© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

VPN FOR LINUX: 5 Paid & 5 Free services + custom VPN setup


Allow Linux traffic through a VPN channel?” Nothing is easier! I will tell about my experience using VPN services on CentOS, Debian and Ubuntu.

The five best VPNs for Linux

  1. ExpressVPN: The most powerful VPN service for today. Console application. Easy installation.
  2. NordVPN: Multifunctional big service. Advanced functionality including Double VPN and Obfuscation.
  3. PIA: A full-fledged graphical app for different systems.
  4. Surfshark: Large selection of locations, MultiHop, low price.
  5. HMA: The biggest country selection. Console pseudographic script.

The five free VPNs for Linux

  1. ProtonVPN: Command-line tool. Forbidden P2P, does not support streaming.
  2. Windscribe: The traffic limit is 10GB per month. Integrated firewall.
  3. TunnelBear: Provides configuration for setting the OpenVPN client. 1500 MB limit.
  4. hide.me: 10GB per month. 4 countries. Manual settings.
  5. VPNBook: Configuration for OpenVPN. Very low speed.

Linux VPN: My setup experience

I have been creating and using virtual networks for a wide variety of OSs for more than 15 years. Until recently, on Linux, I have repeatedly managed to install and configure only the server-side of such networks.

Once I needed to install a VPN client. The reason is quite simple - it’s needed to hide the server IP address without using a proxy.

Despite all the experience of using VPN clients on other platforms, it was not possible to install the Linux client for the first time.

My mistake was that I did not look towards general VPNs but towards the open-source OpenVPN client for its subsequent configuration. This approach was more familiar, and it seemed to be more reasonable.

I lost a lot of time trying to configure the client itself and network settings. At first, the library versions did not match, and then there were difficulties with routing.

Finally, having configured it, I decided to go the same way, but already using ready-made clients from VPN services. And ... regretted that I did not do so right away.

Feeling how much easier it is to install software, I conducted my testing of the capabilities and security settings of more than 20 VPN services.

Read on and you will find out which VPN clients for Linux are the most convenient to install and at the same time functional and safe (in my experience).

By tradition, I made two lists - 5 paid and 5 free providers.

Recommendation

On Linux, as on other OSs, the same rules apply for free VPNs. They have several disadvantages, which I will talk about. Now I want to advise you from personal experience - it is more efficient to use a paid VPN with the possibility of a refund. This will allow you to use a server or computer with Linux at a good speed, and in case of failure, you can easily get your money back.

Top 5 VPNs for Linux

So, I liked ExpressVPN the most. It is one of the fastest VPNs and yet supports Ubuntu, CentOS, Debian, Fedora, Raspbian, and Arch. In conjunction with all parameters, this is the best VPN for Linux.

I liked the functionality of ExpressVPN. You can run double VPN directly from the console, manage protocol obfuscation, choose a protocol, and much more.

Read more about all five VPNs below.

  • Also read my review of 5 paid and 5 free VPNs for routers.

Comparison of the main characteristics of VPN apps of the top five services

ServiceRanking (out of 10)Speed, MbpsCountry selectionType of softwarePrice (monthly)
ExpressVPN1050-80105consolefrom $8.32
NordVPN1060-8060consolefrom $3.09
PIA9>7084appfrom $2.03
Surfshark19>100100consolefrom $2.29
HMA960-80210sh scriptfrom $2.99

1. ExpressVPN

ExpressVPN is primarily valued for its high speed and stability. It’s installed from the console on any Linux distribution. The service website has detailed instructions for each distribution.

6 reasons why ExpressVPN is the best:

  1. Speed ​​measurements showed the result of >150 Mbps.
  2. Over 3000 servers in 105 countries.
  3. Ability to configure auto connect.
  4. Netflix Support (Ubuntu).
  5. Total anonymity. The provider uses diskless servers.
  6. Safe jurisdiction (offshore on BVI).

ExpressVPN is the first VPN client that I installed on Debian other than OpenVPN. Following the instructions on the provider's website, I installed and launched the daemon in a few minutes, which has been stably protecting my server so far.

On Ubuntu, ExpressVPN is additionally interesting because of the ability to unlock the geo-limited content of popular video services.

ExpressVPN full review

2. NordVPN

I really like NordVPN due to its functionality and technical characteristics. The provider allows you to access any of its 5900+ servers, and not just the country or city. Also, it provides dedicated IP addresses, which may be indispensable for server solutions.

I also note the possibility of running double VPN from the console, as well as using obfuscated servers to bypass the blocking of standard VPN protocols.

Installing a console app will not be difficult even for beginners, as there is a detailed instruction on the service’s website.

NordVPN full review

3. Private Internet Access

Private Internet Access (PIA) is the first VPN service on our list that has a graphical shell on Linux. However, that’s the case only on Ubuntu and other distributions with systemd.

