best VPN Linux

Linux enthusiasts often find themselves overlooked in the realm of software options, and the situation is the same when it comes to VPN services. Let’s face it: Most companies and developers frequently relegate Linux users to the back burner. We saw this firsthand during the course of writing this article. After struggling to use one company’s Linux app, we contacted their support team, who admitted to knowing the app was broken. They were unable to provide any indication of when the app would be fixed — which isn’t a response that filled us with much confidence. Maybe Linux users don’t complain enough — having had it drilled into them that there are always workarounds.

The good news is that there are several VPN providers who do take Linux users seriously and have created apps that are both easy to use and effective. Some of these have a graphical user interface (GUI), while others are operated via the command line. In either case, the often tedious task of configuring VPN servers is gone. Instead, it’s simply a matter of downloading and installing an app. Using one of the providers in our list means you can enjoy a host of enhanced features and perks that generic VPNs can’t match.

If you just want the top recommendations, here’s our shortlist of the best VPNs for Linux:

  1. NordVPN: The best Linux VPN on the market. Fast, easy to install, and works with nine different Linux distros. Great for streaming and includes a 30-day money-back guarantee.
    TIP In our testing we found that the cheapest NordVPN plan (Standard) works perfectly for Linux.
  2. Surfshark: Our favorite low-cost VPN for Linux users. The Linux app has a full GUI that makes it incredible easy to use. Subscriptions allow you to secure every device you own simultaneously.
  3. ExpressVPN: Fast speeds and works with six Linux distros. Unblocks a range of secure streaming sites, and uses powerful security.
  4. Private Internet Access: Open-source Linux apps with a full GUI. Allows unlimited simultaneous device connections and works with five Linux distros.
  5. PureVPN: Great value VPN for long-term subscriptions. Linux apps have a GUI and a CLI option. Servers available in 66+ countries
  6. ProtonVPN: Open-source app with a GUI. Lots of features, including port forwarding. Strong on privacy and security.
Get NordVPN - the #1 VPN for Linux
Warning

Many VPNs claim to protect your privacy and offer a fast, reliable connection but most (especially free VPNs) limit your connection speed or leak information.

We regularly test the top 70 VPNs for security and speed and this list only includes VPNs which are fast, reliable and are highly rated for privacy and security. Plus we only recommend VPNs which offer a full-money back guarantee allowing you to try them risk free.

WANT TO TRY THE TOP VPN RISK FREE?

NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for Linux, free from any limitations, for a monthgreat if you want to try all of the service's features out or yourself before coming to a decision.

There's no catchjust contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.

Our criteria for the best Linux VPNs

VPN providers aren’t particularly helpful in describing their Linux apps. We were surprised how loose the definition of ‘easy’ — as in ‘easy to use’ — seems to be. While some apps could be completely set up and understood in a minute or two, others took concerted effort simply to change server location.

We were interested in how the apps performed in several areas, which we’ve summarized below. These will all make a real difference to your experience, so need to be fully explored. You can read more about our extensive testing methodology and take a look at the data for yourself later in the article. In a nutshell, here’s what we look for:

  • Linux suitability: We scored each provider’s suitability for Linux based on whether their app had a GUI, how many distros it was available for, and how many protocols it supported.
  • Global network speed: We wanted to gauge how fast download speeds were when using each VPN compared to our base connection speed. We conducted multiple speed tests while connected to servers in three different countries and created an overall score based on the results.
  • Security & privacy: We scored providers against 15 different security and privacy criteria. These included whether activity logs were retained, whether private DNS servers were used and whether the apps included a kill switch.
  • Streaming: To find out which VPNs were best for streaming, we scored them on nine different metrics. These included whether they offered a smart DNS service and whether they worked in highly restrictive countries.
  • Value for money: We used eight different criteria to create an overall value for money score. These included their connection limits, subscription terms, and lowest price.

Best VPNs for Linux: a snapshot of features

No valueNordVPNSurfsharkExpressVPNPrivate Internet AccessPureVPNProton VPN
WebsiteNordVPN.comSurfshark.comExpressVPN.comPrivateInternetAccess.comPureVPN.comprotonvpn.com
Ranking for Linux:123456
Server countries1111001059170+85+
VPN protocolsOpenVPN, NordLynxOpenVPN, WireGuardOpenVPN, Lightway, IKEv2WireGuard, OpenVPN, IPSec on iOSIKEv2, OpenVPN, WireguardOpenVPN, Smart Protocol (Windows only), WireGuard
Simultaneous Connections10Unlimited8Unlimited10Free: 1, VPN Plus: 10
Total number of servers6,000+3,200UndisclosedUndisclosed6,500+3,800
Best deal (per month)$3.09
Up to 73% off 2 year plans + 3 EXTRA months
$2.19
Save 86% on a 2 year Starter plan + 3 months free
$6.67
SAVE: 49% + 3 months free
$2.19
SAVE 82% on the 2 yr plan
$2.14
82% off the 2-yr standard plan + 3 free months
$3.59
Up to 64% off a 2-year plan

The best Linux VPNs

These are the top VPNs for Linux that have a dedicated Linux app.

1. NordVPN

NordVPN Oct 2024

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

VPN Ratings:

Overall score: 9 / 10
Linux Suitability: 6.9 / 10
Global Network Speed: 10 / 10
Security & Privacy: 9.2 / 10
Streaming: 9.2 / 10
Value for Money: 9.5 / 10

Website:  www.NordVPN.com

Money-back guarantee: 30 DAYS

NordVPN has a dedicated command-line app that is far easier to set up and use than manually configuring servers. It works with more distros than any other app in our list and comes with most of the same great features you get on other operating systems, including an automated kill switch, ad blocker, and anti-malware filter. Supported distros include Ubuntu, Debian, Elementary OS, Linux Mint, Fedora, RHEL, CentOS, Qubes OS, and openSUSE.

