unity desktop entirely. GNOME 3 (Ubuntu GNOME 15.10 is now available,) KDE, or Cinnamon are all good options.. For more information on this please see here.
      – The IME “backdoor” in all newer Intel chips is almost impossible to avoid (and all major alternative platforms have a similar issue). Please see this article for more details.
      – Please see 5 Best VPNs when using Tor for discussion o the pros and cons of using VPN through Tor and Tor through VPN.
      – This is true, but the very fact Open source / Source available code can be interdependently audited is the best protection we have.
      – Our reviewer (no longer with us) gave AnonymousVPN a real kicking in his review.

  6. – ubuntu is user-friendly but like said kalimero must be avoided for two important risks :
    1- it contains some backdoor
    2- it is built on the testing (unstable) version of debian

    – Using tor , a vpn is an option and that because tor needs to be run by all the users in the same way_configuration = without vpn , tor alone.

    – tor + vpn or vpn + tor is better according on my point of view but choose carefully the vpn provider.

    1. Hi Nigel,

      So… I downloaded the PIA Linux/Ubuntu software again (using Mint), and it does indeed have the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position. Thanks for bringing this to my attention. I have made a couple of edits in order to include this information.

    1. Hi kalimero,

      I’m afraid that I don’t really understand what you mean by “vpn is an option with tor.” It is certainly possible to use VPN and Tor together. Ubuntu did come bundled with adware/malware, but this has been made opt-in, so is much less of a concern.

Leave a Reply

Your email address will not be published. Required fields are marked *