best VPN Linux

Ubuntu, Fedora, OpenSUSE, Kali, and Mint users often get the short end of the stick for software, and VPN services are no different. Let’s be honest: Linux users are low on the priority list for most companies and developers. That’s why we set out to find the best VPN providers who have taken the time to give Linux fans some attention.

If you just want a quick answer, here’s our shortlist of the best VPNs for Linux:

  1. NordVPN Our preferred VPN for Linux! Fast, easy to install, and great at unblocking streaming sites. Even includes a 30-day money-back guarantee.
  2. Surfshark Our favorite low-cost VPN for Linux users. Provides high speeds, solid security, and allows you to secure every device you own simultaneously.
  3. ExpressVPN Works on a range of Linux distros. Unblocks a range of secure streaming sites, very fast, and uses powerful security.
  4. CyberGhost Recently launched a command-line Linux app. Easy-to-use, good for unblocking region-locked content, and secure.
  5. PrivateVPN: OpenVPN CLI app for Linux. Beginner-friendly VPN with fast speeds combined with powerful unblocking ability. Strong privacy protection.
  6. Private Internet Access: Offers a full GUI app for Linux. Servers available in 80 countries and provides 24/7 live chat support. Secure 10 devices at once.
  7. ProtonVPN Open-source command-line app from a user privacy-focused VPN provider.

To connect to a VPN server on Linux, OpenVPN, OpenConnect, AnyConnect, and Network Manager are all popular VPN clients. But even better is a provider that makes a plug-and-play native VPN client. They require far less configuration and tend to come with more features and perks than their generic peers. That’s why every Linux VPN we recommend in this list offers a slick app just for you.

WANT TO TRY THE TOP VPN RISK FREE?

NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for Linux, free from any limitations, for a monthgreat if you want to try all of the service's features out or yourself before coming to a decision.

There's no catchjust contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.

What makes a good Linux VPN?

Our list of the best VPNs for Linux is based on the following criteria (we explain more on this later):

  • A Linux app is available, so little or no manual configuration is required
  • Fast speeds
  • Strong online security
  • No activity logs or IP address logs
  • Can unblock geo-locked websites, apps, and streaming services

Short for Virtual Private Network, a VPN encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing. This has a myriad of benefits ranging from improved online privacy, better security when connected to public wi-fi, and can unblock geo-locked sites, apps, and services.

Best VPNs for Linux – at a glance

We’ve compared the most important features for the top VPNs here. Prefer to read the in-depth reviews? Start with NordVPN – our #1 choice for Linux.

No valueNordVPNSurfsharkExpressVPNCyberGhostPrivateVPNPrivate Internet AccessProtonVPN
Websitewww.NordVPN.comwww.Surfshark.comwww.ExpressVPN.comwww.Cyberghost.comwww.PrivateVPN.comwww.PrivateInternetAccess.comwww.protonvpn.com
Ranking for Linux:1234567
Devices SupportedWindows, MacOS, iOS, Android, Linux, Smart TVs, RoutersWindows, MacOS, iOS, Android, LinuxWindows, MacOS, Linux (command line), iOS, AndroidWindows, MacOS, iOS, AndroidWindows, MacOS, iOS, AndroidWindows, MacOS, iOS, AndroidWindows, MacOS, iOS, Android
Activity logsNoneSomeNo identifying dataNo identifying dataNo logs stored No logs stored
Avg Speed (Mbps)100+ Mbps323.6 Mbps100+ Mbps100+ Mbps71 Mbps70 Mbps66 Mbps
Total number of servers5,1003,2003,0006,000+200+29,000+1,772
Best deal (per month)$2.99
SAVE up to 68% + GET 3 months FREE
$2.05
Get 2 Months FREE with a 2-year plan
$6.67
SAVE: 49% on the annual plan
$2.03
SAVE 84% on the 2 year plan + 4 months FREE
$2.00
SAVE 85% on the three year plan
$2.03
SAVE 83% on the 2 yr plan + 4 months free
$3.99
SAVE 50% on a two-year plan

These are the top VPNs for Linux, which include a dedicated Linux app.

1. NordVPN

NordVPN has a command-line Linux app, is budget-friendly, and works great for streaming.