If you still prefer doing things the old-fashioned way, Nord boasts an extensive user base of tutorials, including detailed Linux setup instructions for OpenVPN, IKEv2, and PPTP protocols.

Installing the app is easy. For Debian-based distros, simply enter:

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

Once installed, it’s just a matter of logging in and connecting to a NordVPN server.

NordVPN's Linux app.
It’s simple to login and connect to a NordVPN server via the CLI.

Entering the following lets NordVPN choose a server for you:

nordvpn connect

You can also choose a server in a specific city or country.

Changing NordVPN servers.
Switching between NordVPN servers based in different cities.

We tested the speed of NordVPN’s Linux app while connected to a server in three locations at three different times of day. We used a home broadband connection with an average download speed of 49.44 Mbps.

NordVPN download speeds while connected to servers in three different countries.

NordVPN’s speeds were excellent overall but most consistent when connected to a server in Japan. The average global download speed was 37.88 Mbps, representing a drop of 11.56 Mbps from our base connection speed. Even with this drop, NordVPN is still fast enough to stream HD content.

We were able to stream content from BBC iPlayer while connected to a UK server. NordVPN’s Linux app also worked with every other platform we tested, including Netflix, Amazon Prime Video, Hulu, Disney+, and Max.

If you want to see the VPN’s current settings, simply enter:

nordvpn settings

Each setting can be enabled or disabled in the terminal using the relevant command.

NordVPN settings.
Checking the status of the various app settings using the CLI.

For example, you can enable the kill switch by entering the following:

nordvpn set killswitch enabled

NordVPN’s Linux app comes with built-in leak protection, which we tested ourselves via browserleaks.com. We found no evidence of IP, DNS or WebRTC leaks while connected.

NordVPN IP leak test.
NordVPN didn’t leak our IPv4 or IPv6 addresses while connected.

Other NordVPN features include Meshnet, which allows you to create networks within which you can share files or remotely access other devices. An auto-connect feature ensures that your connection is protected from start-up, and threat protection helps block ads and malicious traffic.

NordVPN offers a range of specialty servers. Options include servers for P2P traffic, obfuscated servers for bypassing blocks in countries such as China, double VPN servers for an added layer of encryption, and Onion Over VPN servers for one-click access to the Tor network.

NordVPN Onion Over VPN.
Connecting to the Tor network using the NordVPN Linux app.

In addition to Linux, NordVPN apps are available for Windows, macOS, iOS, and Android. NordVPN allows up to 10 simultaneous device connections, which is more than enough for most people. If it’s not, the software is compatible with a range of routers. Configuring a router connection will protect every device on your network, including those that don’t support VPN apps natively.

NordVPN is based in Panama, which is beyond the reach of international intelligence-gathering alliances such as the Five Eyes. The company has an independently audited no-logs policy, which provides reassurance that your data isn’t being harvested while connected.

Buy this VPN if:

  • You want an easy-to-use Linux app that works with the most distros
  • You want fastest speeds
  • You want easy access to the Tor network
  • You value your privacy

Don’t buy this VPN if:

  • You want a full GUI

BEST VPN FOR LINUX:NordVPN is our #1 for Linux. Connects up to 10 devices simultaneously. Has impressive security, strong unblocking abilities, and the fastest speeds. Its 30-day money-back guarantee means you can try it out risk-free.

Read our full NordVPN review.

NordVPN Coupon
Up to 73% off 2 year plans + 3 EXTRA months
Get Deal >
Discount applied automatically

2. Surfshark

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

VPN Ratings:

Overall score: 8.6 / 10
Linux Suitability: 7.5 / 10
Global Network Speed: 7.6 / 10
Security & Privacy: 9.2 / 10
Streaming: 9.2 / 10
Value for Money: 9.7 / 10

Website:  www.Surfshark.com

Money-back guarantee: 30 DAYS

Surfshark has great value subscriptions and a Linux app that features a full GUI. The GUI makes life easier if you’re just getting started with Linux or don’t have the time (or inclination) to learn yet more commands. The app is currently available for Ubuntu, Mint, and Debian-based distros.

Once you’ve signed up, installing the app is easy. For debian-based distros, enter the following in a terminal:

curl -f https://downloads.surfshark.com/linux/debian-install.sh --output surfshark-install.sh 
cat surfshark-install.sh 
sh surfshark-install.sh

Once installed, Surfshark will appear in your list of apps.

Searching for the Surfshark app.
The Surfshark Linux app becomes available immediately after installation.

After that, it’s just a matter of logging in. You’re then presented with the Surfshark dashboard, which looks the same as you’d get if you were using a Windows or Apple machine.

The Surfshark dashboard.
The Surfshark dashboard will be familiar to anyone who’s used other Surfshark apps.

But how does it perform? We first wanted to know how fast download speeds were, so we connected to servers in three different countries at three different times of day and recorded the resulting speeds.

Tested download speeds using the Surfshark Linux app

Connection speeds were great overall, though the fastest in the UK. As we were connecting from the UK, this isn’t surprising.

A noticeable difference between the Surfshark app and the NordVPN app was that Surfshark was far slower at establishing a connection. Overall, speeds when connected were slower, too.

