Linux enthusiasts often find themselves overlooked in the realm of software options, and the situation is the same when it comes to VPN services. Let’s face it: Most companies and developers frequently relegate Linux users to the back burner. We saw this firsthand during the course of writing this article. After struggling to use one company’s Linux app, we contacted their support team, who admitted to knowing the app was broken. They were unable to provide any indication of when the app would be fixed — which isn’t a response that filled us with much confidence. Maybe Linux users don’t complain enough — having had it drilled into them that there are always workarounds.
The good news is that there are several VPN providers who do take Linux users seriously and have created apps that are both easy to use and effective. Some of these have a graphical user interface (GUI), while others are operated via the command line. In either case, the often tedious task of configuring VPN servers is gone. Instead, it’s simply a matter of downloading and installing an app. Using one of the providers in our list means you can enjoy a host of enhanced features and perks that generic VPNs can’t match.
If you just want the top recommendations, here’s our shortlist of the best VPNs for Linux:
- NordVPN: The best Linux VPN on the market. Fast, easy to install, and works with nine different Linux distros. Great for streaming and includes a 30-day money-back guarantee.
TIP In our testing we found that the cheapest NordVPN plan (Standard) works perfectly for Linux. - Surfshark: Our favorite low-cost VPN for Linux users. The Linux app has a full GUI that makes it incredible easy to use. Subscriptions allow you to secure every device you own simultaneously.
- ExpressVPN: Fast speeds and works with six Linux distros. Unblocks a range of secure streaming sites, and uses powerful security.
- Private Internet Access: Open-source Linux apps with a full GUI. Allows unlimited simultaneous device connections and works with five Linux distros.
- PureVPN: Great value VPN for long-term subscriptions. Linux apps have a GUI and a CLI option. Servers available in 66+ countries
- ProtonVPN: Open-source app with a GUI. Lots of features, including port forwarding. Strong on privacy and security.
Many VPNs claim to protect your privacy and offer a fast, reliable connection but most (especially free VPNs) limit your connection speed or leak information.
We regularly test the top 70 VPNs for security and speed and this list only includes VPNs which are fast, reliable and are highly rated for privacy and security. Plus we only recommend VPNs which offer a full-money back guarantee allowing you to try them risk free.
WANT TO TRY THE TOP VPN RISK FREE?
NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for Linux, free from any limitations, for a month—great if you want to try all of the service's features out or yourself before coming to a decision.
There's no catch—just contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.
Our criteria for the best Linux VPNs
VPN providers aren’t particularly helpful in describing their Linux apps. We were surprised how loose the definition of ‘easy’ — as in ‘easy to use’ — seems to be. While some apps could be completely set up and understood in a minute or two, others took concerted effort simply to change server location.
We were interested in how the apps performed in several areas, which we’ve summarized below. These will all make a real difference to your experience, so need to be fully explored. You can read more about our extensive testing methodology and take a look at the data for yourself later in the article. In a nutshell, here’s what we look for:
- Linux suitability: We scored each provider’s suitability for Linux based on whether their app had a GUI, how many distros it was available for, and how many protocols it supported.
- Global network speed: We wanted to gauge how fast download speeds were when using each VPN compared to our base connection speed. We conducted multiple speed tests while connected to servers in three different countries and created an overall score based on the results.
- Security & privacy: We scored providers against 15 different security and privacy criteria. These included whether activity logs were retained, whether private DNS servers were used and whether the apps included a kill switch.
- Streaming: To find out which VPNs were best for streaming, we scored them on nine different metrics. These included whether they offered a smart DNS service and whether they worked in highly restrictive countries.
- Value for money: We used eight different criteria to create an overall value for money score. These included their connection limits, subscription terms, and lowest price.
Best VPNs for Linux: a snapshot of features
No value | NordVPN | Surfshark | ExpressVPN | Private Internet Access | PureVPN | Proton VPN |
Website | NordVPN.com | Surfshark.com | ExpressVPN.com | PrivateInternetAccess.com | PureVPN.com | protonvpn.com | Ranking for Linux: | 1 | 2 | 3 | 4 | 5 | 6 | Server countries | 111 | 100 | 105 | 91 | 70+ | 85+ | VPN protocols | OpenVPN, NordLynx | OpenVPN, WireGuard | OpenVPN, Lightway, IKEv2 | WireGuard, OpenVPN, IPSec on iOS | IKEv2, OpenVPN, Wireguard | OpenVPN, Smart Protocol (Windows only), WireGuard | Simultaneous Connections | 10 | Unlimited | 8 | Unlimited | 10 | Free: 1, VPN Plus: 10 | Total number of servers | 6,000+ | 3,200 | Undisclosed | Undisclosed | 6,500+ | 3,800 |
---|---|---|---|---|---|---|
Best deal (per month) | $3.09 Up to 73% off 2 year plans + 3 EXTRA months | $2.19 Save 86% on a 2 year Starter plan + 3 months free | $6.67 SAVE: 49% + 3 months free | $2.19 SAVE 82% on the 2 yr plan | $2.14 82% off the 2-yr standard plan + 3 free months | $3.59 Up to 64% off a 2-year plan |
The best Linux VPNs
These are the top VPNs for Linux that have a dedicated Linux app.
1. NordVPN
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
- FireTV
VPN Ratings:
Overall score: | 9 / 10 |
---|---|
Linux Suitability: | 6.9 / 10 |
Global Network Speed: | 10 / 10 |
Security & Privacy: | 9.2 / 10 |
Streaming: | 9.2 / 10 |
Value for Money: | 9.5 / 10 |
Website: www.NordVPN.com
Money-back guarantee: 30 DAYS
NordVPN has a dedicated command-line app that is far easier to set up and use than manually configuring servers. It works with more distros than any other app in our list and comes with most of the same great features you get on other operating systems, including an automated kill switch, ad blocker, and anti-malware filter. Supported distros include Ubuntu, Debian, Elementary OS, Linux Mint, Fedora, RHEL, CentOS, Qubes OS, and openSUSE.