NordVPN Nov 2022

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

Website: www.NordVPN.com

Money-back guarantee: 30 DAYS

NordVPN just launched its dedicated Linux app in August 2018. The command-line app has no GUI (graphical user interface), but it’s still far easier to set up and use than manually configuring servers. The Linux app comes with most of the same great features you get on other operating systems, including an automated kill switch, ad blocker, and anti-malware filter. If you still prefer doing things the old-fashioned way, Nord boasts an extensive user base of tutorials including detailed Linux setup instructions for OpenVPN, IKEv2, and PPTP protocols.

Based in Panama, NordVPN allows up to six simultaneous connections, a zero-logs policy, and specialized servers for streaming, P2P, and added security. It works with sites and apps like Netflix, Hulu, and BBC iPlayer. Over 5,200 ultra-fast servers are on offer in more than 60 countries. Every connection is protected with AES 256-bit encryption, and the IKEv2 protocol features perfect forward secrecy to ensure no one can decrypt past sessions even if they discover the encryption key.

Pros:

  • Major emphasis on security and privacy
  • Works with most popular geo-locked streaming services
  • Faster than any of its rivals
  • 24/7 live chat support available
  • Expansive server network

Cons:

  • A cumbersome desktop app may cause issues for novice users

Our score:

4.5 out of 5

BEST VPN FOR LINUX:NordVPN is our #1 for Linux. Connects up to 6 devices simultaneously. Impressive security offering, unblocking abilities, and speeds. Its 30-day money-back guarantee means you can try it out risk-free.

Read our full NordVPN review.

NordVPN Coupon
SAVE up to 68% + GET 3 months FREE
Black Friday TagGet Deal >
Discount applied automatically

2. Surfshark

Surfshark is a reliable, budget VPN with a command-line app for Ubuntu and Debian.

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.Surfshark.com

Money-back guarantee: 30 DAYS

Surfshark now offers users a command-line app for Linux that works on Debian and Ubuntu distros. You can select any of the available server locations from a list and get connected in seconds. Surfshark is ideal for people who want to stream while traveling abroad, since it can securely access platforms such as Netflix, Hulu, BBC iPlayer, or Amazon Prime Video. Torrenting is allowed as well, and the service keeps no logs.

Surfshark is the only provider on this list to allow an unlimited number of simultaneous connections per account. That makes it a great bargain if you share with family or housemates. Live chat support is staffed around the clock.

Other than Linux, apps are also available for Windows, MacOS, iOS, and Android.

Pros:

  • Unlimited devices
  • Great for Netflix, Hulu, and Amazon Prime Video
  • Plenty of security features
  • No-logs policy
  • 24/7 live chat

Cons:

  • Relatively small server network
  • Occasional slow server

Our score:

4.5 out of 5

BEST BUDGET VPN:Surfshark is affordable, fast, and reliable. It provides a ton of security features and strong unblocking ability, as well as a 30-day money-back guarantee.

Read our full review of Surfshark.

Surfshark Coupon
Get 2 Months FREE with a 2-year plan
Black Friday TagGet Deal >
Discount applied automatically

3. ExpressVPN

ExpressVPN is a highly rated VPN for Linux thanks to a dedicated app, fast internet speeds, and exceptional security.

ExpressVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.ExpressVPN.com

Money-back guarantee: 30 DAYS

ExpressVPN released its official Linux app in April 2016. It runs using a command-line interface rather than the desktop GUI available on Windows and Mac, but it’s still far easier than downloading and managing config files for each server. The server list is always kept up to date, and users can easily switch between UDP and TCP over the OpenVPN protocol. ExpressVPN costs a little more than some rivals, but it does offer a 30-day money-back guarantee and clocked much faster connection speeds in our testing. ExpressVPN works on Ubuntu, Debian, Fedora, Kali, and CentOS.

ExpressVPN is high on our list as it scores well in all key areas including privacy, speed and customer support. It also works consistently with Netflix, Hulu, BBC iPlayer and HBO.

Update: ExpressVPN has made some notable improvements by allowing up to 5 simultaneous devices and introducing a kill switch.

