5 Best Linux VPN Services for 2017

Douglas Crawford

Douglas Crawford

June 15, 2017

Windows sends a great deal of personal information back to Microsoft, and Mac OSX/MacOS is little better. On top of this, both Microsoft and Apple have cooperated closely with the NSA in the past to spy on their customers. Credible rumors also persist that both Windows and OSX have been backdoored by the NSA.

The Best VPNs for Linux

  1. AirVPN
  2. NordVPN
  3. Mullvad
  4. ExpressVPN
  5. CyberGhost

Anyone who is serious about their privacy should therefore use Linux as their desktop operating system instead. Linux is a free and open source Operating System. This means that its code can be inspected to detect tampering. Although not perfect, open source is not just the best, but the only way to have confidence that your software will not spy on you.

Given that Linux is the OS of choice for anyone serious about privacy, it comes as little surprise that the OS is much better supported by VPN providers than its user-base might suggest.

Most providers offer setup guides for manually configuring their service for Linux, but this means missing out on important features offered by custom clients – most notably kill switches and DNS leak protection.

Best VPNs for Linux Summary

Rank Company Score Price Link
1
Read Review
4.82 / monthVisit Site
2
Read Review
3.29 / monthVisit Site
3
Read Review
5.50 / monthVisit Site
4
Read Review
8.32 / monthVisit Site
5
Read Review
2.90 / monthVisit Site
Editor's Choice Award

Winner

AirVPN

5/5

Best Linux VPN

  • ProsPROS
  • Linux client (full GUI) with DNS leak protection and kill switch
  • No logs (at all)
  • VPN through Tor
  • Accepts Bitcoin
  • P2P: yes
  • ConsCONS
  • Techiness puts people off
  • Customer support could be better
  • Limited number of servers worldwide

Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not a hit with the average VPN user. This is a big shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.

This means that users benefit from a firewall-based kill switch and DNS leak protection, port selection, and more. And as always, AirVPN uses very strong encryption, permits VPN obfuscation using SSH and SSL tunneling, supports anonymous Linux VPN use via VPN through Tor, and allows port forwarding.

Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels, 3-day free trial, 3 simultaneous connections.

Get the Best VPN for Linux now!

Visit AirVPN »

Three-day free trial

2nd place

NordVPN

4.6/5

NordVPN

  • ProsPROS
  • Based in Panama
  • Six simultaneous connections
  • Servers in 61+ countries
  • P2P: yes
  • ConsCONS
  • Issues with support
  • Some servers can be a little slow

NordVPN is a great VPN for Linux for the privacy fanatics out there. Its location in Panama already promises enhanced security, and is only enhanced by its no-logs policy, tough military-grade encryption, and features such as Tor over VPN and an in-App killswitch.

NordVPN is not only for Linux users focused on security. It boasts other excellent perks such as servers in 58+ countries, allowing P2P, six simultaneous connections, and great speeds. Better yet, you can give it all a go without committing thanks to the provider’s 30-day money-back guarantee.

Visit NordVPN »


3rd place

Mullvad

4.2/5

Mullvad

  • ProsPROS
  • Linux client (full GUI) with internet kill switch, DNS leak protection & IPv6 routing
  • No logs (at all)
  • Accepts Bitcoin and cash
  • Three simultaneous connections
  • Three-hour free trial
  • ConsCONS
  • Average performance
  • Limited number of servers

Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).

It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in only a very limited number locations in Europe and the US (with no UK server).

Additional features: Port forwarding.

Visit Mullvad »


4th place

ExpressVPN

4/5

ExpressVPN

  • ProsPROS
  • Linux client (command line)
  • No usage logs
  • 30-day money back guarantee
  • Three simultaneous connections
  • Servers in 78 countries
  • ConsCONS
  • Connection logs
  • A bit pricey

ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.

Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use. The Ubuntu 64-bit version works just fine for my Mint.

Update: The ExpressVPN Linux client now features DNS leak protection.

Additional features: “Stealth” servers in Hong Kong, free SmartDNS, DNS leak protection.