If you still prefer doing things the old-fashioned way, Nord boasts an extensive user base of tutorials, including detailed Linux setup instructions for OpenVPN, IKEv2, and PPTP protocols.
Installing the app is easy. For Debian-based distros, simply enter:
sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)
Once installed, it’s just a matter of logging in and connecting to a NordVPN server.
Entering the following lets NordVPN choose a server for you:
nordvpn connect
You can also choose a server in a specific city or country.
We tested the speed of NordVPN’s Linux app while connected to a server in three locations at three different times of day. We used a home broadband connection with an average download speed of 49.44 Mbps.
NordVPN download speeds while connected to servers in three different countries.
NordVPN’s speeds were excellent overall but most consistent when connected to a server in Japan. The average global download speed was 37.88 Mbps, representing a drop of 11.56 Mbps from our base connection speed. Even with this drop, NordVPN is still fast enough to stream HD content.
We were able to stream content from BBC iPlayer while connected to a UK server. NordVPN’s Linux app also worked with every other platform we tested, including Netflix, Amazon Prime Video, Hulu, Disney+, and Max.
If you want to see the VPN’s current settings, simply enter:
nordvpn settings
Each setting can be enabled or disabled in the terminal using the relevant command.
For example, you can enable the kill switch by entering the following:
nordvpn set killswitch enabled
NordVPN’s Linux app comes with built-in leak protection, which we tested ourselves via browserleaks.com. We found no evidence of IP, DNS or WebRTC leaks while connected.
Other NordVPN features include Meshnet, which allows you to create networks within which you can share files or remotely access other devices. An auto-connect feature ensures that your connection is protected from start-up, and threat protection helps block ads and malicious traffic.
NordVPN offers a range of specialty servers. Options include servers for P2P traffic, obfuscated servers for bypassing blocks in countries such as China, double VPN servers for an added layer of encryption, and Onion Over VPN servers for one-click access to the Tor network.
In addition to Linux, NordVPN apps are available for Windows, macOS, iOS, and Android. NordVPN allows up to 10 simultaneous device connections, which is more than enough for most people. If it’s not, the software is compatible with a range of routers. Configuring a router connection will protect every device on your network, including those that don’t support VPN apps natively.
NordVPN is based in Panama, which is beyond the reach of international intelligence-gathering alliances such as the Five Eyes. The company has an independently audited no-logs policy, which provides reassurance that your data isn’t being harvested while connected.
Buy this VPN if:
- You want an easy-to-use Linux app that works with the most distros
- You want fastest speeds
- You want easy access to the Tor network
- You value your privacy
Don’t buy this VPN if:
- You want a full GUI
BEST VPN FOR LINUX:NordVPN is our #1 for Linux. Connects up to 10 devices simultaneously. Has impressive security, strong unblocking abilities, and the fastest speeds. Its 30-day money-back guarantee means you can try it out risk-free.
Read our full NordVPN review.
2. Surfshark
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
VPN Ratings:
Overall score: | 8.6 / 10 |
---|---|
Linux Suitability: | 7.5 / 10 |
Global Network Speed: | 7.6 / 10 |
Security & Privacy: | 9.2 / 10 |
Streaming: | 9.2 / 10 |
Value for Money: | 9.7 / 10 |
Website: www.Surfshark.com
Money-back guarantee: 30 DAYS
Surfshark has great value subscriptions and a Linux app that features a full GUI. The GUI makes life easier if you’re just getting started with Linux or don’t have the time (or inclination) to learn yet more commands. The app is currently available for Ubuntu, Mint, and Debian-based distros.
Once you’ve signed up, installing the app is easy. For debian-based distros, enter the following in a terminal:
curl -f https://downloads.surfshark.com/linux/debian-install.sh --output surfshark-install.sh cat surfshark-install.sh sh surfshark-install.sh
Once installed, Surfshark will appear in your list of apps.
After that, it’s just a matter of logging in. You’re then presented with the Surfshark dashboard, which looks the same as you’d get if you were using a Windows or Apple machine.
But how does it perform? We first wanted to know how fast download speeds were, so we connected to servers in three different countries at three different times of day and recorded the resulting speeds.
Tested download speeds using the Surfshark Linux app
Connection speeds were great overall, though the fastest in the UK. As we were connecting from the UK, this isn’t surprising.
A noticeable difference between the Surfshark app and the NordVPN app was that Surfshark was far slower at establishing a connection. Overall, speeds when connected were slower, too.
In addition to regular servers, Surfshark offers multi-hop servers and servers with static IP addresses. Static IP servers are located in Germany, Japan, the Netherlands, Singapore, the UK, and the US.
Other features include an ad, tracker and malware blocker, a kill switch, and auto-connect. Users can choose between the WireGuard, OpenVPN (TCP), and OpenVPN (UDP) protocols — or let Surfshark choose for them.
Note that the Linux app doesn’t have stealth mode or split tunneling. These are available with Surfshark’s other apps, so you’ll need to use a different operating system if, for example, you want to access the internet from China.
Surfshark is a great option for streaming, and it worked first time when we tried it with BBC iPlayer. It was also able to access Netflix, Hulu, Amazon Prime Video, and Disney+ when tested.
Privacy-wise, Surfshark has an independently audited no-logs policy. It uses strong encryption to protect user-generated traffic, and its apps come with built-in leak protection. We confirmed that the Linux app kept our IP address hidden by carrying out IP, DNS, and WebRTC leak tests while connected to a server in Albania.