Pros:

  • High speeds for downloading and video streaming
  • Comprehensive security and privacy features
  • Substantial network across 94 countries and with over 3,000 servers

Cons:

  • Slightly more expensive than rivals
  • May not offer enough control for advanced users

Our score:

4.5 out of 5

PRIVACY FIRST:ExpressVPN is a pleasure to use. Tested on Ubuntu, Debian, Fedora, Kali, and CentOS. Boasts a large network and is tough to beat on privacy and security. Also includes a 30-day money-back guarantee.

Read our full review of ExpressVPN.

ExpressVPN Coupon
SAVE: 49% on the annual plan
Black Friday TagGet Deal >
Discount applied automatically

4. CyberGhost

CyberGhost recently launched a command-line app for Linux users that makes it easy to set up and connect. It works with Ubuntu 19.04, 18.04, 16.04 and Fedora 29 and 30.

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.Cyberghost.com

Money-back guarantee: 45 DAYS

As with others, the command-line app has no graphic interface and runs solely from the command line. You can choose how you want to use the VPN, such as for torrenting or streaming, as well as the location. CyberGhost doesn’t store any user logs and employs strong encryption and leak protection.

CyberGhost uses the OpenVPN protocol. It operates more than 5,900 servers in 89+ countries. Connection speeds are good and connections are reliable. Live chat support is available 24 hours per day, 7 days per week.

You can connect up to seven devices at a time. Apps are also available for Windows, MacOS, iOS, Linux, and Android.

Pros:

  • Securely stream Netflix US, Hulu, and BBC iPlayer
  • Keeps no logs
  • Use up to seven devices simultaneously
  • Easy to use, select activity type and be connected to the most appropriate server

Cons:

  • Doesn’t reliably work in China
  • No router support

Our score:

4.5 out of 5

FAST AND SECURE LINUX VPN:CyberGhost's Linux app has all the speed, digital security, and unblocking capabilities available in other versions, plus a healthy 45-day money-back guarantee.

Read our full CyberGhost review.

CyberGhost Coupon
SAVE 84% on the 2 year plan + 4 months FREE
Black Friday TagGet Deal >
Discount applied automatically

5. PrivateVPN

PrivateVPN offers a user-friendly service and impressive security features. If you get stuck free remote help and installation is available.

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.PrivateVPN.com

Money-back guarantee: 30 DAYS

PrivateVPN now offers a command-line app for Linux. This works on both Ubuntu and Debian. It’s one of the most user-friendly VPNs around and provides setup guides to make everything that much quicker and easier. While PrivateVPN operates a smaller network of approximately 200 servers, these are located in over 60 countries. Better still, it provides fast, unthrottled connections for lag-free streaming.

This is a VPN that offers plenty of impressive security features, be it military-grade 256-bit AES encryption, protection from DNS leaks, or a kill switch. It also protects your privacy through its strict no-logs policy. Should you have any trouble setting PrivateVPN with Linux, you can take advantage of its live chat and email support. Note that free remote help and installation is even available.

Aside from Linux, you’ll find PrivateVPN apps for Windows, Mac, Android, iOS, and Amazon Fire TV. Indeed, you can even manually configure it to work with select wireless routers.

Pros:

  • User-friendly with setup guides and customer support
  • High-speed servers for streaming and torrenting
  • Consistent unblocking of popular streaming platforms
  • Online anonymity thanks to a strict no-logs policy

Cons:

  • Smaller network of servers (only 200 or so in total)
  • Live chat isn’t available 24 hours a day

Our score:

4.5 out of 5

IDEAL FOR STREAMING:PrivateVPN supports Linux through a CLI app. Very fast, consistent connections and reliable unblocking of geo-restricted content. Quality customer support and a no-logs policy. 30-day money-back guarantee.

Read our full PrivateVPN review.

PrivateVPN Coupon
SAVE 85% on the three year plan
Get Deal >
Discount applied automatically

6. Private Internet Access

Private Internet Access covers 80 countries, perfect for traveling abroad. Streaming is a breeze and with a single PIA account you can secure as many as 10 devices.

