Douglas Crawford

Douglas Crawford

December 30, 2017

Windows sends a great deal of personal information back to Microsoft, and Mac OSX/MacOS is little better. On top of this, both Microsoft and Apple have cooperated closely with the NSA in the past to spy on their customers. Credible rumors also persist that both Windows and OSX have been backdoored by the NSA.

Anyone who is serious about their privacy should, therefore, use Linux as their desktop operating system instead. Linux is a free and open source Operating System (OS). This means that its code can be inspected to detect tampering. Given that Linux is the OS of choice for anyone serious about privacy, it comes as little surprise that Linux is much better supported by VPN providers than its user-base might suggest.

Best VPNs for Linux Summary

9.8/10.0

PrivateVPN Homepage
PROS:
  • Loved by consumers
  • Super fast for streaming
  • Zero logs
  • Fully featured for security and privacy
  • Fantastic customer care
CONS:
  • Not much

PrivateVPN is an amazing service from Sweden that users praise regularly. It is a superb service that has a setup guide for Linux users on its website. It is fast, efficient, easy to use, and extremely reliable. It also provides lightning fast speeds for streaming in HD. PrivateVPN is a pleasure to use and has all the important security features you might need. It also has servers in over 50 countries.

Encryption is military grade OpenVPN and this VPN keeps zero logs. Amazingly, this fantastic VPN is also super cheap. Why not try the 30-day money-back guarantee to see why this VPN is proving so popular?

Get the Best VPN for Linux now!

Visit PrivateVPN »Seven-day free trial

9.6/10.0

AirVPN Homepage
PROS:
  • Linux client (full GUI) with DNS leak protection and kill switch
  • No logs (at all)
  • VPN through Tor
  • Accepts Bitcoin
  • P2P: yes
CONS:
  • Techiness puts people off
  • Customer support could be better
  • Limited number of servers worldwide

Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not necessarily for everyone. This is a bit of a shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.

This means that users benefit from a firewall-based kill switch and DNS leak protection, port selection, and more. In addition, AirVPN uses very strong encryption, permits VPN obfuscation using SSH and SSL tunneling, supports anonymous Linux VPN use via VPN through Tor, and allows port forwarding.

Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels, 3-day free trial, 3 simultaneous connections.

8.4/10.0

Mullvad Homepage
PROS:
  • Linux client (full GUI) with internet kill switch, DNS leak protection & IPv6 routing
  • No logs (at all)
  • Accepts Bitcoin and cash
  • 5 simultaneous connections
  • Three-hour free trial
CONS:
  • Limited number of servers

Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).

It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in a relatively limited number locations (mainly in Europe but also North America, Australia, and the UK).

Additional features: Port forwarding.

8.0/10.0

ExpressVPN Homepage
PROS:
  • Special Offer: 49% off today!
  • Linux client (command line)
  • No usage logs
  • 30-day money back guarantee
  • Three simultaneous connections
  • Servers in 78 countries
CONS:
  • A bit pricey – but worth it!

ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.

Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use. The Ubuntu 64-bit version works just fine for my Mint.

Update: The ExpressVPN Linux client now features DNS leak protection.

Additional features: “Stealth” servers in Hong Kong, free SmartDNS, DNS leak protection.

7.8/10.0

CyberGhost Homepage
PROS:
  • Special Offer: 77% off 2-year plans!
  • Keeps no usage logs
  • Very fast
  • Five simultaneous connections
  • 30-day money-back refund
CONS:
  • Keeps some connection logs

CyberGhost rounds up our list of the best VPNs for Linux. CyberGhost is a popular Romanian provider known for its stylish provider and intuitive use. Just because it’s easy to use doesn’t mean that it’s any less secure – it boasts excellent security features such as military-grade encryption, a kill switch, and perfect forward secrecy.

Other attractive features of CyberGhost include its five simultaneous connections, fast speeds, and allowing P2P. What’s more, you can experience all these and more for yourself by taking advantage of the provider’s 30-day money-back guarantee.


How We Picked the Top Linux VPN for 2018

Here at BestVPN.com, we’re fortunate to have some of the VPN industry’s foremost experts as staff members. Based on our detailed VPN reviews – as well as data collected as part of our BestVPN.com Awards process – we’ve carefully considered a range of factors that go into making a great all-round Linux VPN service.

This includes factors such as speed performance, encryption strength, privacy policy, legal jurisdiction, price, free trial or money-back guarantee, actual support for Linux, and much more.