In addition to its Linux app, Surfshark has dedicated apps for Windows, macOS, iOS, and Android. Users are allowed to connect as many devices as they want simultaneously, making Surfshark a solid choice for larger households.
Buy this VPN if:
- You prefer interacting with a GUI rather than the the CLI
- You plan to use a VPN with lots of devices at the same time
- You’re on a budget
Don’t buy this VPN if:
- You don’t like having to wait for connections to be established
- You’re connecting from a country where VPN use is restricted
BEST BUDGET VPN:Surfshark is affordable, fast, and reliable. It provides a ton of security features and strong unblocking ability, as well as a 30-day money-back guarantee.
Read our full review of Surfshark.
3. ExpressVPN
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
VPN Ratings:
Overall score: | 7.9 / 10 |
---|---|
Linux Suitability: | 6.6 / 10 |
Global Network Speed: | 5.8 / 10 |
Security & Privacy: | 9.6 / 10 |
Streaming: | 9.2 / 10 |
Value for Money: | 8.4 / 10 |
Website: www.ExpressVPN.com
Money-back guarantee: 30 DAYS
ExpressVPN released its official Linux app in April 2016. It continues to run using a command-line interface rather than a GUI. That said, it’s pretty straightforward to use.
First, we downloaded the installer from the ExpressVPN set-up page. We then entered the following into a terminal:
cd Downloads sudo dpkg -i expressvpn_3.72.0.0-1_amd64.deb expressvpn activate
Once you’ve entered the requested activation code, you’re good to go. Entering “expressvpn connect” will automatically connect you to the fastest available server.
Alternatively, you can choose a server. View the available options by entering:
expressvpn list all
This provides you with a list of the available locations within each country, together with an alias for each server.
So, for example, if you want to connect to a server in Woolloomooloo, you can simply enter “expressvpn connect auwo”. Connections are quick to establish, even when connecting to far-flung servers. You can see the process of choosing and connecting to a server in the video below.
[/ctech_youtube_link]
To test download speeds once connected, we performed a series of speed tests. We connected to servers in three locations at three different times of day and recorded the results.
Tested download speeds using the ExpressVPN Linux app
Download speeds were fastest when connected to a US server. However, the overall average download speed was 27.1 Mbps, which is a fair bit slower than our average base connection speed of 49.44 Mbps. Still, it’s fast enough for streaming in HD.
The ExpressVPN app worked great for streaming. We successfully used it to access BBC iPlayer, as well as Amazon Prime Video, Disney+, and Netflix.
Options for tweaking the VPN settings include selecting a specific protocol. You can choose between Lightway—UDP, Lightway – TCP, OpenVPN—UDP, and OpenVPN -TCP. Lightway is ExpressVPN’s own protocol and will normally provide the fastest speeds. If you’d like to further configure your settings, you can choose whether to use AES encryption or ChaCha20.
There’s a kill switch and the ability to automatically block ads, trackers, and access to malicious sites. As you might expect, you can see all of the available options by running the “man” command.
The man page gives you some additional time-saving commands, such as “expressvpn list recent” which prints the last three recently connected VPN server locations.
Over the years, ExpressVPN has garnered a reputation for robust security and privacy. Part of this involves making sure that users’ IP addresses aren’t leaked while connected. We tested this ourselves using a series of IP, DNS and WebRTC leak tests while connected to a server in Malta.
ExpressVPN has had its infrastructure and apps independently audited on multiple occasions. It adheres to a strict no-logs policy and all of its servers are RAM-only.
Overall, ExpressVPN’s Linux offering is slick and secure. The same can be said for its other apps, which are available for Windows, Android, iOS and macOS. There’s even an app for routers, so you can protect all of your devices in one hit.
Buy this VPN if:
- You want an easy to use Linux app
- You want to use a VPN with your router
- You want the highest levels of security and privacy
Don’t buy this VPN if:
- You’re looking for a budget service
- You want a GUI
PRIVACY FIRST:ExpressVPN is a pleasure to use. It boasts a large and highly secure server network and establishes connections quickly. Plans come with a 30-day money-back guarantee.
Read our full review of ExpressVPN.
4. Private Internet Access
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
- FireTV
VPN Ratings:
Overall score: | 7.7 / 10 |
---|---|
Linux Suitability: | 7.9 / 10 |
Global Network Speed: | 5.2 / 10 |
Security & Privacy: | 8.5 / 10 |
Streaming: | 8.6 / 10 |
Value for Money: | 8.4 / 10 |
Website: www.PrivateInternetAccess.com
Money-back guarantee: 30 DAYS
Private Internet Access is one of the relatively rare providers to offer a full GUI with its Linux app. Rarer still is its decision to make the app open-source and to allow users to scrutinize the code. The app is available for a range of distros, including Ubuntu 20.04+ (LTS), Mint, Debian, Fedora, and Arch.
To get started, go to the PIA site and download the installer for your particular Linux distribution (we’re using Ubuntu 20.04 for this review). Open a terminal and navigate to Downloads, then run the installer file as illustrated below:
Once the app is installed, you’ll need to log in using your account credentials. PIA will then open automatically, presenting you with the same dashboard you’d get using a mainstream operating system like Windows or macOS.
Clicking the big power button will automatically select a server for you and establish a connection. Alternatively, you can choose one yourself by clicking on the map or the arrow next to it. PIA has servers in 91 countries, so there are plenty of options available.
PIA is a great option for streaming and has optimized servers for just that purpose. We connected to a streaming-optimized server in the UK and successfully streamed BBC iPlayer, Channel 4, and ITVX—though not without some buffering.
Connecting to a streaming-optimized server in the US means you can watch the US versions of Netflix and Amazon Prime Video. Streaming-optimized servers are also available in the Netherlands, Italy, Sweden, Germany, Finland, Denmark, Japan, Canada, and Australia.