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

Website: www.PrivateInternetAccess.com

Money-back guarantee: 30 DAYS

Private Internet Access is one of very few VPNs to actually offer a full app for Linux. Complete with a GUI, it works on Ubuntu, Mint, Debian, Fedora, Arch, and more. It’s also completely open-source, providing full transparency. This VPN’s network covers 80 countries in total, making it highly suitable when you’re traveling abroad. You also won’t have trouble streaming or torrenting because there’s no bandwidth throttling.

With a single PIA account, you can secure as many as 10 devices at the same time. Security features of this VPN include 256-bit AES encryption, DNS leak protection, and a kill switch. PIA also operates a no-logs policy which means your personal information stays private. There are also some optional add-ons including an antivirus and dedicated IP address. Need help? There’s 24/7 live chat support.

Aside from an excellent app for Linux, Private Internet Access can be downloaded for the following: Windows, Mac, Android, iOS, and Amazon Fire TV. Chrome and Firefox browser extensions are also offered although manual setup is needed for wifi routers.

Pros:

  • Easy-to-use app for Linux
  • Servers are available in 80 countries
  • Connect up to 10 of your devices at the same time
  • Highly secure with encryption and a built-in ad blocker

Cons:

  • Not the strongest unblocker of streaming services
  • Doesn’t work reliably in China

Our score:

4 out of 5

SECURE 10 DEVICES:Private Internet Access is easy to use with Linux thanks to its GUI app. Connect to servers in 80 countries. Good speeds with no throttling. Option to connect 10 devices simultaneously. 30-day money-back guarantee.

Read our full Private Internet Access review.

Private Internet Access Coupon
SAVE 83% on the 2 yr plan + 4 months free
Black Friday TagGet Deal >
Discount applied automatically

7. ProtonVPN

ProtonVPN is a great choice for security-conscious Linux users.

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website: www.protonvpn.com

Money-back guarantee: 30 DAYS

ProtonVPN now makes a command-line app for Linux that lets you see the full list of servers and more easily manage connections. The tool is open-source so you’re free to inspect and modify the code as you please. It works on Ubuntu, Fedora, Arch linux/Manjaro, Kali, and Solus. All connections use the OpenVPN protocol, and you can quickly switch between servers.

Proton emphasizes privacy in all of its services, and its VPN is no different. You get top-notch security and a strict zero logs policy. ProtonVPN allows P2P filesharing and works with US Netflix.

Pros:

  • Strong security
  • No issues with Netflix
  • P2P allowed

Cons:

  • No live chat support
  • Small server selection

Our score:

4 out of 5

Great Speeds:ProtonVPN is reliable. This is a fast and reliable VPN service that is suitable for streaming and torrenting, although it’s on the pricier side. 30-day money-back guarantee

Read our full ProtonVPN review.

ProtonVPN Coupon
SAVE 50% on a two-year plan
Black Friday TagGet Deal >
Discount applied automatically

VPNs that Linux users should avoid

Several tutorials out there will show you how to install OpenVPN. That’s great, because OpenVPN is probably the best VPN protocol on the market. However, OpenVPN is just a protocol and a client. It is not a VPN service in and of itself. You will still require a server or servers to connect to, and this is where many people run into privacy issues.

All of the above paid services we’ve listed above have zero-log policies, meaning they don’t monitor or record how you use the VPN. This means a hacker can’t breach the provider’s servers and find dirt on you, the company can’t sell your info to third parties, and law enforcement can’t coerce the company into giving up private info about customers.

With free VPNs, the reality is often very different. A company isn’t going to waste money hosting and maintaining a VPN server without expecting something in return. That’s why it’s very important to read up on a company’s privacy and logging policies before you connect.

Furthermore, stay away from VPN services that only offer a PPTP connection. PPTP is fast and simple to set up, but it contains several security vulnerabilities.

itshidden

This free VPN service only uses PPTP connections, so it’s clearly not secure. The privacy policy is one sentence long and even that has typos in it. Granted, the one sentence claims the service doesn’t keep any traffic logs, but we’d hardly call that a policy.

SecurityKISS

Searching for a free VPN for Linux on Google might lead you to SecurityKISS. The company stores connection logs and IP addresses of users, a practice which privacy advocates frown upon. In the free version, your usage is capped at 300MB per day. In the paid version … well it doesn’t really matter because there are at least a half dozen better options.