Visit ExpressVPN »


5th place

CyberGhost

3.7/5

CyberGhost

  • ProsPROS
  • Keeps no usage logs
  • Very fast
  • Five simultaneous connections
  • 30-day money-back refund
  • ConsCONS
  • Keeps some connection logs

CyberGhost rounds up our list of the best VPNs for Linux. CyberGhost is a popular Romanian provider known for its stylish provider and intuitive use. Just because it’s easy to use doesn’t mean that it’s any less secure – it boasts excellent security features such as military-grade encryption, a kill switch, and perfect forward secrecy.

Other attractive features of CyberGhost include its five simultaneous connections, fast speeds, and allowing P2P. What’s more, you can experience all these and more for yourself by taking advantage of the provider’s 30-day money-back guarantee.

Visit CyberGhost »


VPNs for Linux Distros Considerations

Linux Distros

There are currently over 250 Linux distros (versions) available. User-friendly distros such as Ubuntu and Mint make a good introduction to Linux for newbies.

Although not as secure and/or private as the likes of Tails or Qubes, these are still much more secure and privacy-friendly than Windows or Mac OSX/MacOS.

Both Ubuntu and Mint are based on Debian, and many people in the privacy community consider baseline Debian to be a good compromise between user-friendliness and privacy/security.

A few years ago Ubuntu angered many in the privacy community by introducing Amazon ads and related spyware. Since Ubuntu 16.04 LTS, however, these have been disabled by default. Although some bad will still exists over the issue, this means that Ubuntu is yet again an acceptable choice when it comes to picking an OS that respects your privacy.

If you are willing to sacrifice a little convenience in the name of privacy, then check out my article on Linux distributions built for security and anonymity.

Custom Linux VPN clients

Most providers offer setup guides for manually configuring their services for Linux. This is fine, but means missing out on important features offered by custom clients. The most notable of these are kill switches and DNS leak protection.

AirVPN in Linux

At present the only VPN providers I know of to offer Linux clients with the full range of features typically found in Widows and MacOS software are AirVPN and Mullvad.

Mullvad Linux 2

ExpressVPN also offers a custom Linux client, but it is command-line only and is not as fully-featured.

ExpressVPN 2

The Linux OpenVPN client

The official open source OpenVPN client for Linux works well, but in order to ensure no ip leaks occur you should configure iptables. Such iptable firewall rules also act as a kill switch.

OpenVPN can be run using either NetworkManager GUI or directly via Terminal. NetworkManager is easier, but it sometimes kills the OpenVPN connection if the network is disrupted.

It is therefore particularly important to setup iptables to prevent leaks when using NetworkManager. IVPN has an excellent tutorial for doing this here.

Linux Live CD/DVD/USB

Most Linux distros can be booted and run directly from a Live CD/ DVD, and / or a LiveUSB stick. This allows you to try out the distro without installing it on your PC. It is a great way to try out different Linux Operating Systems in order to find one that suits you best.

Linux Live distros are also great for privacy and security. Indeed, distros built specially with security and privacy in mind are designed primarily run in “Live” mode only. This is because Live distros, by default, do not save any data locally except in temporary RAM.

This means that when the PC is turned off/rebooted, no trace of the OS, or anything you did on it, remains. For the same reason, Live distros are also pretty much immune to malware attacks.

Note that less secure Live distros may request permission to store data on local drives. This can be handy, but removes many of the security and privacy advantages of using a Live CD/DVD/USB.

VPN inside a Linux Virtual Machine

Another popular way to run Linux is inside a Virtual Machine (VM). The fact that many versions of Linux are very resource-light lends them to this. In the context of VPNs, running Linux inside a VM opens up a couple of interesting possibilities.

Double-hop VPN

Under this setup you connect to one VPN server in your primary OS (VPN 1), and another in your VM (VPN 2). This creates a “double-hop VPN” if you surf the internet from inside the Virtual Machine.

Primary OS -> VPN 1 -> Virtual Machine -> VPN 2 -> Internet

These VPN servers can be run by the same VPN provider, or by different ones. Please see my article on Chaining VPN servers for a full discussion on this subject.

Chaining VPN servers

Here we can see double-hop VPN using a Linux VM in action

It is probably worth noting that if you do not install a VPN inside the VM (or use Tor), your outfacing IP address with be the same inside the VM as for your primary OS. So if you use a VPN in your primary OS, it will also protect internet connections inside the Virtual Machine.

Split-tunneling

Split-tunneling allows you to access some websites using a VPN, and some websites without. Using Linux inside a VM is one way to do this. Simply install and run a VPN inside the Virtual Machine, and ta-da!