Users can choose between the OpenVPN and WireGuard connection protocols as desired — WireGuard is typically the faster option. Available features include a kill switch; and ad, tracker and malware blocker; split tunneling. PIA is one of the few VPNs to offer port forwarding, which is great for any torrenters out there. Those who need to bypass VPN blocks can make use of the app’s built-in Shadowsocks and SOCKS5 proxies.
To test PIA’s speed, we connected to servers in three different countries at three different times of day. Connection speeds were fastest in the US, and slowest while connected to a server in Japan. The average speed overall was 25.6 Mbps, which is roughly half the speed of our average base connection speed of 49.44 Mbps.
Tested download speeds using the PIA Linux app
PIA is adept at protecting its users’ privacy. It keeps no logs of user activity and has a Tier-1 server network that is RAM-only. We confirmed that the Linux app didn’t leak our IP address by carrying out a series of IP, DNS and WebRTC leak tests.
PIA offers rolling monthly contracts, one-year subscriptions, and three-year subscriptions. The long-term plan offers the best value for money. All plans include unlimited device connections, making PIA a good choice for sharing.
Apps are available for Windows, macOS, Android, iOS, Amazon Fire TV, and, of course, Linux. The PIA Linux app is undoubtedly impressive and it’s particularly nice that the company has put the effort into ensuring that the app has the same features as its other apps. It’s great at accessing streaming platforms and ostensibly great for torrenting. However, it’s relatively slow compared to other providers which could make streaming and torrenting a little frustrating.
Buy this VPN if:
- You want lots of features — such as port forwarding
- You want a slick GUI
- You want access to lots of streaming platforms
Don’t buy this VPN if:
- You want a VPN that isn’t US-based
- You want fast connection speeds
SECURE UNLIMITED DEVICES:Private Internet Access is easy to use with Linux thanks to its GUI app. Connect to servers in 91 countries and access multiple streaming platforms. Allows unlimited device connections and has a 30-day money-back guarantee.
Read our full Private Internet Access review.
5. PureVPN
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
VPN Ratings:
Overall score: | 7.2 / 10 |
---|---|
Linux Suitability: | 5.1 / 10 |
Global Network Speed: | 6.5 / 10 |
Security & Privacy: | 9.2 / 10 |
Streaming: | 7.3 / 10 |
Value for Money: | 8.1 / 10 |
Website: www.PureVPN.com
Money-back guarantee: 31 DAYS
PureVPN caters for Linux users who prefer to work in the command line, as well as those who prefer the convenience of a GUI. We’re big fans of convenience, so we’ll be reviewing the GUI version here.
To get started, sign in to your PureVPN account and download the PureVPN for Linux GUI file (or copy the CLI command if you’d rather).
To install the app, open a terminal, got to Downloads and enter:
The PureVPN app will then appear alongside all of your other apps. Opening it up takes you to the PureVPN dashboard, which is even sparser than the provider’s other already minimalist apps.
Clicking the button in the middle connects you to the fastest available server. You can choose your own by opening up the Locations menu on the left. There are 66 countries to choose from in total.
We were impressed by how quickly connections were established. However, download speeds fluctuated quite widely. We tested these by connecting to servers in three different countries at three different times of day. Sometimes, download speeds were fairly near our base connection speed without a VPN. At other times, they were fairly slow.
Tested download speeds using the PureVPN Linux app
We tried connecting to a UK server to see if we could access UK-based streaming platforms. We were successful with BBC iPlayer, ITVX and Channel 4.
We were also able to access a range of other streaming platforms while connected to PureVPN — most notably Netflix and Amazon Prime Video.
Compared with some of the other providers in our list, the PureVPN Linux app is relatively featureless. There’s auto-connect on start-up, a choice between the OpenVPN and WireGuard protocols, and a kill switch. There’s no obfuscation, no split tunneling, no port forwarding, and no multi-hop options.
What PureVPN does have is a no-logs policy that’s been independently audited several times. It uses strong encryption to protect user-generated traffic, and its app has built-in leak protection. We confirmed that our IP address remained hidden while connected by performing a series of IP, DNS, and WebRTC leak tests.
PureVPN has one of the longest subscription periods available in its five-year offering. This makes it a good option for those who prefer to lock into a good deal rather than shopping around every year or two.
If you just want a VPN that quietly runs in the background while you go about your business, then PureVPN’s Linux app might be for you. It’s easy to install, quick to connect, and generally hassle-free.
Buy this VPN if:
- You want a VPN that’s very easy to install and use
- You want a cheap long-term subscription
Don’t buy this VPN if:
- You want fast speeds for streaming
- You want an app with lots of features
LOW COST:PureVPN lets Linux-users get online privacy and security at a rock-bottom price point. Users get access to a no-logs policy, AES encryption, a killswitch, and DNS leak protection. Live chat support is available and it has a 31-day money-back guarantee.
Find out more in our PureVPN review.
6. ProtonVPN
Apps Available:
- PC
- Mac
- IOS
- Android
- Linux
VPN Ratings:
Overall score: | 7 / 10 |
---|---|
Linux Suitability: | 7.4 / 10 |
Global Network Speed: | 5.9 / 10 |
Security & Privacy: | 7.8 / 10 |
Streaming: | 6.7 / 10 |
Value for Money: | 7.4 / 10 |
Website: www.protonvpn.com
Money-back guarantee: 30 DAYS
ProtonVPN is highly advanced and packed with features. Best of all, it has a full GUI Linux app for Ubuntu, Debian, or Fedora. The VPN may also work with other distros, but they aren’t officially supported. We used it with the Debian-based Kali Linux.