USAIP

Another mediocre VPN service that somehow weaseled its way into search results, USAIP’s latest Linux client only uses PPTP. It also doesn’t provide its own DNS servers or default to Google’s, which means your ISP can still monitor your online activity. On top of that, it doesn’t disclose its logging policy.

VPN testing methodology

Comparitech tests every VPN we recommend using a rigorous and comprehensive methodology. When it comes to Linux VPNs in particular, we examine:

  • Which Linux distros are supported
  • Linux app quality and user experience
  • Support and documentation for Linux users
  • Support for manual configuration using third-party VPN clients

We put each VPN through a range of quantitative and qualitative tests to ensure they function as described and can be relied upon by readers. Those tests include:

  • Speed tests: We measure VPN connection speeds to servers in North America, Europe, and Asia.
  • Leak tests: We check each VPN for data leaks including DNS, WebRTC, and IPv6 leaks.
  • Streaming service unblocking: We’ve run more than 3,000 real-world tests to find out which VPNs work best with streaming services like Hulu from abroad.
  • Customer support: We measure response times and subjectively gauge how well our questions are answered by support staff.

All of our suggested VPNs meet our standards of quality for privacy and security. That means using up-to-date encryption and not logging any identifying information about users or their activity, among other requirements.

Read more about our methodology on the how we test VPNs page.

Securing Linux

A VPN is a great step toward securing your Linux system, but you’ll need more than that for full protection. Like all operating systems, Linux has its vulnerabilities and hackers who want to exploit them. Here are a few more tools we recommend for Linux users:

  • Antivirus software
  • Anti-rootkit software
  • Tripwire
  • Firewall
  • Security-focused browser extensions

You can learn about all of these tools, which ones to use, and how to install them in our Linux Security Guide. There you’ll also find tons of other tips and advice for securing Linux.

Why should I use a VPN for Linux?

A VPN has multiple uses and can be applied in many different scenarios.

Privacy

At its core, a VPN is a tool designed for privacy. If you’re worried about someone monitoring what you do online, such as an internet service provider, hacker, or government agency, a VPN can help. A VPN achieves privacy in two key ways.

First, all of the data you send and receive over the internet is encrypted before it even leaves your device. So long as the encryption is strong–128-bit and 256-bit AES are both sufficient and common with modern VPNs–no one will be able to crack it. If, for example, your ISP wanted to record your browsing history, it would instead only see indecipherable text.

Second, using the same example, the ISP cannot see where a VPN user’s internet traffic is going to or coming from. It can only see that data is travelling between your computer and the VPN server. It cannot see the destination of your internet traffic and can therefore not monitor what websites, apps, and services you use. Websites that you visit won’t be able to track you so easily, as your IP address is hidden behind that of the VPN server, and IP addresses play a huge role in how advertising companies and other data gathering entities create user profiles.

An important distinction to make here is the difference between VPN logging policies. All of the VPN service providers we recommend in our list of the best VPNs for Linux do not keep traffic logs, meaning they do not monitor your activity while connected to the VPN. Many other VPNs log your activity in different ways and should generally be avoided; being tracked by your VPN is hardly better than not having a VPN at all.

Related: Best logless VPNs

Security

Security and privacy often go hand in hand. A VPN can help secure your device by protecting it from online threats. Public wifi, for example, is a minefield for unprotected devices. Hackers can hijack unsecured wifi routers or create their own fake hotspots and wreak all sorts of havoc on any device that connects to them. An attacker could steal or modify any data sent over an unsecured network.

Even when you’re not on public wifi, a VPN can protect your device from several threats. By masking your IP address you can avoid many common attacks from hackers targeting you specifically. Many VPNs also come with built-in malware filtering which further protects your device.

Securely accessing your usual services abroad

Many websites, apps, and online services are restricted to residents of certain countries or regions. A popular use case for VPNs is regaining access to your usual services while traveling abroad. This includes streaming video sites like Hulu, BBC iPlayer, and Amazon Prime Video. It also applies to online banking and shopping sites by “spoofing” your location. The website in question only sees the location of the VPN server you chose to connect to and not your real location. You can even avoid blackout restrictions on live streaming sporting events.