We recognize that due to the versatility of VPN technology, what makes a great Linux VPN for one user may miss the mark for another. As such, these top VPN for Linux picks are a consensus choice made after much careful deliberation by the BestVPN.com staff.

For more information about how we review VPNs visit our BestVPN.com’s VPN Review Process Overview

Linux VPN FAQs

What is a VPN for Linux?

A VPN is a way to securely connect your Linux machine to a “VPN server” run by a commercial VPN provider. Your Linux PC then connects to the internet via this VPN server.

  • Using a VPN is arguably the single most effective measure you can take to improve your online privacy and security.
  • All data passing between your PC and the VPN server is encrypted. This is sometimes referred to as an “encrypted tunnel.” The VPN hides your data from your Internet Service Provider (ISP), so that it cannot spy on what you do online.
  • VPN providers usually run servers in different locations around the world. This is great for avoiding censorship, as you can simply connect to a server located in a country where there is no such censorship.
  • When you connect to the internet via a VPN server, anyone on the internet will see the Internet Protocol (IP) address of the VPN server, not your real IP.

Only very few VPN services offer custom VPN clients for Linux. That said, most provide manual Linux setup guides.

Why do I need a VPN for Linux?

VPNs are something of a Swiss Army knife and should part of every serious Linux user’s toolkit.

Use a VPN With Linux for Privacy

Linux is a great choice for any privacy-conscious internet user, thanks largely to the fact that is (at least mainly) open source.

This means that no-one – not even your ISP or even the NSA – can see what you get up to on the internet. Although an ISP is still needed to connect your PC to the VPN sever, it cannot see any data that passes between your PC and the VPN server. It also cannot see what websites you visit beyond the initial connection to the VPN server.

On the flip side, websites you visit will see the IP address of the VPN server, not your real IP. They therefore act as an IP blocker, helping to keep your identity safe when surfing the web.

Use a Linux VPN to Unblock Netflix and BBC iPlayer

If you connect to a VPN server in another country, as far as websites are concerned you appear to be in that country! This is a great way to access restricted websites that ban overseas visitors or which have regional restrictions on the content available.

This means you can unblock not only the ever-popular US Netflix and BBC iPlayer, but US cable TV channels such as FOX, ESPN, and CNN (on the geographically-restricted service SlingTV, for example).

If you would like to know more about unblocking Netflix, please check out our Best 5 VPNS for Netflix.

Sports fans are also in for a treat when using a VPN. A VPN allows you to unblock live sporting events from around the world, such as the recent Mayweather Vs. McGregor fight. It can also allow you to subscribe to services such as BeIN, which provide a cheap way to watch the English Premier League and other competitions.

Check out the new BestVPN.com Sports Hub for more details!

Use VPN on a Linux System to Evade Censorship

As I’ve already noted, a VPN will prevent your ISP and government from seeing what you get up to online. If you connect to a VPN server in another country, then you’ll be able to access the full range of internet content available to citizens of that country.

Using a VPN is, therefore, a great way to evade censorship and access restricted websites – be it on social, religious, moral, political, or copyright grounds.

A VPN Will Protect You from WiFi Hackers

A Linux-based VPN will protect you from hackers when using public WiFi hotspots, as your data is secure between your computer and the VPN server. Even if you connect to a fake “evil twin” hotspot, your data will be protected because it is encrypted.

How to Choose a Linux VPN

For Protecting Yourself from Hackers

Any VPN will protect you when using public WiFi, and in situations where you don’t trust the WiFi operator. It will also protect you against KRACK attacks. Strong encryption is ideal, but even weak encryption should stump most WiFi hackers.

For Spoofing Your Location

The first consideration, of course, is that the VPN client offers servers in the location you want to spoof! Speed is also important if you want to avoid buffering problems, so try to choose a VPN with the fastest servers.

It’s also important to check that a VPN service works with the content you want to access before you subscribe. We try to keep up date on which VPNs work for services such as Netflix and BBC iPlayer, but nothing beats taking advantage of free trials and money back guarantees in order to check for yourself.

For Hiding Your Online Activity from Your ISP and Government

Any VPN will hide your online activity from your ISP or mobile provider. If you’re worried about your government (or the NSA) pressuring your VPN provider in some way for this information, be sure to choose a good no logs provider.

Strong technical security isn’t as important for privacy as a VPN’s logging policy, but it is a factor.