To access the app, you need to download the repository configuration and keys:
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3-3_all.deb
And then the repository containing the app:
sudo dpkg -i ./protonvpn-stable-release_1.0.3-3_all.deb && sudo apt update
Finally, install the app by entering:
sudo apt install proton-vpn-gnome-desktop
The ProtonVPN app will now appear in your list of apps. Before you get to the app properly, you’ll need to enter the username and password for your account. Following authentication, you’ll be presented with the ProtonVPN dashboard.
Unlike the dashboard of its Windows or macOS apps, the dashboard for ProtonVPN’s Linux app initially appears to consist of little more than a list of server locations. However, clicking the down arrow in the top-left corner brings up all of the available options. This includes the settings menu, which gives you the chance to enable– or disable — the ad, malware and tracker blocker; the kill switch, and the VPN Accelerator.
ProtonVPN is one of the few VPNs to offer port forwarding, making it a great choice for torrenters. Gamers will appreciate the opportunity to create direct connections by enabling the Moderate NAT feature. More generally, there’s an auto-connect feature and the option to pin servers to the system tray.
Note that the only connection protocols available are OpenVPN (TCP) and OpenVPN (UDP). The lightweight WireGuard protocol is noticeably absent from the ProtonVPN Linux app.
We wanted to know what kind of speeds were possible using the app on a regular home broadband connection, so we performed tests at three different times of day while connected to servers in three different countries.
As with some other providers in this list, the download speeds fluctuated widely. For example, while connected to a UK server our download speeds varied between 12.29 Mbps and 41.64 Mbps. If you’re experiencing slow speeds its always worth switching servers. ProtonVPN has plenty of options in countries such as the UK, US and Japan.
Tested download speeds using the Proton VPN Linux app
Provided you’re connected to a server with decent speeds, ProtonVPN works well at accessing a range of streaming platforms. While connected to a server in the UK, we were able to watch BBC iPlayer, ITVX, and Channel 4.
The app also worked with the US content libraries for Amazon Prime Video and Netflix, though we did experience some buffering.
ProtonVPN has a reputation for privacy and security, and this extends to its Linux app. It protects user-generated traffic with AES-256 encryption and has an independently audited no-logs policy. We confirmed that ProtonVPN kept our true IP address hidden by connecting to a server in Austria and conducting IP, DNS, and WebRTC leak tests.
Proton is based in Switzerland, a country with strong privacy laws and no mandatory data retention directives. Its apps are all open-source, with the code available for inspection by the public. Supported platforms include Linux, Windows, macOS, iOS, and Android.
Buy this VPN if:
- You want features such as port forwarding
- You want to support a privacy-focused company
- You prefer to use a GUI
Don’t buy this VPN if:
- You’re on a tight budget
- You want consistently fast speeds
ADVANCED AND SECURE:ProtonVPN is a highly advanced and reliable VPN that is packed with useful privacy and security features. It works with most major streaming platforms and offers lightning-fast speeds. Torrenting-optimized servers are available globally, and it is one of the few VPNs with port forwarding. 30-day money-back guarantee.
Read our full ProtonVPN review.
Our methodology: finding the best VPNs for Linux
Before recommending anything, we were interested in finding out how each VPN provider’s Linux app performed in several key areas. Testing was carried out on virtual machines running Kali Linux and Ubuntu. As a side note, if you ever need (or want) to try out a different operating system, the Oracle VM VirtualBox software is free, open-source, and easy to use.
Linux suitability
To gauge how suitable a particular provider was for Linux, we first scored them according to whether their apps had a GUI or were command-line only. In our experience, most people prefer a GUI if one is available.
Next, we scored them according to how many distros they supported and how many protocols were available. Finally, one of our resident experts weighed in with their own score for each provider.
VPN provider | GUI? (yes = 10, no = 0) | Number of Linux distros supported? | Number of Linux distros - score out of 10 | Number of protocols supported? | Number of protocols - score out of 10 | Reviewer rating | Linux suitability: OVERALL SCORE |
---|---|---|---|---|---|---|---|
NordVPN | 0 | 9 | 10.0 | 3 | 7.5 | 9.9 | 6.9 |
Surfshark | 10 | 3 | 3.3 | 3 | 7.5 | 9 | 7.5 |
ExpressVPN | 0 | 6 | 6.7 | 4 | 10 | 9.6 | 6.6 |
PIA (Private Internet Access) | 10 | 5 | 5.6 | 3 | 7.5 | 8.3 | 7.8 |
PureVPN | 10 | 2 | 2.2 | 0 | 8.2 | 5.1 | |
Proton VPN | 10 | 3 | 3.3 | 3 | 7.5 | 8.6 | 7.4 |
Combining the above gave us an overall score for each provider’s suitability for Linux. You can see how they compare in the chart below.
Chart showing the overall Linux suitability score for each VPN provider
The providers that have an app with a GUI fared the best, with Private Internet Access and Surfshark also performing well in other areas.
Global network speed
We conduct regular lab tests to determine each VPNs maximum possible speed. However, we also like to carry out tests in a real-world environment. For the Linux apps, we tested download speeds on a home broadband connection with an average speed of 49.44 Mbps. We carried out tests in the morning, at noon, and in the afternoon while connected to servers in the UK, US, and Japan.
Chart showing the individual speed test results for each provider
As you can see from the chart, NordVPN was the fastest VPN overall. Its average speed was more than 10 Mbps, faster than three of the slower providers.
If you want the best chance at streaming UHD without buffering, then NordVPN is the app to go for. ExpressVPN is a good second-best — it performed particularly well while connected to a UK server.
In order to better compare each provider’s overall ability, we normalize our speed test data to a score out of 10. Normalization helps convert the scores to a common scale, regardless of the original range of values. We find the minimum and maximum speed test scores across all VPN providers. These values set the boundaries for normalization.