Websites accessed from within the VM will be protected by the VPN, while those accessed via your primary OS (or another VM) won’t be

Setting up OpenVPN in Linux (Uisng NetworkManager in Ubuntu)

1. Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:

sudo apt-get install network-manager-openvpn openvpn

2. Restart the NetworkManager. This can be done by restarting Ubuntu or logging out and in again, but the easiest way is to enter the following at the Terminal command prompt:

sudo restart network-manager

3. Download the VPN provider’s OpenVPN configuration guides, and Extract them to a convenient location.

ub 13

4. Open Network Manager and click VPN Connections -> Configure VPN…

ub 4

5. Click on ‘Add’.

ub 15

6. Select ‘OpenVPN’ from the drop-down menu and click ‘Create…’

ub 6

8. Ensure the ‘VPN’ tab is selected, and enter the VPN server address supplied by your provider in the ‘Gateway’ field. Under ‘Authentication’, select ‘Password’ from the dropdown ‘Type’ menu and enter your account details. Then Click on the ‘CA Certificate Field’ and navigate to the .crt file at the location you unzipped the OpenVPN config files to in Step 2. Click on ‘Advanced’…

ub 9

9. Check ‘Use LZO data compression’ (note that is step may not be required, or may require different settings depending on your VPN provider). Click ‘OK’ and ‘Save’, and setup is complete!

ub 10

10. To start the VPN connection, simply go to NetworkManager -> VPN Connections -> your connection

ub 11

11. You are now connected! Notice that the NetworkManager taskbar icon now has a tiny padlock on the bottom right to let you know the VPN connection is active. Now also configure iptables in order to prevent any ip leaks. Doimng so also acts as a kill switch.

Conclusion

Any VPN service should be able to work with Linux, and most provide good manual setup guides for doing so. Linux supports the PPTP and L2TP protocols, but I strongly recommend using OpenVPN intread.

The official OpenVPN client is good, but to ensure no IP leaks occur it is important to also use and correctly configure iptables. This is especially true if using OpenVPN via NetworkManager. This should be no great effort for most Linux users, though, who are used to a certain lack of hand-holding!

Alternatively, AirVPN and Mullvad offer open source Linux clients that have all the bells and whistles of their Windows and MacOS siblings, including IP leak protection and kill switches.

Best VPN for your Linux OS Summary

Rank Company Score Price Link
1
Read Review
4.82 / month Visit Site
2
Read Review
3.29 / month Visit Site
3
Read Review
5.50 / month Visit Site
4
Read Review
8.32 / month Visit Site
5
Read Review
2.90 / month Visit Site
Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

16 responses to “5 Best Linux VPN Services for 2017

  1. Hi Douglas,

    I was wondering would you be open to increasing the number in the definition of best because to be quite honest I think you’re being extremely unfair to some other VPN Service Providers that are just as as good if not better and most certainly work just as hard as the others into devlivery a brillaint client for their current customers and to newcomers that are looking for a proprietery Linux client that offer similar if not exactly the same functionality and security overall in contrast to their client on other OS’s.

    Further more, I think if you were to at least restrict it a top 9 or 14 it would make sense though you may still be unfair to a some toher but it would be understanding in terms of the effort you put into research and the actually credibilty behind the term, ‘best’. I say this because having got some brillaint suggestions for you related to your website, I was further surprised you didn’t come across Proxy.sh as one to list in this page and other pages and wish you’d include it in your list if you take one of my suggestions by increasing the number of ‘best’ providers.

    I wish to enagage in further discussions with you relating to this and similar things as well as particular project, you may be interested in.

    I’ll look foward to your reply.

    Regards

    1. Hi Count,

      We have restrictive out lists to “5 Best” because we feel that most visitors will bet bored reading through even longer lists. Of course such lists are not exclusive, and there are many other fine providers out there. We have a Proxy.sh Review, but it is, admittedly, very old and badly in need of updating.

  2. proprietary software & hardware “component” = gps activation/module ?

    Do not let’s forget that the industry answers to the request of their clients & customers and if the gps is often a hardware feature or an electronic component it could be also a function, some lines of codes, a micro_module inserted/embedded inside the gpu:cpu (topics about that were posted long years ago but seem to have been erased since from the web) and , even if a commercial project makes money with a proprietary software ; it can be run using free soft/gratis.