For Preventing Tracking by Websites

Again, any VPN will do. However, you should also use privacy browser extensions to give you more complete protection. Firefox for Linux is open source and is compatible with all Firefox privacy add-ons.

For Bypassing Censorship

In most situations, any VPN will do for bypassing censorship and accessing restricted websites. Just pick an international VPN service and use a VPN server located somewhere that is not censored.

If VPN websites and/or the VPN protocols themselves are blocked where you are, please see How to Bypass VPN Blocks – A Guide.

We don’t usually recommend use of free VPNs, but the economic realities of living under a repressive regime may make the Best free VPN and Five Best Cheap VPN services useful.

For Torrenting

A VPN will also protect you when peer-to-peer (P2P) file-sharing. Anyone monitoring a torrent will only see the IP address of the VPN sever, not your real IP address.  Do be sure, however, to choose a provider that permits P2P use. Not all do.

Please check out Five Best VPNs for Torrenting.

For Gaming

The Linux Operating System (OS) is not known for its gaming library, although Steam does have a catalog of Linux games. A better option is probably to dual-boot into Windows using the GRUB bootloader.

This will allow you access the huge selection of Windows games that available, and to run them as fast as your hardware will allow.

Although it is theoretically possible to play games under Linux using virtualization software such as VM Virtualbox, doing so will seriously damage games’ performance. Playing games using Wine can be a very hit and miss affair, but if you can get them to work , this might produce better results.

Be sure to check out 5 Best VPNs for Gaming for further information on how a VPN can help you when gaming.

Which VPNs to Avoid for Linux Users

As discussed below, if you want a dedicated and fully featured custom VPN client then you have a very limited selection of providers to choose from. If you don’t mind doing manual  VPN setup in Linux, then most comments on the rest of this site apply as much to Linux users as to anybody else.

PureVPN is the most complained-about VPN service we have reviewed, while Hide My Ass (HMA) is based in the UK and has a history of handing over logs to the authorities. VyprVPN is in many ways an excellent VPN service, but it keeps extensive connection logs and only permits legal torrenting.

If you are interested in any particular VPN service, do please check out our review of it before handing over your hard-earned cash.

Linux Distros

There are currently over 250 Linux distros (versions) available. User-friendly distros such as Ubuntu and Mint make a good introduction to Linux for newbies.  Although not as secure and/or private as the likes of Tails or Qubes, these are still much more secure and privacy-friendly than Windows or Mac OSX/MacOS. The latest release of Ubuntu (17.10 Artful Aardvark) uses the Gnome desktop, and may account for an uptick of interest in OpenVPN for Gnome.

Both Ubuntu and Mint are based on Debian, and many people in the privacy community consider baseline Debian to be a good compromise between user-friendliness and privacy/security.

A few years ago Ubuntu angered many in the privacy community by introducing Amazon ads and related spyware. Since Ubuntu 16.04 LTS, however, these have been disabled by default. Although some bad will still exists over the issue, this means that Ubuntu is yet again an acceptable choice when it comes to picking an OS that respects your privacy.

If you are willing to sacrifice a little convenience in the name of privacy, then check out my article on Linux distributions built for security and anonymity.

Custom Linux VPN clients

Most providers offer setup guides for manually configuring their services for Linux. This is fine, but means missing out on important features offered by custom clients. The most notable of these are kill switches and DNS leak protection.

AirVPN in Linux

At present, the only VPN providers I know of to offer Linux clients with the full range of features typically found in Windows and MacOS software are AirVPN and Mullvad.

Mullvad Linux 2

ExpressVPN also offers a custom Linux client, but it is command-line only and is not as fully-featured.

ExpressVPN 2

Linux Live CD/DVD/USB

Most Linux distros can be booted and run directly from a Live CD/ DVD, and/or a LiveUSB stick. This allows you to try out the distro without installing it on your PC. It is a great way to try out different Linux Operating Systems in order to find one that suits you best.

Linux Live distros are also great for privacy and security. Indeed, distros built especially with security and privacy in mind are designed primarily run in “Live” mode only. This is because Live distros, by default, do not save any data locally except in temporary RAM.

This means that when the PC is turned off/rebooted, no trace of the OS, or anything you did on it, remains. For the same reason, Live distros are also pretty much immune to malware attacks.

Note that less secure Live distros may request permission to store data on local drives. This can be handy but removes many of the security and privacy advantages of using a Live CD/DVD/USB.

VPN Inside a Linux VM

Another popular way to run Linux is inside a Virtual Machine (VM). The fact that many versions of Linux are very resource-light lends them to this. In the context of VPNs, running Linux inside a VM opens up a couple of interesting possibilities.