In addition to regular servers, Surfshark offers multi-hop servers and servers with static IP addresses. Static IP servers are located in Germany, Japan, the Netherlands, Singapore, the UK, and the US.

Other features include an ad, tracker and malware blocker, a kill switch, and auto-connect. Users can choose between the WireGuard, OpenVPN (TCP), and OpenVPN (UDP) protocols — or let Surfshark choose for them.

Surfshark connection protocols.
Users can choose the connection protocol or allow Surfshark to do it for them.

Note that the Linux app doesn’t have stealth mode or split tunneling. These are available with Surfshark’s other apps, so you’ll need to use a different operating system if, for example, you want to access the internet from China.

Surfshark is a great option for streaming, and it worked first time when we tried it with BBC iPlayer. It was also able to access Netflix, Hulu, Amazon Prime Video, and Disney+ when tested.

Streaming BBCiPlayer with Surfshark.
Watching BBCiPlayer while connected to a Surfshark server in the UK.

Privacy-wise, Surfshark has an independently audited no-logs policy. It uses strong encryption to protect user-generated traffic, and its apps come with built-in leak protection. We confirmed that the Linux app kept our IP address hidden by carrying out IP, DNS, and WebRTC leak tests while connected to a server in Albania.

Surfshark leak test results.
Surfshark didn’t leak our IPv4 or IPv6 address while connected.

In addition to its Linux app, Surfshark has dedicated apps for Windows, macOS, iOS, and Android. Users are allowed to connect as many devices as they want simultaneously, making Surfshark a solid choice for larger households.

Buy this VPN if:

  • You prefer interacting with a GUI rather than the the CLI
  • You plan to use a VPN with lots of devices at the same time
  • You’re on a budget

Don’t buy this VPN if:

  • You don’t like having to wait for connections to be established
  • You’re connecting from a country where VPN use is restricted

BEST BUDGET VPN:Surfshark is affordable, fast, and reliable. It provides a ton of security features and strong unblocking ability, as well as a 30-day money-back guarantee.

Read our full review of Surfshark.

Surfshark Coupon
Save 86% on a 2 year Starter plan + 3 months free
Get Deal >
Discount applied automatically

3. ExpressVPN

ExpressVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

VPN Ratings:

Overall score: 7.9 / 10
Linux Suitability: 6.6 / 10
Global Network Speed: 5.8 / 10
Security & Privacy: 9.6 / 10
Streaming: 9.2 / 10
Value for Money: 8.4 / 10

Website:  www.ExpressVPN.com

Money-back guarantee: 30 DAYS

ExpressVPN released its official Linux app in April 2016. It continues to run using a command-line interface rather than a GUI. That said, it’s pretty straightforward to use.

First, we downloaded the installer from the ExpressVPN set-up page. We then entered the following into a terminal:

cd Downloads
sudo dpkg -i expressvpn_3.72.0.0-1_amd64.deb
expressvpn activate

Once you’ve entered the requested activation code, you’re good to go. Entering “expressvpn connect” will automatically connect you to the fastest available server.

Connecting with ExpressVPN
Using the Smart Location feature.

Alternatively, you can choose a server. View the available options by entering:

expressvpn list all

This provides you with a list of the available locations within each country, together with an alias for each server.

ExpressVPN servers.
ExpressVPN server list.

So, for example, if you want to connect to a server in Woolloomooloo, you can simply enter “expressvpn connect auwo”. Connections are quick to establish, even when connecting to far-flung servers. You can see the process of choosing and connecting to a server in the video below.

[/ctech_youtube_link]

To test download speeds once connected, we performed a series of speed tests. We connected to servers in three locations at three different times of day and recorded the results.

Tested download speeds using the ExpressVPN Linux app

Download speeds were fastest when connected to a US server. However, the overall average download speed was 27.1 Mbps, which is a fair bit slower than our average base connection speed of 49.44 Mbps. Still, it’s fast enough for streaming in HD.

The ExpressVPN app worked great for streaming. We successfully used it to access BBC iPlayer, as well as Amazon Prime Video, Disney+, and Netflix.

Streaming BBC iPlayer.
Streaming BBC iPlayer using the ExpressVPN Linux app.

Options for tweaking the VPN settings include selecting a specific protocol. You can choose between Lightway—UDP, Lightway – TCP, OpenVPN—UDP, and OpenVPN -TCP. Lightway is ExpressVPN’s own protocol and will normally provide the fastest speeds. If you’d like to further configure your settings, you can choose whether to use AES encryption or ChaCha20.

There’s a kill switch and the ability to automatically block ads, trackers, and access to malicious sites. As you might expect, you can see all of the available options by running the “man” command.

ExpressVPN manual
Some commands from the ExpressVPN manual

The man page gives you some additional time-saving commands, such as “expressvpn list recent” which prints the last three recently connected VPN server locations.

Over the years, ExpressVPN has garnered a reputation for robust security and privacy. Part of this involves making sure that users’ IP addresses aren’t leaked while connected. We tested this ourselves using a series of IP, DNS and WebRTC leak tests while connected to a server in Malta.

ExpressVPN WebRTC leak test.
ExpressVPN passed the WebRTC leak test.

ExpressVPN has had its infrastructure and apps independently audited on multiple occasions. It adheres to a strict no-logs policy and all of its servers are RAM-only.

Overall, ExpressVPN’s Linux offering is slick and secure. The same can be said for its other apps, which are available for Windows, Android, iOS and macOS. There’s even an app for routers, so you can protect all of your devices in one hit.