The chart below shows how providers’ speeds compare with their normalized scores. This makes it clearer still that NordVPN is the best option in terms of download speeds.
Chart showing the overall network speed score for each VPN provider
Security & privacy
If you’re using Linux, then it’s likely that you place a high value on security and privacy. With this in mind, we’ve only selected providers that scored highly across 15 different criteria. You can see a summary of all the metrics we measured in the table below.
Feature | NordVPN | Surfshark | ExpressVPN | PureVPN | ProtonVPN | Private Internet Access |
---|---|---|---|---|---|---|
Activity logs | No activity logs | No activity logs | No activity logs | No activity logs | No activity logs | No activity logs |
IP logs | No IP logs | No IP logs | No IP logs | No IP logs | No IP logs | No IP logs |
Encryption | AES-128 or higher | AES-128 or higher | AES-128 or higher | AES-128 or higher | AES-128 or higher | AES-128 or higher |
Authentication | SHA-384 | SHA-512 | SHA-512 | SHA-256 | SHA-512 | SHA-256 |
Keys | 4096-bit | 4096-bit | 4096-bit | 4096-bit | 2048-bit | 4096-bit |
Perfect Forward Secrecy | Yes | Yes | Yes | Yes | Yes | Yes |
DNS leak protection | Yes | Yes | Yes | Yes | Yes | Yes |
IPv6 leak protection | Yes | Yes | Yes | Yes | Yes | Yes |
Private DNS | Yes | Yes | Yes | Yes | Yes | Yes |
Torrenting allowed | Yes | Yes | Yes | Yes | Yes | Yes |
We assigned a score to each of the criteria to generate an overall score out of 10 — which we can use to compare providers directly.
Chart showing the overall security and privacy scores for each VPN provider
As you can see from the above chart, ExpressVPN provides the greatest level of security and privacy. NordVPN, Surfshark, and PureVPN closely follow this.
Before we even consider reviewing providers, we check that they don’t leak our IP address while connected. This is a basic requirement and a good way to disregard lesser providers quickly. We test for IP, DNS, and WebRTC leaks using the service available on browserleaks.com. Providers must pass all three to progress.
Streaming
The chance to access free streaming services in other countries or new content libraries within existing platforms is a big draw for people choosing a VPN. We look at nine different criteria to fully evaluate each VPN’s streaming ability. You can see the data in the table below.
Feature | NordVPN | Surfshark | ExpressVPN | PureVPN | ProtonVPN | Private Internet Access |
---|---|---|---|---|---|---|
Number of locations in relevant country | 5+ locations | 5+ locations | 5+ locations | 5+ locations | 5+ locations | 5+ locations |
Regional speed test results | 300-500 Mbps | 500+ Mbps | 300-500 Mbps | 100-299 Mbps | 100-299 Mbps | <100 Mbps |
Includes ad-blocker? | Yes | Yes | Yes | No | Yes | Yes |
Works in high-censorship countries | Yes | Yes | Yes | Yes | No | Yes |
Offers a smart DNS service | Yes | Yes | Yes | No | No | Yes |
Streaming device apps | 2+ apps | 2+ apps | 2+ apps | 2+ apps | 1 app | 1 app |
Can Unblock Tier 1 Streaming | Reliably | Reliably | Reliably | Unreliably | Unreliably | Reliably |
Can Unblock Tier 2 Streaming | Yes | Yes | Yes | Yes | Yes | Yes |
Can Unblock Tier 3 Streaming | Yes | Yes | Yes | Yes | Yes | Yes |
We give each of these criteria a score and then combine them for an overall score out of 10. This makes it easier for you to compare providers.
Chart showing the streaming scores for each VPN provider
Using the above chart, you can see that NordVPN, Surfshark, and ExpressVPN are all outstanding in terms of their streaming ability. Choosing one of these providers will give you the best chance of accessing the widest range of content — wherever you may be.
Value for money
We looked at eight different metrics when assessing providers’ relative value for money — not just how much their subscriptions cost. You can see how each performed in the table below.
Feature | NordVPN | Surfshark | ExpressVPN | PureVPN | ProtonVPN | Private Internet Access |
---|---|---|---|---|---|---|
Money-back guarantee | Yes | Yes | Yes | Yes | Yes | Yes |
Connection limit | 6+ | Unlimited | 6+ | 6+ | 6+ | Unlimited |
Subscription terms | 3 terms+ | 3 terms+ | 3 terms+ | 3 terms+ | 3 terms+ | 3 terms+ |
Sale frequency | Frequently running deals | Frequently running deals | Frequently running deals | Frequently running deals | Frequently running deals | Frequently running deals |
Monthly pricing | <$13 | <$10 | $15+ | <$13 | <$10 | <$13 |
Lowest price | <$5 | <$5 | $5+ | <$5 | $5+ | <$5 |
Free trial available | Yes | Yes | Yes | Yes | Yes | Yes |
Student discount | Yes | Yes | Yes | No | No | No |
To more easily compare providers, we combine the scores for each metric into a total score out of 10.
Chart showing the overall value for money scores for each VPN provider
From the chart, you can see that Surfshark offers the best overall value for money overall, closely followed by NordVPN.
VPNs that Linux users should avoid
Several tutorials out there will show you how to install OpenVPN. That’s great, because OpenVPN is probably the best VPN protocol on the market. However, OpenVPN is just a protocol and a client. It is not a VPN service in and of itself. You will still require a server or servers to connect to, and this is where many people run into privacy issues.
All of the paid services we’ve listed above have zero-log policies, meaning they don’t monitor or record how you use the VPN. This means a hacker can’t breach the provider’s servers and find dirt on you, the company can’t sell your info to third parties, and law enforcement can’t coerce the company into giving up private info about customers.