Double-Hop VPN

Under this setup you connect to one VPN server in your primary OS (VPN 1), and another in your VM (VPN 2). This creates a “double-hop VPN” if you surf the internet from inside the Virtual Machine.

Primary OS -> VPN 1 -> Virtual Machine -> VPN 2 -> Internet

These VPN servers can be run by the same VPN provider, or by different ones. Please see my article on Chaining VPN servers for a full discussion on this subject.

Chaining VPN servers

Here we can see double-hop VPN using a Linux VM in action

It is probably worth noting that if you do not install a VPN inside the VM (or use Tor), your outfacing IP address with be the same inside the VM as for your primary OS. So if you use a VPN in your primary OS, it will also protect internet connections inside the Virtual Machine.

Split-Tunneling

Split-tunneling allows you to access some websites using a VPN, and some websites without. Using Linux inside a VM is one way to do this. Simply install and run a VPN inside the Virtual Machine, and ta-da!

Websites accessed from within the VM will be protected by the VPN, while those accessed via your primary OS (or another VM) won’t be.

How to Install OpenVPN and Connect to OpenVPN in Linux

Using NetworkManager in Ubuntu to setup  OpenVPN.

1. Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:

sudo apt-get install network-manager-openvpn openvpn

2. Restart the NetworkManager. This can be done by restarting Ubuntu or logging out and in again, but the easiest way is to enter the following at the Terminal command prompt:

sudo restart network-manager

3. Download the VPN provider’s OpenVPN ovpn config file or files (.ovpn file). Multiple ovpn config files are often downloaded as a zip file, which must be unzipped. You will need a VPN subscription for this.ub 13

4. Open Network Manager and click VPN Connections -> Configure VPN…

ub 4

5. Click on ‘Add’.

ub 15

6. Select ‘OpenVPN’ from the drop-down menu and click ‘Create…’

ub 6

7. Ensure the ‘VPN’ tab is selected, and enter the VPN server address supplied by your provider in the ‘Gateway’ field. Under ‘Authentication’, select ‘Password’ from the dropdown ‘Type’ menu and enter your account details. Then Click on the ‘CA Certificate Field’ and navigate to the .crt file at the location you unzipped the .ovpn file or files to in Step 3. Click on ‘Advanced’…

8. Check ‘Use LZO data compression’ (note that is step may not be required or may require different settings depending on your VPN provider). Click ‘OK’ and ‘Save’, and you have now setup OpenVPN. Yay!

ub 10

9. To start the VPN connection, simply go to NetworkManager -> VPN Connections -> your connection

ub 11

10. You are now connected! Notice that the NetworkManager taskbar icon now has a tiny padlock on the bottom right to let you know the VPN connection is active. Now also configure iptables in order to prevent any IP leaks. Doing so also acts as a kill switch.

VPN Kill Switch for Linux and how to Create One

What is a kill switch?

Sometimes VPN connections fail. With a good VPN provider, this should not happen very often, but it occasionally happens even to the best. If your computer continues to remain connected to the internet while after this happens, then your real IP will be exposed.

You may then think that you are protected by VPN, when in fact the whole world can see your IP address. Needless to say, this is very dangerous.

The usual solution to this problem on other platforms is to build a kill switch into the custom VPN client. This solves this problem by preventing your computer from connecting to the internet when a VPN connection is not active.

Firewall-based kill switches block all internet traffic except that which goes through the VPN. Reactive kill switches detect that the VPN has disconnected, then shut down your internet connection (or sometimes individual apps that you specify). Firewall-based solutions are more secure, but any kill switch is better than none!

Kill Switches for Linux

The problem for Linux fans is the lack of custom Linux VPN clients. Good news is that both the AirVPN and Mullvad Linux clients include a kill switch.

If using another service, however, you are somewhat on your own. This is because neither the built-in Linux VPN client nor OpenVPN for Linux includes a kill switch.

The solution is to manually configure the iptables firewall to act as a kill switch.  This will also prevent DNS and other forms of IP leak. IVPN has a fantastic guide on how to configure IP tables in this way here.

I am aware the connection is very tenuous, so please forgive me for slipping in a quick link to 5 Best VPNs for China for those who need a VPN to bypass the Great Firewall of China.