Bear in mind that many streaming video providers are adverse to VPN use because of content licensing agreements that force them to only offer content within certain countries. As such, they often block connections from known VPN servers.

Bypassing censorship

Internet censorship stinks, whether you’re in an authoritarian country like China or an office building with an overzealous firewall. By routing your internet traffic around the firewall through a VPN server, you can evade such geo-restrictions and freely access the open internet. In all but a tiny fraction of countries, using a VPN is perfectly legal.

Be warned, however, that some countries block known VPN servers, so not all providers can bypass censorship measures. Be sure to check with the individual provider and ask if it can unblock censored sites from your country.

Torrenting

ISPs often frown upon torrenting, whether you’re downloading legally or illegally. An ISP might penalize your account by restricting bandwidth, for example. Furthermore, the BitTorrent network is rife with copyright trolls looking to make a quick buck by collecting IP addresses of downloaders and sending them threatening settlement letters through their ISP.

A VPN is an essential tool for torrenting. When connected to a VPN, your ISP cannot distinguish between different types of traffic, torrenting or otherwise. And because your IP address is masked by the VPN server’s IP address, copyright trolls cannot track you down. Just make sure to choose a VPN provider that doesn’t log your real IP address. You can cross reference the list above with our list of the best VPNs for torrenting to find the best fit for you.

Wireguard and Linux

Many VPNs have or are in the process of adopting Wireguard. Wireguard is a newer VPN protocol that promises competitive security and considerably more speed than rivals like OpenVPN and IKEv2. Indeed, we’ve seen huge speed increases on the VPNs that have switched over to Wireguard.

Although Wireguard is now cross-platform, it was originally released for the Linux kernel, which means you can manually configure it or use it from within an existing VPN app. Of the VPNs we recommend above, NordVPN and Surfshark both support Wireguard out of the box.

At time of writing, Wireguard works in Debian, Fedora, OpenSUSE, Red Hat, CentOS, FreeBSD, OpenBSD, and several other Linux distros.

See also: Best VPNs with Wireguard

A note on OpenVPN

Even if a VPN provider doesn’t make a dedicated native client for your Linux distro, almost all of them will provide configuration files that work with OpenVPN. All you need to do is download a config file for each server you want to connect to. This can get tedious if you like to have a lot of options, but it’s perfectly feasible.

OpenVPN is great, but the generic client isn’t as packed with features like DNS leak prevention and internet kill switches. Again, you can find scripts and packages that will take care of these for you, but we prefer the convenience of clients with all this stuff built in.

How to install and connect to OpenVPN on Linux Terminal

Here we’ll show you how to install the OpenVPN client on Ubuntu. Other distros, such as Mint and CentOS, should work similarly, but the commands might vary slightly.

  1. Open a terminal
  2. Type sudo apt-get install -y openvpn and hit Enter
  3. Type your admin password and hit Enter
  4. Type y and hit Enter to accept all dependencies and complete the installation.
  5. Enter sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome and hit Enter
  6. Enter sudo apt-get install openvpn easy-rsa

Note that on newer versions of Ubuntu, you may need to swap out the “apt-get” part of the commands with “yum”.

Once OpenVPN is installed, you need config files. Usually you can download .ovpn config files from your VPN provider’s website. Each config file is associated with a particular server and location so grab a few of them for each location you want to connect to. Make sure to have backups in case a server goes down.

To connect via command line, which should work across most distros:

  1. With OpenVPN installed, type sudo openvpn –config in the terminal and hit Enter
  2. Drag and drop the .ovpn config file for the server you want to connect to into the terminal. The correct path will be automatically captured.
  3. Hit Enter and wait for the “Initialization Sequence Completed” message. You are now connected to the VPN. You can minimize the terminal window, but closing it will disconnect you from the VPN.

This is just one way to connect. You can also try the Ubuntu Network Manager or the OpenVPN GUI. These may require CA certificates and/or private keys from your VPN, so make sure those are available from the provider’s website.