Buy this VPN if:

  • You want an easy to use Linux app
  • You want to use a VPN with your router
  • You want the highest levels of security and privacy

Don’t buy this VPN if:

  • You’re looking for a budget service
  • You want a GUI

PRIVACY FIRST:ExpressVPN is a pleasure to use. It boasts a large and highly secure server network and establishes connections quickly. Plans come with a 30-day money-back guarantee.

Read our full review of ExpressVPN.

ExpressVPN Coupon
SAVE: 49% + 3 months free
Get Deal >
Coupon applied automatically

4. Private Internet Access

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

VPN Ratings:

Overall score: 7.7 / 10
Linux Suitability: 7.9 / 10
Global Network Speed: 5.2 / 10
Security & Privacy: 8.5 / 10
Streaming: 8.6 / 10
Value for Money: 8.4 / 10

Website:  www.PrivateInternetAccess.com

Money-back guarantee: 30 DAYS

Private Internet Access is one of the relatively rare providers to offer a full GUI with its Linux app. Rarer still is its decision to make the app open-source and to allow users to scrutinize the code. The app is available for a range of distros, including Ubuntu 20.04+ (LTS), Mint, Debian, Fedora, and Arch.

To get started, go to the PIA site and download the installer for your particular Linux distribution (we’re using Ubuntu 20.04 for this review). Open a terminal and navigate to Downloads, then run the installer file as illustrated below:

PIA app installation.
Installing the PIA app is very easy.

Once the app is installed, you’ll need to log in using your account credentials. PIA will then open automatically, presenting you with the same dashboard you’d get using a mainstream operating system like Windows or macOS.

PIA dashboard.
The PIA dashboard.

Clicking the big power button will automatically select a server for you and establish a connection. Alternatively, you can choose one yourself by clicking on the map or the arrow next to it. PIA has servers in 91 countries, so there are plenty of options available.

PIA country list.
Some of the countries where PIA has servers.

PIA is a great option for streaming and has optimized servers for just that purpose. We connected to a streaming-optimized server in the UK and successfully streamed BBC iPlayer, Channel 4, and ITVX—though not without some buffering.

Streaming using PIA.
Streaming BBC iPlayer while connected to a streaming optimized PIA server.

Connecting to a streaming-optimized server in the US means you can watch the US versions of Netflix and Amazon Prime Video. Streaming-optimized servers are also available in the Netherlands, Italy, Sweden, Germany, Finland, Denmark, Japan, Canada, and Australia.

Users can choose between the OpenVPN and WireGuard connection protocols as desired — WireGuard is typically the faster option. Available features include a kill switch; and ad, tracker and malware blocker; split tunneling. PIA is one of the few VPNs to offer port forwarding, which is great for any torrenters out there. Those who need to bypass VPN blocks can make use of the app’s built-in Shadowsocks and SOCKS5 proxies.

PIA multi-hop connections.
Using a proxy can help you bypass VPN restrictions.

To test PIA’s speed, we connected to servers in three different countries at three different times of day. Connection speeds were fastest in the US, and slowest while connected to a server in Japan. The average speed overall was 25.6 Mbps, which is roughly half the speed of our average base connection speed of 49.44 Mbps.

Tested download speeds using the PIA Linux app

PIA is adept at protecting its users’ privacy. It keeps no logs of user activity and has a Tier-1 server network that is RAM-only. We confirmed that the Linux app didn’t leak our IP address by carrying out a series of IP, DNS and WebRTC leak tests.

PIA IP leak test.
PIA didn’t leak our IP address while connected to a US server.

PIA offers rolling monthly contracts, one-year subscriptions, and three-year subscriptions. The long-term plan offers the best value for money. All plans include unlimited device connections, making PIA a good choice for sharing.

Apps are available for Windows, macOS, Android, iOS, Amazon Fire TV, and, of course, Linux. The PIA Linux app is undoubtedly impressive and it’s particularly nice that the company has put the effort into ensuring that the app has the same features as its other apps. It’s great at accessing streaming platforms and ostensibly great for torrenting. However, it’s relatively slow compared to other providers which could make streaming and torrenting a little frustrating.

Buy this VPN if:

  • You want lots of features — such as port forwarding
  • You want a slick GUI
  • You want access to lots of streaming platforms

Don’t buy this VPN if:

  • You want a VPN that isn’t US-based
  • You want fast connection speeds

SECURE UNLIMITED DEVICES:Private Internet Access is easy to use with Linux thanks to its GUI app. Connect to servers in 91 countries and access multiple streaming platforms. Allows unlimited device connections and has a 30-day money-back guarantee.

Read our full Private Internet Access review.

Private Internet Access Coupon
SAVE 82% on the 2 yr plan
Get Deal >
Discount applied automatically

5. PureVPN

PureVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

VPN Ratings:

Overall score: 7.2 / 10
Linux Suitability: 5.1 / 10
Global Network Speed: 6.5 / 10
Security & Privacy: 9.2 / 10
Streaming: 7.3 / 10
Value for Money: 8.1 / 10

Website:  www.PureVPN.com

Money-back guarantee: 31 DAYS

PureVPN caters for Linux users who prefer to work in the command line, as well as those who prefer the convenience of a GUI. We’re big fans of convenience, so we’ll be reviewing the GUI version here.

To get started, sign in to your PureVPN account and download the PureVPN for Linux GUI file (or copy the CLI command if you’d rather).

PureVPN Linux downloads.
PureVPN has two options for Linux.

To install the app, open a terminal, got to Downloads and enter:

The PureVPN app will then appear alongside all of your other apps. Opening it up takes you to the PureVPN dashboard, which is even sparser than the provider’s other already minimalist apps.