The reality is often very different with free VPNs. A company isn’t going to waste money hosting and maintaining a VPN server without expecting something in return. That’s why reading up on a company’s privacy and logging policies is very important before you connect.
As a general rule, stay away from VPN services that only offer a PPTP connection. PPTP is fast and simple to set up, but it contains several security vulnerabilities.
Here are a couple of examples of free VPNs that you should actively avoid:
SecurityKISS
Searching for a free VPN for Linux on Google might lead you to SecurityKISS. The company stores users’ connection logs and IP addresses, a practice that privacy advocates frown upon. In the free version, your usage is capped at 300MB per day. In the paid version… well, it doesn’t really matter because there are at least a half dozen better options.
USAIP
Another mediocre VPN service that somehow weaseled its way into search results, USAIP’s latest Linux client only uses PPTP. It also doesn’t provide its own DNS servers or default to Google’s, which means your ISP can still monitor your online activity. On top of that, it doesn’t disclose its logging policy.
Note that some of the providers in our list offer pared-down versions of their main apps for free in an attempt to lure users onto a subscription. These apps tend to be as private and secure as their paid-for counterparts, but with only a few servers to choose between and subsequently sluggish speeds. If you’re short on cash these are preferable to the free VPNs operating as standalone services.
Securing Linux
A VPN is a great step toward securing your Linux system, but you’ll need more than that for full protection. Like all operating systems, Linux has its vulnerabilities and hackers who want to exploit them. Here are a few more tools we recommend for Linux users:
- Antivirus software
- Anti-rootkit software
- Tripwire
- Firewall
- Security-focused browser extensions
You can learn about all of these tools, which ones to use, and how to install them in our Linux Security Guide. There, you’ll also find tons of other tips and advice for securing Linux.
A note on OpenVPN
Even if a VPN provider doesn’t make a dedicated native client for your Linux distro, almost all of them will provide configuration files that work with OpenVPN. All you need to do is download a config file for each server you want to connect to. This can get tedious if you like to have a lot of options, but it’s perfectly feasible.
OpenVPN is great, but the generic client isn’t as packed with features like DNS leak prevention and internet kill switches. Again, you can find scripts and packages that will take care of these for you, but we prefer the convenience of clients with all this stuff built in.
How to install and connect to OpenVPN on Linux Terminal
Here we’ll show you how to install the OpenVPN client on Ubuntu. Other distros, such as Mint and CentOS, should work similarly, but the commands might vary slightly.
- Open a terminal
- Type sudo apt-get install -y openvpn and hit Enter
- Type your admin password and hit Enter
- Type y and hit Enter to accept all dependencies and complete the installation.
- Enter sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome and hit Enter
- Enter sudo apt-get install openvpn easy-rsa
Note that on newer versions of Ubuntu, you may need to swap out the “apt-get” part of the commands with “yum”.
Once OpenVPN is installed, you need config files. Usually you can download .ovpn config files from your VPN provider’s website. Each config file is associated with a particular server and location so grab a few of them for each location you want to connect to. Make sure to have backups in case a server goes down.
To connect via command line, which should work across most distros:
- With OpenVPN installed, type sudo openvpn –config in the terminal and hit Enter
- Drag and drop the .ovpn config file for the server you want to connect to into the terminal. The correct path will be automatically captured.
- Hit Enter and wait for the “Initialization Sequence Completed” message. You are now connected to the VPN. You can minimize the terminal window, but closing it will disconnect you from the VPN.
This is just one way to connect. You can also try the Ubuntu Network Manager or the OpenVPN GUI. These may require CA certificates and/or private keys from your VPN, so make sure those are available from the provider’s website.
Guides for other Linux distros:
How to make a VPN kill switch in Linux
In the event that the VPN connection unexpectedly drops, the computer will continue to send and receive traffic sent over your ISP’s unprotected network, possibly without you even noticing. To prevent this behavior, you can make yourself a simple kill switch that halts all internet traffic until the VPN connection is restored. We’ll show you how to write some easy rules using iptables and the Ubuntu Ultimate Firewall (UFW) application.
First, create a startvpn.sh script that puts firewall rules in place. These firewall rules only allow traffic over the VPN’s tun0 network interface, and they only allow traffic over that interface to go to your VPN’s server.
$ cat startvpn.sh sudo ufw default deny outgoing sudo ufw default deny incoming sudo ufw allow out on tun0 from any to any sudo ufw allow out from any to 54.186.178.243 # <-- note this is the IP from the "remote" field of your configuration file sudo ufw enable sudo ufw status sudo openvpn client.conf &
Network traffic cannot pass over any other network interface with these firewall rules in place. When your VPN drops, it removes the tun0 interface from your system so there is no allowed interface left for traffic to pass, and the internet connection dies.
When the VPN session ends, we need to remove the rules to allow normal network traffic over our actual network interfaces. The simplest method is to disable UFW altogether. If you have existing UFW rules running normally, then you’ll want to craft a more elegant tear down script instead. This one removes the firewall rules and then kills openvpn with a script called stopvpn.sh
$ cat stopvpn.sh sudo ufw disable sudo ufw status sudo kill `ps -ef | grep openvpn | awk '{print $2}'`
If you use some other means to connect to your VPN, you can eliminate the last two lines of each script. In such a configuration, you will have to remember to manually run the startvpn.sh script prior to starting your VPN using some other method. Once your VPN session ends, remembering to run the stopvpn.sh script isn’t hard; you’ll probably notice the lack of internet connectivity until you run it.
For further instructions, read our guide on how to make a VPN kill switch in Linux with UFW.
Which Linux distro is best for privacy?