The provider does not offer a console app for classic servers.

The app supports the progressive WireGuard protocol, allows you to change the biggest number of connection parameters, however, PIA does not support Netflix and has 44 countries in its arsenal.

PIA full review

4. Surfshark

Surfshark on Linux has several advantages and only one drawback.

The provider’s software is easy to install and configure using detailed instructions. As for functionality, all standard features are available plus MultiHop technology. It is used as an analog of double VPN.

There is a disadvantage: testing revealed poor protection of the names of visited sites (DNS leak). A host or ISP will be able to see the domain names to which the user/system is connecting.

Surfshark full review

5. HMA

HMA (formerly called “HideMyAss!”) allows you to combine the efficiency and versatility of a console application with convenient visualization. The application is installed in almost one operation - launching the script downloaded from the .sh service website.

Software has a classic functionality and a large selection of countries (over 170) and high speed.

Has a 7-day trial period. Does not have a 1-month subscription.

HMA full review

Best Free VPN for Linux

According to the results of testing on Linux, ProtonVPN became one of the best free VPN services. Slightly inferior to it is Windscribe.

Then there are TunnelBear, hide.me and VPNBook, with a more noticeable lag.

Because the services differ significantly not only technically, but also on the principle of providing free access, I advise you to make the final choice after reading all 5 short descriptions.

Warning

All free VPNs have significant drawbacks. For Linux, this is primarily a significantly limited speed and/or volume of included traffic. The low stability of the connection can also be a big minus.

I should note that the first 3 services have successfully passed the test of not only free but also the paid version.

1. ProtonVPN

Main advantages:

  • Best free plan
  • The service is in the top 10 VPN leaders

ProtonVPN offers a console app for any Linux distribution. It has good functionality, but I want to dwell on three other advantages of the service:

  1. Unlimited traffic
  2. 7-day trial of the full-featured version without the need to switch to a paid subscription
  3. Good speed as for free VPN.

Software installation requires only two commands. The provider's website has detailed instructions for setting up different distributions.

2. Free Windscribe

Main advantages:

  • Powerful functionality
  • 10-Gb monthly limit

Windscribe also has a command-line tool for Linux, but its free version is significantly different from ProtonVPN’s both technically and in the way of providing free access.

  1. Free traffic limit - 10 GB monthly
  2. Access to locations in 11 countries
  3. Firewall available (Kill Switch)

Windscribe software can be installed on all major Linux distributions; the service website has detailed instructions not only for each distribution, but also for each version.

The access speed is average and depends on the location.

3. Free TunnelBear

Main advantages:

  • Only configuration for setting the OpenVPN client up is available High speed
  • 1500MB Limit

Free TunnelBear is the fastest free VPN presented, but it has two significant disadvantages:

  1. The service does not provide its own software for Linux
  2. 1500 MB Monthly limit

I should also note that TunnelBear has free locations in 23 countries, which is a kind of record.

Whether you should use TunnelBear for free or not depends heavily on how much-estimated VPN traffic will be used. Besides, you will need additional qualifications for installing and configuring the OpenVPN client.

4. Free hide.me

Main advantages:

  • Only manual configuration available
  • 10GB per month
  • 4 countries

Hide.me as well as TunnelBear does not have its software for Linux, but differs in more traffic included, lower speed, and a small selection of countries.

The provider is seriously behind all the previous VPNs from this Top 5 but can be interesting as an additional solution if you use 2 or more VPN services on the same computer/server.

5. VPNBook

VPNBook is the slowest VPN for Linux on this list. It also does not have its own software.

Its only plus is the lack of a limit. But testing showed that at a speed of 0.1-1 Mbps this is unlikely to compensate for the shortcomings.

Installing OpenVPN and configuring VPNBook is quite simple to do with the step-by-step instructions on the service’s website.

Other Good VPN Services for Linux

If for some reason the services discussed above did not suit you, pay attention to other VPNs that have been tested, but differ in general characteristics or are less universal.

How to set up your VPN server?

To configure Virtual Private Network on a server (own VPN), I recommend using an OpenVPN server. This is the easiest and most common version of your own VPN.