    ^ blue-tooth are often (if not always) gps embedded and a chipset-processor function / built-in Global Positioning System.
    ^ Phones with Qualcomm X12 modems use Qualcomm transceiver chips, and those using the Intel XMM 7360 use Intel’s transceivers.
    ^ Quad-band GSM/GPRS module with embedded Bluetooth module and embedded cell tower locator.

    – Dell latitude 10 : integrated Broadcom GNSS Receiver BCM47511 (GPS,Glonass…).
    driver from Lenovo (which makes Broadcom GNSS work properly)
    – Rugged Extreme laptops
    – Dell Latitude E6500

    + http://www.curiousmentality.co.uk/2009/06/using-the-dell-latitude-e6400-built-in-gps/
    + https://www-ssl.intel.com/content/www/us/en/mobile/modem-solutions.html
    + http://forums.appleinsider.com/discussion/194666/low-end-intel-kaby-lake-processors-detailed-macbook-pro-version-absent
    [Intel can build both Apple’s processors in it’s 10nm fab. Intel can also help build integrated A-processor CPU/GPU/Wifi/LTE.BT/GPS/etc on single chip like this news — Samsung launches first Exynos chip with all radios built in( to handle LTE, FM, Bluetooth, WiFi and GPS.]

    *uninstall telnet
    *replace their dns by your dns
    *read vpn-reviews

    # i wonder why the vpn provider have missed the target of the sub-note (10°) and why you have not test their hardware performance/security/privacy : ikit(in the palm of a hand) : storex(in a pocket) : asus/hp(in a bag) … seem to be a quick & discreet way to be connected through vpn.
    # i should wish they improve their product with a good network card and a safe cpu (i do not like the wifi:blue-tooth).

  3. > Perhaps
    Depending on the brand & the serie & the country where your computer/laptop/subnote is coming from … some vulnerabilities/feature_malware/backdoor_system management/hijacking_bios/rootkit/gps embedded could be an option and enabled or could be slept as a ‘suspend’ service.)
    # the price includes all the improvement.

    ibm (Thinkpad) & dell (Latitude) are famous for their bizare configuration …
    #are there ingeniors working in their team ?

    A lot of clones are strange (quality/price are good) – (acer/hp/iKit/storex)
    # who have reviewed it with privacy in mind ?

    Is coreduo a danger ?
    # no, it is not but a lot of misinformation & brain washing -propaganda- are confusing the user and it is not fair. The user wants to be independant/autonomous owner of his tool.

    https://security.stackexchange.com/questions/50907/are-there-gps-tracker-for-laptops
    https://stackoverflow.com/questions/15702355/what-is-the-difference-between-the-firmware-and-the-operating-system

    Some laptops and netbooks are GPS-enabled and provide navigational information while on the go.
    gps-backdoor/remote coontrol :
    -rtc & gps & WebRTC
    -firmware & battery
    -anti-theft/Data Protection
    -builtin GPS in a mini-pci card + SIM
    -A full array of wireless communications options come built in: 802.11n Wi-Fi, Bluetooth, WWAN, and even GPS (2008)
    -Trusted Platform Module
    -Internal GPS fitted to Tablets and laptops.
    Computer peripheral devices :
    Devices connecting to the computer via USB, Bluetooth or expansion slots (sd card/card reader e.g.) allow the computer to utilize the GPS system.

    *wake on lan must be turned off , the browser must be tweaked a little , you must also -if you are paranoid- unplug your internet cable from your computer when it is not in use.

    *sparsky vs ubuntu ? both are built from unstable debian version and both are fun, user friendly, etc.
    unstable means untrust.

    1. Hi malik,

      Re. GPS. I am not disputing that it exists in some laptops, but (as I understand it) this is an additional hardware module, not part of the Intel processor. I would also think that to work it would require propriety software – something that would be removed if you install a Linux distro instead of the software the laptop ships with.

