Windows sends a great deal of personal information back to Microsoft, and Mac OSX/MacOS is little better. On top of this, both Microsoft and Apple have cooperated closely with the NSA in the past to spy on their customers. Credible rumors also persist that both Windows and OSX have been backdoored by the NSA.
The Best VPNs for Linux
Anyone who is serious about their privacy should therefore use Linux as their desktop operating system instead. Linux is a free and open source Operating System. This means that its code can be inspected to detect tampering. Although not perfect, open source is not just the best, but the only way to have confidence that your software will not spy on you.
Given that Linux is the OS of choice for anyone serious about privacy, it comes as little surprise that the OS is much better supported by VPN providers than its user-base might suggest.
Most providers offer setup guides for manually configuring their service for Linux, but this means missing out on important features offered by custom clients – most notably kill switches and DNS leak protection.
Best VPNs for Linux Summary
|1||AirVPN review||$4.82 / month||Visit Site|
|2||NordVPN review||$3.29 / month||Visit Site|
|3||Mullvad review||$5.50 / month||Visit Site|
|4||ExpressVPN review||$6.67 / month||Visit Site|
|5||CyberGhost review||$2.90 / month||Visit Site|
- Linux client (full GUI) with DNS leak protection and kill switch
- No logs (at all)
- VPN through Tor
- Accepts Bitcoin
- P2P: yes
- Techiness puts people off
- Customer support could be better
- Limited number of servers worldwide
Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not a hit with the average VPN user. This is a big shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.
This means that users benefit from a firewall-based kill switch and DNS leak protection, port selection, and more. And as always, AirVPN uses very strong encryption, permits VPN obfuscation using SSH and SSL tunneling, supports anonymous Linux VPN use via VPN through Tor, and allows port forwarding.
Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels, 3-day free trial, 3 simultaneous connections.
- Based in Panama
- Six simultaneous connections
- Servers in 61+ countries
- P2P: yes
- Issues with support
- Some servers can be a little slow
NordVPN is a great VPN for Linux for the privacy fanatics out there. Its location in Panama already promises enhanced security, and is only enhanced by its no-logs policy, tough military-grade encryption, and features such as Tor over VPN and an in-App killswitch.
NordVPN is not only for Linux users focused on security. It boasts other excellent perks such as servers in 58+ countries, allowing P2P, six simultaneous connections, and great speeds. Better yet, you can give it all a go without committing thanks to the provider’s 30-day money-back guarantee.
- Linux client (full GUI) with internet kill switch, DNS leak protection & IPv6 routing
- No logs (at all)
- Accepts Bitcoin and cash
- Three simultaneous connections
- Three-hour free trial
- Average performance
- Limited number of servers
Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).
It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in only a very limited number locations in Europe and the US (with no UK server).
Additional features: Port forwarding.
- Linux client (command line)
- No usage logs
- 30-day money back guarantee
- Three simultaneous connections
- Servers in 78 countries
- Connection logs
- A bit pricey
ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.
Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use. The Ubuntu 64-bit version works just fine for my Mint.
Update: The ExpressVPN Linux client now features DNS leak protection.
Additional features: “Stealth” servers in Hong Kong, free SmartDNS, DNS leak protection.
- Keeps no usage logs
- Very fast
- Five simultaneous connections
- 30-day money-back refund
- Keeps some connection logs
CyberGhost rounds up our list of the best VPNs for Linux. CyberGhost is a popular Romanian provider known for its stylish provider and intuitive use. Just because it’s easy to use doesn’t mean that it’s any less secure – it boasts excellent security features such as military-grade encryption, a kill switch, and perfect forward secrecy.
Other attractive features of CyberGhost include its five simultaneous connections, fast speeds, and allowing P2P. What’s more, you can experience all these and more for yourself by taking advantage of the provider’s 30-day money-back guarantee.
VPNs for Linux Distros Considerations
Both Ubuntu and Mint are based on Debian, and many people in the privacy community consider baseline Debian to be a good compromise between user-friendliness and privacy/security.
A few years ago Ubuntu angered many in the privacy community by introducing Amazon ads and related spyware. Since Ubuntu 16.04 LTS, however, these have been disabled by default. Although some bad will still exists over the issue, this means that Ubuntu is yet again an acceptable choice when it comes to picking an OS that respects your privacy.
If you are willing to sacrifice a little convenience in the name of privacy, then check out my article on Linux distributions built for security and anonymity.