PureVPN dashboard.
The PureVPN dashboard for the Linux app.

Clicking the button in the middle connects you to the fastest available server. You can choose your own by opening up the Locations menu on the left. There are 66 countries to choose from in total.

PureVPN's location list.
PureVPN has servers in 66 countries.

We were impressed by how quickly connections were established. However, download speeds fluctuated quite widely. We tested these by connecting to servers in three different countries at three different times of day. Sometimes, download speeds were fairly near our base connection speed without a VPN. At other times, they were fairly slow.

Tested download speeds using the PureVPN Linux app

We tried connecting to a UK server to see if we could access UK-based streaming platforms. We were successful with BBC iPlayer, ITVX and Channel 4.

Streaming with PureVPN.
Streaming BBC iPlayer while connected to a PureVPN UK server.

We were also able to access a range of other streaming platforms while connected to PureVPN — most notably Netflix and Amazon Prime Video.

Compared with some of the other providers in our list, the PureVPN Linux app is relatively featureless. There’s auto-connect on start-up, a choice between the OpenVPN and WireGuard protocols, and a kill switch. There’s no obfuscation, no split tunneling, no port forwarding, and no multi-hop options.

What PureVPN does have is a no-logs policy that’s been independently audited several times. It uses strong encryption to protect user-generated traffic, and its app has built-in leak protection. We confirmed that our IP address remained hidden while connected by performing a series of IP, DNS, and WebRTC leak tests.

PureVPN IP leak test.
PureVPN didn’t leak our IP address while connected to one of its servers.

PureVPN has one of the longest subscription periods available in its five-year offering. This makes it a good option for those who prefer to lock into a good deal rather than shopping around every year or two.

If you just want a VPN that quietly runs in the background while you go about your business, then PureVPN’s Linux app might be for you. It’s easy to install, quick to connect, and generally hassle-free.

Buy this VPN if:

  • You want a VPN that’s very easy to install and use
  • You want a cheap long-term subscription

Don’t buy this VPN if:

  • You want fast speeds for streaming
  • You want an app with lots of features

LOW COST:PureVPN lets Linux-users get online privacy and security at a rock-bottom price point. Users get access to a no-logs policy, AES encryption, a killswitch, and DNS leak protection. Live chat support is available and it has a 31-day money-back guarantee.

Find out more in our PureVPN review.

PureVPN Coupon
82% off the 2-yr standard plan + 3 free months
Get Deal >
Discount applied automatically

6. ProtonVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

VPN Ratings:

Overall score: 7 / 10
Linux Suitability: 7.4 / 10
Global Network Speed: 5.9 / 10
Security & Privacy: 7.8 / 10
Streaming: 6.7 / 10
Value for Money: 7.4 / 10

Website:  www.protonvpn.com

Money-back guarantee: 30 DAYS

ProtonVPN is highly advanced and packed with features. Best of all, it has a full GUI Linux app for Ubuntu, Debian, or Fedora. The VPN may also work with other distros, but they aren’t officially supported. We used it with the Debian-based Kali Linux.

To access the app, you need to download the repository configuration and keys:

wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3-3_all.deb

And then the repository containing the app:

sudo dpkg -i ./protonvpn-stable-release_1.0.3-3_all.deb && sudo apt update

Finally, install the app by entering:

sudo apt install proton-vpn-gnome-desktop

The ProtonVPN app will now appear in your list of apps. Before you get to the app properly, you’ll need to enter the username and password for your account. Following authentication, you’ll be presented with the ProtonVPN dashboard.

ProtonVPN dashboard.
The ProtonVPN dashboard for the Linux app.

Unlike the dashboard of its Windows or macOS apps, the dashboard for ProtonVPN’s Linux app initially appears to consist of little more than a list of server locations. However, clicking the down arrow in the top-left corner brings up all of the available options. This includes the settings menu, which gives you the chance to enable– or disable — the ad, malware and tracker blocker; the kill switch, and the VPN Accelerator.

ProtonVPN settings.
ProtonVPN has lots of settings to play with.

ProtonVPN is one of the few VPNs to offer port forwarding, making it a great choice for torrenters. Gamers will appreciate the opportunity to create direct connections by enabling the Moderate NAT feature. More generally, there’s an auto-connect feature and the option to pin servers to the system tray.

Note that the only connection protocols available are OpenVPN (TCP) and OpenVPN (UDP). The lightweight WireGuard protocol is noticeably absent from the ProtonVPN Linux app.

We wanted to know what kind of speeds were possible using the app on a regular home broadband connection, so we performed tests at three different times of day while connected to servers in three different countries.

As with some other providers in this list, the download speeds fluctuated widely. For example, while connected to a UK server our download speeds varied between 12.29 Mbps and 41.64 Mbps. If you’re experiencing slow speeds its always worth switching servers. ProtonVPN has plenty of options in countries such as the UK, US and Japan.

Tested download speeds using the Proton VPN Linux app

Provided you’re connected to a server with decent speeds, ProtonVPN works well at accessing a range of streaming platforms. While connected to a server in the UK, we were able to watch BBC iPlayer, ITVX, and Channel 4.

Accessing BBCiPlayer.
Streaming BBCiPlayer using ProtonVPN

The app also worked with the US content libraries for Amazon Prime Video and Netflix, though we did experience some buffering.

ProtonVPN has a reputation for privacy and security, and this extends to its Linux app. It protects user-generated traffic with AES-256 encryption and has an independently audited no-logs policy. We confirmed that ProtonVPN kept our true IP address hidden by connecting to a server in Austria and conducting IP, DNS, and WebRTC leak tests.