If you’re concerned about privacy, switching from MacOS or Windows to any open-source Linux distro is already a step in the right direction. Apple and Microsoft both collect personal data from users on their respective operating systems. Both companies are known to cooperate with law enforcement and intelligence agencies like the NSA. Microsoft uses customers’ data to sell ads. Both OSes are closed source, meaning the public cannot peak at the source code to see where vulnerabilities or backdoors lie.
Linux, on the other hand, is open source and frequently audited by the security community. While Ubuntu once flirted with Amazon to monetize users, it and other distros are generally not out to make a buck by selling your data to third parties.
Not all Linux distros are created equally, however, and some are more secure than others. If you’re looking for a distro that functions as a day-to-day desktop replacement but is also built with privacy and online security in mind, we recommend Ubuntu Privacy Remix. UPR is a Debian-based Ubuntu build that stores all user data on encrypted removable media, such as an external hard drive. The “non-manipulatable” OS is supposedly immune to malware infection.
You’ll still need a VPN to encrypt your internet connection. Most of the apps from the VPN providers above should work fine on UPR.
If UPR isn’t enough and you want to use your computer with complete anonymity, we recommend TAILS. Short for The Amnesiac Incognito Live System, TAILS is a Linux distro built by the same people who created the Tor network. TAILS is a live OS designed to be installed on and run from a USB drive or CD. It’s a hardened version of Linux that routes all internet traffic through the Tor network. It leaves no trace of ever being used after removing it from the device.
Making your own VPN
If you don’t trust commercial VPN providers or you just prefer a DIY solution, you could always roll your own VPN. You’ll need to set up your own server. Common options are virtual private cloud services like Amazon Web Services and Digital Ocean. A variety of tools at your disposal that will assist you in getting a homegrown VPN up and running:
- OpenVPN
- Streisand
- Algo
- SoftEther VPN
- StrongSwan
Each has its own pros and cons in terms of protocol, security, features, and ease of use. We’ve got a great tutorial on how to set up OpenVPN with a Linux client and Amazon EC2 Linux instance.
But even though rolling your VPN gives you full control over almost every aspect of how the VPN operates, there are some drawbacks. First, it’s much more difficult than using pre-existing servers and pre-configured apps. Secondly, if you’re using a cloud service like AWS or Digital Ocean, your data still passes through the hands of a third party. Third, you only get a single server and location to connect to.
Finally, and perhaps most importantly, rolling your own VPN likely means that only you and perhaps a handful of acquaintances will be using it. That makes it much easier to trace internet activity back to a specific person. The best VPNs for Linux that we recommend, on the other hand, typically assign users shared IP addresses. Dozens and even hundreds of users can be pooled together under a single IP, effectively anonymizing traffic as it leaves the VPN server.
I tried to use Proton VPN. I’m not technically smart enough to understand what went wrong. It had something to do with “pvpn-ipv6leak-protection”. Their tech support was unable to help. I had to uninstall it.
I was using the graphic interface to start the VPN. Tech support said to try the manual OpenVPN/Wireguard connection method instead. It might have worked. I might try again sometime.
How can you recommend PIA? It is CIA, in fact. Check the owners ha ha, London Media Trust based in US? Looool
Seriously doubt it.
I was using Express VPN for a few months and it was indeed awesome. Very fast and secure.
I have used AceVpn for Linux. They provide good service. I use free and paid both versions.
I built my own VPN servers on cloud service providers based in Europe and elsewhere outside the US and I route my traffic through them. After the initial testing I turned off all logging.
At this point in time, PIA’s so-called “plug and play native client” does not work on Ubuntu 17.04. And their support is TERRIBLE. It took them three weeks to respond to my last service problem. Three weeks even to acknowledge that I’d contacted them.
Drag the config file into the terminal window BEFORE pressing enter.
If you press enter BEFORE dragging the config file to the window, as suggested, you’ll get an error from the partially completed command.
great article, hope everyone in linux land sees this, esp since the new world order is hellbent on sending all info to corporate hq world wide. =/
the use of nordvpn is also very simple and really good – looking for a gui frotnend to make it a little comfortable and faster … regards
Thanks for the list. From my experience PIA does not work with Linux Mint. I have tried it and gone back and forth with support for weeks and gave up. I am now looking for another client that actually supports Linux.
For AIRVPN.ORG I use this way :
install if needed stunnel (apt-get install stunnel)
rename :
AirVPN_example_name_SSL-443.ovpn to airvpn.conf
AirVPN_example_name_SSL-443.ssl to stunnel.conf
copied
airvpn.conf to /etc/openvpn
stunnel.conf to /etc/stunnel
stunnel.crt to /etc/stunnel
edit :
/etc/default/openvpn and add the line #AUTOSTART=”home office” to AUTOSTART=”airvpn” and remove the #
/etc/stunnel/stunnel.conf and change the line CAfile = stunnel.crt to CAfile = /etc/stunnel/stunnel.crt
/etc/default/stunnel4 and change the line ENABLED=0 to ENABLED=1 (to enable stunnel automatic startup)
Then reboot and everything is working.
Bulltwinkie!
Linux ubuntu will not allow you to install via command line, you must 1st download from the linux software (aka we will share your data anyway) center
Bulltwinkie? I’ve NEVER had a problem installing anything from an Ubuntu command line. Learn to use your Linux!
What annoys me is that I have Expressvpn which is not the cheapest and works well on android but will not work on Linux Mint 18.
Why should I have to pay for a second VPN which will work on linux
You can just use it manually by installing the OpenVPN package for Linux and downloading the server config files.
CyberGost isn’t free for Linux. There is a free version for Windows but you have to have a paid account to use it with Linux.
where’s the free ones?
We recommend paid VPNs, but we have a separate list of free ones here: https://www.comparitech.com/blog/vpn-privacy/6-best-free-vpns/