Custom Linux VPN clients
Most providers offer setup guides for manually configuring their services for Linux. This is fine, but means missing out on important features offered by custom clients. The most notable of these are kill switches and DNS leak protection.
ExpressVPN also offers a custom Linux client, but it is command-line only and is not as fully-featured.
The Linux OpenVPN client
OpenVPN can be run using either NetworkManager GUI or directly via Terminal. NetworkManager is easier, but it sometimes kills the OpenVPN connection if the network is disrupted.
It is therefore particularly important to setup iptables to prevent leaks when using NetworkManager. IVPN has an excellent tutorial for doing this here.
Linux Live CD/DVD/USB
Most Linux distros can be booted and run directly from a Live CD/ DVD, and / or a LiveUSB stick. This allows you to try out the distro without installing it on your PC. It is a great way to try out different Linux Operating Systems in order to find one that suits you best.
Linux Live distros are also great for privacy and security. Indeed, distros built specially with security and privacy in mind are designed primarily run in “Live” mode only. This is because Live distros, by default, do not save any data locally except in temporary RAM.
This means that when the PC is turned off/rebooted, no trace of the OS, or anything you did on it, remains. For the same reason, Live distros are also pretty much immune to malware attacks.
Note that less secure Live distros may request permission to store data on local drives. This can be handy, but removes many of the security and privacy advantages of using a Live CD/DVD/USB.
VPN inside a Linux Virtual Machine
Another popular way to run Linux is inside a Virtual Machine (VM). The fact that many versions of Linux are very resource-light lends them to this. In the context of VPNs, running Linux inside a VM opens up a couple of interesting possibilities.
Under this setup you connect to one VPN server in your primary OS (VPN 1), and another in your VM (VPN 2). This creates a “double-hop VPN” if you surf the internet from inside the Virtual Machine.
Primary OS -> VPN 1 -> Virtual Machine -> VPN 2 -> Internet
These VPN servers can be run by the same VPN provider, or by different ones. Please see my article on Chaining VPN servers for a full discussion on this subject.
Here we can see double-hop VPN using a Linux VM in action
It is probably worth noting that if you do not install a VPN inside the VM (or use Tor), your outfacing IP address with be the same inside the VM as for your primary OS. So if you use a VPN in your primary OS, it will also protect internet connections inside the Virtual Machine.
Split-tunneling allows you to access some websites using a VPN, and some websites without. Using Linux inside a VM is one way to do this. Simply install and run a VPN inside the Virtual Machine, and ta-da!
Websites accessed from within the VM will be protected by the VPN, while those accessed via your primary OS (or another VM) won’t be
Setting up OpenVPN in Linux (Uisng NetworkManager in Ubuntu)
1. Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:
sudo apt-get install network-manager-openvpn openvpn
2. Restart the NetworkManager. This can be done by restarting Ubuntu or logging out and in again, but the easiest way is to enter the following at the Terminal command prompt:
sudo restart network-manager
3. Download the VPN provider’s OpenVPN configuration guides, and Extract them to a convenient location.
4. Open Network Manager and click VPN Connections -> Configure VPN…
5. Click on ‘Add’.
6. Select ‘OpenVPN’ from the drop-down menu and click ‘Create…’
8. Ensure the ‘VPN’ tab is selected, and enter the VPN server address supplied by your provider in the ‘Gateway’ field. Under ‘Authentication’, select ‘Password’ from the dropdown ‘Type’ menu and enter your account details. Then Click on the ‘CA Certificate Field’ and navigate to the .crt file at the location you unzipped the OpenVPN config files to in Step 2. Click on ‘Advanced’…
9. Check ‘Use LZO data compression’ (note that is step may not be required, or may require different settings depending on your VPN provider). Click ‘OK’ and ‘Save’, and setup is complete!
10. To start the VPN connection, simply go to NetworkManager -> VPN Connections -> your connection
11. You are now connected! Notice that the NetworkManager taskbar icon now has a tiny padlock on the bottom right to let you know the VPN connection is active. Now also configure iptables in order to prevent any ip leaks. Doimng so also acts as a kill switch.
Any VPN service should be able to work with Linux, and most provide good manual setup guides for doing so. Linux supports the PPTP and L2TP protocols, but I strongly recommend using OpenVPN intread.
The official OpenVPN client is good, but to ensure no IP leaks occur it is important to also use and correctly configure iptables. This is especially true if using OpenVPN via NetworkManager. This should be no great effort for most Linux users, though, who are used to a certain lack of hand-holding!