How to make a VPN kill switch in Linux

In the event that the VPN connection unexpectedly drops, the computer will continue to send and receive traffic sent over your ISP’s unprotected network, possibly without you even noticing. To prevent this behavior, you can make yourself a simple kill switch that halts all internet traffic until the VPN connection is restored. We’ll show you how to write some easy rules using iptables and the Ubuntu Ultimate Firewall (UFW) application.

First, create a startvpn.sh script that puts firewall rules in place. These firewall rules only allow traffic over the VPN’s tun0 network interface, and they only allow traffic over that interface to go to your VPN’s server.

$ cat startvpn.sh
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow out from any to 54.186.178.243 # <-- note this is the IP from the "remote" field of your configuration file
sudo ufw enable
sudo ufw status
sudo openvpn client.conf &

Network traffic cannot pass over any other network interface with these firewall rules in place. When your VPN drops, it removes the tun0 interface from your system so there is no allowed interface left for traffic to pass, and the internet connection dies.

When the VPN session ends, we need to remove the rules to allow normal network traffic over our actual network interfaces. The simplest method is to disable UFW altogether. If you have existing UFW rules running normally, then you’ll want to craft a more elegant tear down script instead. This one removes the firewall rules and then kills openvpn with a script called stopvpn.sh

$ cat stopvpn.sh
sudo ufw disable
sudo ufw status
sudo kill `ps -ef | grep openvpn | awk '{print $2}'`

If you use some other means to connect to your VPN, you can eliminate the last two lines of each script. In such a configuration, you will have to remember to manually run the startvpn.sh script prior to starting your VPN using some other method. Once your VPN session ends, remembering to run the stopvpn.sh script isn’t hard; you’ll probably notice the lack of internet connectivity until you run it.

Which Linux distro is best for privacy?

If you’re concerned about privacy, switching from MacOS or Windows to any open-source Linux distro is already a step in the right direction. Apple and Microsoft both collect personal data from users on their respective operating systems. Both companies are known to cooperate with law enforcement and intelligence agencies like the NSA. Microsoft uses customers’ data to sell ads. Both OSes are closed source, meaning the public cannot peak at the source code to see where vulnerabilities or backdoors lie.

Linux, on the other hand, is open source and frequently audited by the security community. While Ubuntu once flirted with Amazon to monetize users, it and other distros are generally not out to make a buck by selling your data to third parties.

Not all Linux distros are created equally, however, and some are more secure than others. If you’re looking for a distro that functions as a day-to-day desktop replacement but is also built with privacy and online security in mind, we recommend Ubuntu Privacy Remix. UPR is a Debian-based Ubuntu build that stores all user data on encrypted removable media, such as an external hard drive. The “non-manipulatable” OS is supposedly immune to malware infection.

You’ll still need a VPN to encrypt your internet connection. Most of the apps from the VPN providers above should work fine on UPR.

If UPR isn’t enough and you want to use your computer with complete anonymity, we recommend TAILS. Short for The Amnesiac Incognito Live System, TAILS is a Linux distro built by the same people who created the Tor network. TAILS is a live OS designed to be installed on and run from a USB drive or CD. It’s a hardened version of Linux that routes all internet traffic through the Tor network. It leaves no trace of ever being used after removing it from the device.

Making your own VPN

If you don’t trust commercial VPN providers or you just prefer a DIY solution, you could always roll your own VPN. You’ll need to set up your own server. Common options are virtual private cloud services like Amazon Web Services and Digital Ocean. A variety of tools at your disposal that will assist you in getting a homegrown VPN up and running:

  • OpenVPN
  • Streisand
  • Algo
  • SoftEther VPN
  • StrongSwan

Each has its own pros and cons in terms of protocol, security, features, and ease of use. We’ve got a great tutorial on how to set up OpenVPN with a Linux client and Amazon EC2 Linux instance.

But even though rolling your VPN gives you full control over almost every aspect of how the VPN operates, there are some drawbacks. First, it’s much more difficult than using pre-existing servers and pre-configured apps. Secondly, if you’re using a cloud service like AWS or Digital Ocean, your data still passes through the hands of a third party. Third, you only get a single server and location to connect to.