ProtonVPN IP leak test.
ProtonVPN didn’t leak our UK IP address while connected to a server in Austria.

Proton is based in Switzerland, a country with strong privacy laws and no mandatory data retention directives. Its apps are all open-source, with the code available for inspection by the public. Supported platforms include Linux, Windows, macOS, iOS, and Android.

Buy this VPN if:

  • You want features such as port forwarding
  • You want to support a privacy-focused company
  • You prefer to use a GUI

Don’t buy this VPN if:

  • You’re on a tight budget
  • You want consistently fast speeds

ADVANCED AND SECURE:ProtonVPN is a highly advanced and reliable VPN that is packed with useful privacy and security features. It works with most major streaming platforms and offers lightning-fast speeds. Torrenting-optimized servers are available globally, and it is one of the few VPNs with port forwarding. 30-day money-back guarantee.

Read our full ProtonVPN review.

ProtonVPN Coupon
Up to 64% off a 2-year plan
Get Deal >
Coupon applied automatically

Our methodology: finding the best VPNs for Linux

Before recommending anything, we were interested in finding out how each VPN provider’s Linux app performed in several key areas. Testing was carried out on virtual machines running Kali Linux and Ubuntu. As a side note, if you ever need (or want) to try out a different operating system, the Oracle VM VirtualBox software is free, open-source, and easy to use.

Linux suitability

To gauge how suitable a particular provider was for Linux, we first scored them according to whether their apps had a GUI or were command-line only. In our experience, most people prefer a GUI if one is available.

Next, we scored them according to how many distros they supported and how many protocols were available. Finally, one of our resident experts weighed in with their own score for each provider.

VPN providerGUI? (yes = 10, no = 0)Number of Linux distros supported?Number of Linux distros - score out of 10Number of protocols supported?Number of protocols - score out of 10Reviewer ratingLinux suitability: OVERALL SCORE
NordVPN0910.037.59.96.9
Surfshark1033.337.597.5
ExpressVPN066.74109.66.6
PIA (Private Internet Access)1055.637.58.37.8
PureVPN1022.208.25.1
Proton VPN1033.337.58.67.4

Combining the above gave us an overall score for each provider’s suitability for Linux. You can see how they compare in the chart below.

Chart showing the overall Linux suitability score for each VPN provider

The providers that have an app with a GUI fared the best, with Private Internet Access and Surfshark also performing well in other areas.

Global network speed

We conduct regular lab tests to determine each VPNs maximum possible speed. However, we also like to carry out tests in a real-world environment. For the Linux apps, we tested download speeds on a home broadband connection with an average speed of 49.44 Mbps. We carried out tests in the morning, at noon, and in the afternoon while connected to servers in the UK, US, and Japan.

Chart showing the individual speed test results for each provider

As you can see from the chart, NordVPN was the fastest VPN overall. Its average speed was more than 10 Mbps, faster than three of the slower providers.

If you want the best chance at streaming UHD without buffering, then NordVPN is the app to go for. ExpressVPN is a good second-best — it performed particularly well while connected to a UK server.

In order to better compare each provider’s overall ability, we normalize our speed test data to a score out of 10. Normalization helps convert the scores to a common scale, regardless of the original range of values. We find the minimum and maximum speed test scores across all VPN providers. These values set the boundaries for normalization.

The chart below shows how providers’ speeds compare with their normalized scores. This makes it clearer still that NordVPN is the best option in terms of download speeds.

Chart showing the overall network speed score for each VPN provider

Security & privacy

If you’re using Linux, then it’s likely that you place a high value on security and privacy. With this in mind, we’ve only selected providers that scored highly across 15 different criteria. You can see a summary of all the metrics we measured in the table below.

FeatureNordVPNSurfsharkExpressVPNPureVPNProtonVPNPrivate Internet Access
Activity logsNo activity logsNo activity logsNo activity logsNo activity logsNo activity logsNo activity logs
IP logsNo IP logsNo IP logsNo IP logsNo IP logsNo IP logsNo IP logs
EncryptionAES-128 or higherAES-128 or higherAES-128 or higherAES-128 or higherAES-128 or higherAES-128 or higher
AuthenticationSHA-384SHA-512SHA-512SHA-256SHA-512SHA-256
Keys4096-bit4096-bit4096-bit4096-bit2048-bit4096-bit
Perfect Forward SecrecyYesYesYesYesYesYes
DNS leak protectionYesYesYesYesYesYes
IPv6 leak protectionYesYesYesYesYesYes
Private DNSYesYesYesYesYesYes
Torrenting allowedYesYesYesYesYesYes

We assigned a score to each of the criteria to generate an overall score out of 10 — which we can use to compare providers directly.

Chart showing the overall security and privacy scores for each VPN provider

As you can see from the above chart, ExpressVPN provides the greatest level of security and privacy. NordVPN, Surfshark, and PureVPN closely follow this.

Before we even consider reviewing providers, we check that they don’t leak our IP address while connected. This is a basic requirement and a good way to disregard lesser providers quickly. We test for IP, DNS, and WebRTC leaks using the service available on browserleaks.com. Providers must pass all three to progress.

Streaming

The chance to access free streaming services in other countries or new content libraries within existing platforms is a big draw for people choosing a VPN. We look at nine different criteria to fully evaluate each VPN’s streaming ability. You can see the data in the table below.