How to Test Your VPN

To test that your VPN is working, visit ipleak.net. If the VPN is working then “Your IP addresses” should show the IP of the VPN server, not your real IP address. If you’ve connected to a VPN server in a different country, it is very easy to see whether your IP has changed.

Here I am in the UK, connected to a US VPN server with no IP leaks.

If you see an IP address belonging either to yourself or your ISP, then you have an IP leak. This includes IPv4 DNS leaks, IPv6 leaks, and Web Real-Time Communication (WebRTC) leaks. DNS leaks occur when a third-party DNS server (such as one operated by your Internet Service Provider) resolves your DNS requests, instead of a DNS server run by your VPN service.

Please consult A Complete Guide to IP Leaks to find out why this might be, and how to fix the issue. As already discussed, unless you use one of the rare providers that offer a fully-featured VPN client, you probably will suffer various IP leaks until you setup an iptables firewall to prevent them.

Get Faster VPN Speeds

When it comes to internet speeds, faster is always better! Unfortunately, a VPN will slow down your internet connection.

This is primarily due to the fact that diverting your internet traffic through a VPN adds extra distance for the data to travel, and that encrypting/decrypting data takes processor time. Many VPNs will slow your internet down dramatically.

Some VPN providers, however, have invested heavily in good infrastructure. Usually, this means fast servers, though some providers even have their own network infrastructure.

With such a service and connected to a nearby VPN server, you can expect to enjoy 85%+ of your normal connections speeds when using the VPN. Note that the further away the server you connect to, the slower your internet will be.

On the other hand, if you wish to access services from specific locations you should connect to a VPN server as close as possible to that location for maximum possible speeds.

Are VPNs for Linux safe?

The first thing to think about is what you mean by “safe” – safe from whom?

Outside Russia, using a VPN is legal pretty much everywhere. VPNs are routinely used by businesses to secure their resources, so using one is in no way considered “suspicious.”

Although your ISP can no longer see what you get up to online, your VPN provider can. If privacy is important to you, it is therefore important to choose a VPN service for your Linux PC that keeps no logs that can be used to trace your internet activity back to you. For more discussion on this subject please see 5 Best No Logs VPNs.

As already noted, a VPN will keep you safe from snooping by your ISP or government, safe from WiFi hackers, and safe from copyright holders when torrenting.

Do please be aware, however, that great as they are, VPNs are not a one-stop privacy and security solution for your Linux system. Think of them instead as a vital tool in your online privacy and security toolkit.

Other important tools include good Linux antivirus software, browser add-ons that prevent websites from tracking you, and a good two-way firewall. Please check out The Ultimate Online Privacy Guide for lots of useful information and handy links on this subject. If you are worried about your Linux VPN connection being hacked by criminals or the NSA, it is also important to choose a strong VPN protocol…

Best VPN Protocols for Linux

A VPN protocol is the set of instructions used to negotiate a secure encrypted connection between two computers. A number of such VPN protocols are commonly supported by commercial VPNs. The most notable of these are Point-to-Point Tunneling Protocol (PPTP), OpenVPN, Layer 2 Tunneling Protocol (L2TP) and Internet Key Exchange version 2 (IKEv2).

PPTP

This is an old VPN protocol that hasn’t been considered secure for years and should therefore be avoided.

L2TP

This is usually implemented with the Internet Protocol Security (IPsec) authentication suite (L2TP/IPsec). It is most certainly not secure against the NSA, but for most purposes is generally regarded as being secure if openly published pre-shared keys aren’t used.

OpenVPN

This open source and now fully audited protocol is widely regarded as the most secure and versatile VPN protocol available (if well implemented). My general recommendation is to use an OpenVPN network whenever possible. Be wary, however, about the much-advertised use of AES-256. This is indeed a gold-standard cipher, but it is in itself fairly meaningless, as the devil is in the detail.

For more information on this subject please check out VPN Encryption: The Complete Guide, which is designed to be as layman-friendly as possible

Conclusion

Any VPN service should be able to work with Linux, and most provide good manual setup guides for doing so. Linux supports the PPTP and L2TP protocols, but I strongly recommend using an OpenVPN network instead.

The official OpenVPN client for Linux is good, but to ensure no do not leak your real IP address, it is important to also use and correctly configure iptables. This is especially true if using OpenVPN via NetworkManager. This should be no great effort for most Linux users, though, who are used to a certain lack of hand-holding!

Alternatively, AirVPN and Mullvad offer open source Linux clients that have all the bells and whistles of their Windows and MacOS siblings, including IP leak protection and kill switches.