Finally, and perhaps most importantly, rolling your own VPN likely means that only you and perhaps a handful of acquaintances will be using it. That makes it much easier to trace internet activity back to a specific person. The best VPNs for Linux that we recommend, on the other hand, typically assign users shared IP addresses. Dozens and even hundreds of users can be pooled together under a single IP, effectively anonymizing traffic as it leaves the VPN server.

VPN for Linux FAQ

How to get a free VPN on Linux temporarily?

I recommend taking advantage of a money-back guarantee from one of the VPN providers listed above. All of them have Linux apps with guarantees up to 45 days.

How can I connect to a VPN using Linux Network Manager?

It depends on your VPN provider and the VPN protocol you want to use. Consult your VPN's website documentation. You may be able to download OpenVPN configuration files straight from your provider's website and import them into the Linux Network Manager. Once you have a config file or setup details ready:

  1. Click the network button at the top right of the screen.
  2. Click on VPN off and choose VPN settings from the drop down menu.
  3. Click the icon across from VPN
  4. Import your config file or choose the protocol that you want to configure and enter the details.
  5. Click Add
  6. The VPN connection will now appear in the configuration window. Click the slider to turn it green and activate the VPN

How do I set up a L2TP VPN connection in Linux?

Make sure your VPN provider supports L2TP/IPSec. If it does, you should be able to get the necessary connection details, which probably include a shared secret on top of your username and password. You may need to install L2TP from the command line. You can then add a connection using the Linux Network Manager using the same steps as above.

How do I connect to a VPN automatically on Linux?

Most of the VPNs we recommend have dedicated Linux apps with an option to automatically connect in the settings. Depending on the app, you could set it to connect any time you’re on an unfamiliar or public network, for example.

If your VPN is manually configured, getting it to run automatically will depend on your protocol and whether you use a third-party VPN app.

Is using Linux the best way to download torrents and avoid viruses?

Most malware is made for Windows, so you have less of a chance of being infected by a virus on Linux. That being said, it’s still well worth it to take precautions on Linux, because there’s plenty of malware out there for you as well.

The most important thing is to do your best to only download trustworthy torrents. They should be linked from the official source. Failing that, choose torrents with plenty of good feedback and a lot of seeds.

A VPN will protect your privacy from any malicious actors on the BitTorrent network and prevent unsolicited requests to your device. Some VPNs, like CyberGhost, include built-in malware protection.

Will a VPN slow my connection down?

All VPNs will slow down your internet to some degree, but in most cases the difference is not noticeable. There are two main reasons for the decrease in speed.

First, The VPN app on your device has to encrypt outgoing data and decrypt incoming data, which takes time and resources. The resulting delay is more noticeable on devices with less powerful hardware.

Second, your internet data must pass through the VPN server. Both incoming and outgoing data are routed through the VPN server, which is in a different physical location, adding an extra “hop” to the connection. Routing through a proxy is not as fast in most cases as a direct connection. You can minimize the resulting delay by choosing a VPN server located near you.

Does Linux have a built-in VPN?

No. Although most Linux distros have compatibility with VPN tunneling protocols like L2TP/IPsec, OpenVPN, and WireGuard, you will still need a VPN subscription. VPN providers allow you to make use of Linux’s VPN support by providing you with remote servers to connect to. The VPNs in this guide also have apps and setup guides for Linux, to allow you to install the VPN and begin using it to gain privacy and added accessibility.

Which VPN should I use for a Linux system in China?

If you are in China, you will need a VPN that can bypass the country’s strict firewall. Unfortunately, very few VPNs work in China, and some that do, have had their website blocked. This can make it hard to subscribe from inside of China itself. Luckily, there are a few VPNs that provide functioning obfuscation to allow you to establish a connection and bypass the great firewall of China.

To find out more about which VPNs work in China, you can access our guide in the link. If you are looking for a fast answer, we recommend that you opt for NordVPN. We consider Nord the best VPN for Linux and the best VPN for internet users in China because of its wealth of features, fast connections, and excellent obfuscation tech.

What can my ISP see if I don't use a Linux VPN?

If you don't use a Linux VPN, your ISP can see everything you do online. This includes your browsing history and the amount of time you spend on each website. Your ISP can also see which device you're using and your approximate location. However, a VPN for Linux routes your data through an encrypted tunnel, preventing your ISP from seeing your online activity.