  4. some mistakes :
    * https://www.anonymousvpn.eu/ is not https://www.anonymousvpn.org/
    * Actually there are vulnerability in all Intel CPUs (skylab backdoor + IME + joint-venture + gps)
    * Actually there are vulnerability in all ubuntu version (ubuntu 16.04 backdoor + policy of the o.s/soft)
    * Ubuntu is shunned for spying (free software foundation). The latest stable release is Ubuntu (GNOME_3.20) 16.10 _ many apps have been updated to their GNOME 3.22 versions.
    * unity was one of the ubuntu backdoor known like ime is one of the intel backdoor known ; another “bugs” are present and hidden by the discover of unity/ime.
    * Tor has a blog where the comments are censored and where the posts are rarely opened for discusion – tweet mode –

    1. Hi aka_meli,

      – My mistake. I am not aware of https://www.anonymousvpn.eu/.
      – As already noted, I am fully aware of the IME backdoor in all Intel chips more recent than 2006. I am not, however, aware of the other vulnerabilities you mention, and a quick search is not helping me. Perhaps you could explain (although I’m prettey sure that at least most Intel chips do not contain a GPS component)?
      – Ubuntu was widely shunned because of a feature of the Unity desktop environment called Dash, a unified search bar that allows users to search for apps, documents, music, and other data locally, as well as to perform searches on the internet. Thing is, though, that in its desire to monetize what is a free OS, developer Canonical Lmt., has struck a deal with the devil Amazon. All search queries are also sent to Amazon, and you will then be shown ads for Amazon products relating to your search terms! Even worse, these highly intrusive ads load in a very insecure way that can allow hackers to spy searches.

      This “feature” could be disabled, but if Ubuntu has switched to the Gnome desktop (something I was not aware of), this should no longer be an issue.

  5. > “vpn is an option with tor.”
    > ubuntu must be avoided
    2017/january/
    – Ubuntu : avoided / backdoor inside the O.S and the new intel ship contains also one (cf : richard stallman conference)
    – Ubuntu & derivative are user-friendly & fun but not at all designed with security/anonimity/privacy in mind.
    – {tor + vpn} are options in serious discussions in different place/time : advantages vs cons.
    _+ In fact you must try & test and depending on your location, your usage, your habits and your vpn , the option 1° can be better than the option 2° but it is not supported by all vpn provider : Tor + vpn is rare ; most of users take the option 2° : vpn + Tor.
    note : Tor team recommend using TorBundle without vpn ; these options add a layer but it is not proven that it could be better without
    _+ Available does not never mean “updated” or “solid & validated by expert” – it is never the case :
    (e.g : https://www.anonymousvpn.eu/ = bad _ except maybe for usa guys living in the same state of the vpn provider/relays but who will trust an obscure service as anonimity/security tool again ?)).
    (e.g : tor in the depo = bad _ always download tor at the official site and check it with its official pgpkey.)

    1. Hi alikerom,

      – The main privacy worried in Ubuntu Unity can now be disabled. A more nuclear option is to replace the Unity desktop entirely. GNOME 3 (Ubuntu GNOME 15.10 is now available,) KDE, or Cinnamon are all good options.. For more information on this please see here.
      – The IME “backdoor” in all newer Intel chips is almost impossible to avoid (and all major alternative platforms have a similar issue). Please see this article for more details.
      – Please see 5 Best VPNs when using Tor for discussion o the pros and cons of using VPN through Tor and Tor through VPN.
      – This is true, but the very fact Open source / Source available code can be interdependently audited is the best protection we have.
      – Our reviewer (no longer with us) gave AnonymousVPN a real kicking in his review.

  6. – ubuntu is user-friendly but like said kalimero must be avoided for two important risks :
    1- it contains some backdoor
    2- it is built on the testing (unstable) version of debian

    – Using tor , a vpn is an option and that because tor needs to be run by all the users in the same way_configuration = without vpn , tor alone.

    – tor + vpn or vpn + tor is better according on my point of view but choose carefully the vpn provider.

    1. Hi Nigel,

      So… I downloaded the PIA Linux/Ubuntu software again (using Mint), and it does indeed have the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position. Thanks for bringing this to my attention. I have made a couple of edits in order to include this information.

    1. Hi kalimero,

      I’m afraid that I don’t really understand what you mean by “vpn is an option with tor.” It is certainly possible to use VPN and Tor together. Ubuntu did come bundled with adware/malware, but this has been made opt-in, so is much less of a concern.

Leave a Reply

Your email address will not be published. Required fields are marked *