FeatureNordVPNSurfsharkExpressVPNPureVPNProtonVPNPrivate Internet Access
Number of locations in relevant country5+ locations5+ locations5+ locations5+ locations5+ locations5+ locations
Regional speed test results300-500 Mbps500+ Mbps300-500 Mbps100-299 Mbps100-299 Mbps<100 Mbps
Includes ad-blocker?YesYesYesNoYesYes
Works in high-censorship countriesYesYesYesYesNoYes
Offers a smart DNS serviceYesYesYesNoNoYes
Streaming device apps2+ apps2+ apps2+ apps2+ apps1 app1 app
Can Unblock Tier 1 StreamingReliablyReliablyReliablyUnreliablyUnreliablyReliably
Can Unblock Tier 2 StreamingYesYesYesYesYesYes
Can Unblock Tier 3 StreamingYesYesYesYesYesYes

We give each of these criteria a score and then combine them for an overall score out of 10. This makes it easier for you to compare providers.

Chart showing the streaming scores for each VPN provider

 

Using the above chart, you can see that NordVPN, Surfshark, and ExpressVPN are all outstanding in terms of their streaming ability. Choosing one of these providers will give you the best chance of accessing the widest range of content — wherever you may be.

Value for money

We looked at eight different metrics when assessing providers’ relative value for money — not just how much their subscriptions cost. You can see how each performed in the table below.

FeatureNordVPNSurfsharkExpressVPNPureVPNProtonVPNPrivate Internet Access
Money-back guaranteeYesYesYesYesYesYes
Connection limit6+Unlimited6+6+6+Unlimited
Subscription terms3 terms+3 terms+3 terms+3 terms+3 terms+3 terms+
Sale frequencyFrequently running dealsFrequently running dealsFrequently running dealsFrequently running dealsFrequently running dealsFrequently running deals
Monthly pricing<$13<$10$15+<$13<$10<$13
Lowest price<$5<$5$5+<$5$5+<$5
Free trial availableYesYesYesYesYesYes
Student discountYesYesYesNoNoNo

To more easily compare providers, we combine the scores for each metric into a total score out of 10.

Chart showing the overall value for money scores for each VPN provider

From the chart, you can see that Surfshark offers the best overall value for money overall, closely followed by NordVPN.

VPNs that Linux users should avoid

Several tutorials out there will show you how to install OpenVPN. That’s great, because OpenVPN is probably the best VPN protocol on the market. However, OpenVPN is just a protocol and a client. It is not a VPN service in and of itself. You will still require a server or servers to connect to, and this is where many people run into privacy issues.

All of the paid services we’ve listed above have zero-log policies, meaning they don’t monitor or record how you use the VPN. This means a hacker can’t breach the provider’s servers and find dirt on you, the company can’t sell your info to third parties, and law enforcement can’t coerce the company into giving up private info about customers.

The reality is often very different with free VPNs. A company isn’t going to waste money hosting and maintaining a VPN server without expecting something in return. That’s why reading up on a company’s privacy and logging policies is very important before you connect.

As a general rule, stay away from VPN services that only offer a PPTP connection. PPTP is fast and simple to set up, but it contains several security vulnerabilities.

Here are a couple of examples of free VPNs that you should actively avoid:

SecurityKISS

Searching for a free VPN for Linux on Google might lead you to SecurityKISS. The company stores users’ connection logs and IP addresses, a practice that privacy advocates frown upon. In the free version, your usage is capped at 300MB per day. In the paid version… well, it doesn’t really matter because there are at least a half dozen better options.

USAIP

Another mediocre VPN service that somehow weaseled its way into search results, USAIP’s latest Linux client only uses PPTP. It also doesn’t provide its own DNS servers or default to Google’s, which means your ISP can still monitor your online activity. On top of that, it doesn’t disclose its logging policy.

Note that some of the providers in our list offer pared-down versions of their main apps for free in an attempt to lure users onto a subscription. These apps tend to be as private and secure as their paid-for counterparts, but with only a few servers to choose between and subsequently sluggish speeds. If you’re short on cash these are preferable to the free VPNs operating as standalone services.

Securing Linux

A VPN is a great step toward securing your Linux system, but you’ll need more than that for full protection. Like all operating systems, Linux has its vulnerabilities and hackers who want to exploit them. Here are a few more tools we recommend for Linux users:

  • Antivirus software
  • Anti-rootkit software
  • Tripwire
  • Firewall
  • Security-focused browser extensions

You can learn about all of these tools, which ones to use, and how to install them in our Linux Security Guide. There, you’ll also find tons of other tips and advice for securing Linux.

A note on OpenVPN

Even if a VPN provider doesn’t make a dedicated native client for your Linux distro, almost all of them will provide configuration files that work with OpenVPN. All you need to do is download a config file for each server you want to connect to. This can get tedious if you like to have a lot of options, but it’s perfectly feasible.

OpenVPN is great, but the generic client isn’t as packed with features like DNS leak prevention and internet kill switches. Again, you can find scripts and packages that will take care of these for you, but we prefer the convenience of clients with all this stuff built in.

How to install and connect to OpenVPN on Linux Terminal

Here we’ll show you how to install the OpenVPN client on Ubuntu. Other distros, such as Mint and CentOS, should work similarly, but the commands might vary slightly.

  1. Open a terminal
  2. Type sudo apt-get install -y openvpn and hit Enter
  3. Type your admin password and hit Enter
  4. Type y and hit Enter to accept all dependencies and complete the installation.
  5. Enter sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome and hit Enter
  6. Enter sudo apt-get install openvpn easy-rsa

Note that on newer versions of Ubuntu, you may need to swap out the “apt-get” part of the commands with “yum”.