Step-by-step guide for setting up the VPN server part based on OpenVPN (Debian 10):

  1. Update index:
$ sudo apt update
  1. Install OpenVPN:
$ sudo apt install openvpn
  1. Download and unzip EasyRSA (relevant for 2022):
$ wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-unix-v3.0.7.tgz

$ cd ~

$ tar xvf EasyRSA-unix-v3.0.7.tgz
  1. Create a CA using EasyRSA:
$ cd ~/EasyRSA-v3.0.7/

$ cp vars.example vars

$ nano vars

Locate and modify the following lines:

#set_var EASYRSA_REQ_COUNTRY            "US"

#set_var EASYRSA_REQ_PROVINCE   "California"

#set_var EASYRSA_REQ_CITY         "San Francisco"

#set_var EASYRSA_REQ_ORG         "Copyleft Certificate Co"

#set_var EASYRSA_REQ_EMAIL      "[email protected]"

#set_var EASYRSA_REQ_OU            "My Organizational Unit"

Run init-pki and create a CA:

$ ./easyrsa init-pki                

$ ./easyrsa build-ca nopass
  1. Create Server Certificate, Key, and Encryption Files:
$ cd EasyRSA-v3.0.7

$ ./easyrsa init-pki

$ ./easyrsa gen-req server nopass

$ sudo cp ~/EasyRSA-v3.0.7/pki/private/server.key /etc/openvpn/

$ scp ~/EasyRSA-v3.0.7/pki/reqs/server.req sammy@your_CA_ip:/tmp

$ cd EasyRSA-v3.0.6/

$ ./easyrsa import-req /tmp/server.req server

$ ./easyrsa sign-req server server

$ scp pki/issued/server.crt sammy@your_server_ip:/tmp

$ scp pki/ca.crt sammy@your_server_ip:/tmp

$ sudo cp /tmp/{server.crt,ca.crt} /etc/openvpn/

$ cd EasyRSA-v3.0.7

$ ./easyrsa gen-dh

$ sudo openvpn --genkey --secret ta.key

$ sudo cp ~/EasyRSA-v3.0.6/ta.key /etc/openvpn/

$ sudo cp ~/EasyRSA-v3.0.6/pki/dh.pem /etc/openvpn/
  1. Create the Client Certificate and Key Pair
$ mkdir -p ~/client-configs/keys

$ chmod -R 700 ~/client-configs

$ cd ~/EasyRSA-v3.0.7

$ ./easyrsa gen-req client1 nopass

$ cp pki/private/client1.key ~/client-configs/keys/

$ scp pki/reqs/client1.req sammy@your_CA_ip:/tmp

$ ssh sammy@your_CA_ip

$ cd EasyRSA-v3.0.7

$ ./easyrsa import-req /tmp/client1.req client1

$ ./easyrsa sign-req client client1

$ scp pki/issued/client1.crt sammy@your_server_ip:/tmp

$ cp /tmp/client1.crt ~/client-configs/keys/

$ sudo cp ~/EasyRSA-v3.0.7/ta.key ~/client-configs/keys/

$ sudo cp /etc/openvpn/ca.crt ~/client-configs/keys/
  1. Configuring a Ready VPN Server
$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

$ sudo gzip -d /etc/openvpn/server.conf.gz

$ sudo nano /etc/openvpn/server.conf

In server.conf install next configurations: 

         tls-auth ta.key 0 # This file is secret

         cipher AES-256-CBC (possible AES-128-CBC for bigger capacity if a large load is replicated)

auth SHA256

dh dh.pem

user nobody

group nogroup
  1. Configure server network settings:
$ sudo nano /etc/sysctl.conf

in sysctl.conf configurate:

net.ipv4.ip_forward=1

 Run:

$ sudo sysctl –p

$ ip route | grep default

$ sudo nano /etc/ufw/before.rules

Configure before.rules:

*nat

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE

COMMIT

*filter

Run:

$ sudo nano /etc/default/ufw

Configurate ufw:

DEFAULT_FORWARD_POLICY="ACCEPT"

Use ufw:Use ufw:

$ sudo ufw allow 1194/udp

 $ sudo ufw allow OpenSSH

 $ sudo ufw disable

 $ sudo ufw enable
  1. Starting the VPN server:
$ sudo systemctl start openvpn@server

  Verification:

$ sudo systemctl status openvpn@server

$ ip addr show tun0

FAQs

  • Choose a VPN service that provides software, manuals and / or configuration for quick VPN setup on your distribution.
  • Register by selecting the appropriate subscription. There are services with a trial period or with a limited free plan.
  • Download and install the proposed software or configure the standard OpenVPN client.
  • Launch the VPN.

VPN technology protects all device traffic, but you can configure traffic protection for only certain system processes if desired.

  • VPN cannot be configured on a standard VPS server. Recently, virtual servers have been gaining popularity. They are much cheaper than dedicated servers. But on them in the standard assembly, the necessary network options are prohibited.
  • Slowed down traffic. It doesn’t matter if you use client or server software, the maximum speed will decrease by at least 10%. On weak devices and under heavy load, it can fall dozens of times.
  • When you are using console apps, it’s difficult to track connection status. Nothing indicates whether the VPN is currently active or not.

Leave a Reply

Your email address will not be published. Required fields are marked