Once OpenVPN is installed, you need config files. Usually you can download .ovpn config files from your VPN provider’s website. Each config file is associated with a particular server and location so grab a few of them for each location you want to connect to. Make sure to have backups in case a server goes down.

To connect via command line, which should work across most distros:

  1. With OpenVPN installed, type sudo openvpn –config in the terminal and hit Enter
  2. Drag and drop the .ovpn config file for the server you want to connect to into the terminal. The correct path will be automatically captured.
  3. Hit Enter and wait for the “Initialization Sequence Completed” message. You are now connected to the VPN. You can minimize the terminal window, but closing it will disconnect you from the VPN.

This is just one way to connect. You can also try the Ubuntu Network Manager or the OpenVPN GUI. These may require CA certificates and/or private keys from your VPN, so make sure those are available from the provider’s website.

Guides for other Linux distros:

How to make a VPN kill switch in Linux

In the event that the VPN connection unexpectedly drops, the computer will continue to send and receive traffic sent over your ISP’s unprotected network, possibly without you even noticing. To prevent this behavior, you can make yourself a simple kill switch that halts all internet traffic until the VPN connection is restored. We’ll show you how to write some easy rules using iptables and the Ubuntu Ultimate Firewall (UFW) application.

First, create a startvpn.sh script that puts firewall rules in place. These firewall rules only allow traffic over the VPN’s tun0 network interface, and they only allow traffic over that interface to go to your VPN’s server.

$ cat startvpn.sh
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow out from any to 54.186.178.243 # <-- note this is the IP from the "remote" field of your configuration file
sudo ufw enable
sudo ufw status
sudo openvpn client.conf &

Network traffic cannot pass over any other network interface with these firewall rules in place. When your VPN drops, it removes the tun0 interface from your system so there is no allowed interface left for traffic to pass, and the internet connection dies.

When the VPN session ends, we need to remove the rules to allow normal network traffic over our actual network interfaces. The simplest method is to disable UFW altogether. If you have existing UFW rules running normally, then you’ll want to craft a more elegant tear down script instead. This one removes the firewall rules and then kills openvpn with a script called stopvpn.sh

$ cat stopvpn.sh
sudo ufw disable
sudo ufw status
sudo kill `ps -ef | grep openvpn | awk '{print $2}'`

If you use some other means to connect to your VPN, you can eliminate the last two lines of each script. In such a configuration, you will have to remember to manually run the startvpn.sh script prior to starting your VPN using some other method. Once your VPN session ends, remembering to run the stopvpn.sh script isn’t hard; you’ll probably notice the lack of internet connectivity until you run it.

For further instructions, read our guide on how to make a VPN kill switch in Linux with UFW.

Which Linux distro is best for privacy?

If you’re concerned about privacy, switching from MacOS or Windows to any open-source Linux distro is already a step in the right direction. Apple and Microsoft both collect personal data from users on their respective operating systems. Both companies are known to cooperate with law enforcement and intelligence agencies like the NSA. Microsoft uses customers’ data to sell ads. Both OSes are closed source, meaning the public cannot peak at the source code to see where vulnerabilities or backdoors lie.

Linux, on the other hand, is open source and frequently audited by the security community. While Ubuntu once flirted with Amazon to monetize users, it and other distros are generally not out to make a buck by selling your data to third parties.

Not all Linux distros are created equally, however, and some are more secure than others. If you’re looking for a distro that functions as a day-to-day desktop replacement but is also built with privacy and online security in mind, we recommend Ubuntu Privacy Remix. UPR is a Debian-based Ubuntu build that stores all user data on encrypted removable media, such as an external hard drive. The “non-manipulatable” OS is supposedly immune to malware infection.

You’ll still need a VPN to encrypt your internet connection. Most of the apps from the VPN providers above should work fine on UPR.

If UPR isn’t enough and you want to use your computer with complete anonymity, we recommend TAILS. Short for The Amnesiac Incognito Live System, TAILS is a Linux distro built by the same people who created the Tor network. TAILS is a live OS designed to be installed on and run from a USB drive or CD. It’s a hardened version of Linux that routes all internet traffic through the Tor network. It leaves no trace of ever being used after removing it from the device.

Making your own VPN

If you don’t trust commercial VPN providers or you just prefer a DIY solution, you could always roll your own VPN. You’ll need to set up your own server. Common options are virtual private cloud services like Amazon Web Services and Digital Ocean. A variety of tools at your disposal that will assist you in getting a homegrown VPN up and running:

  • OpenVPN
  • Streisand
  • Algo
  • SoftEther VPN
  • StrongSwan

Each has its own pros and cons in terms of protocol, security, features, and ease of use. We’ve got a great tutorial on how to set up OpenVPN with a Linux client and Amazon EC2 Linux instance.

But even though rolling your VPN gives you full control over almost every aspect of how the VPN operates, there are some drawbacks. First, it’s much more difficult than using pre-existing servers and pre-configured apps. Secondly, if you’re using a cloud service like AWS or Digital Ocean, your data still passes through the hands of a third party. Third, you only get a single server and location to connect to.

Finally, and perhaps most importantly, rolling your own VPN likely means that only you and perhaps a handful of acquaintances will be using it. That makes it much easier to trace internet activity back to a specific person. The best VPNs for Linux that we recommend, on the other hand, typically assign users shared IP addresses. Dozens and even hundreds of users can be pooled together under a single IP, effectively anonymizing traffic as it leaves the VPN server.