How to set up a VPN client on Linux
If you want to setup your own VPN with Ubuntu, Kali or Mint, you are in the right place. In this article, it is a simple how-to guide to install a VPN using Linux VPN GUI’s, Network Administrator, and other methods.
Thanks to its popularity, this article focuses on installing a VPN on Ubuntu, however, the same instructions apply to Linux Mint, Debian, and Kali (which are based on Debian), and should provide useful instructions for users of other Linux distributions.
Learn more about staying safe online
If you want to learn more about how to secure your data, check out the guides below:
- Most secure Linux distributions – In this guide, we list the most secure Linux distributions out there.
- VPN Encryption – Everything you need to know about VPN encryption from PPTP to OpenVPN.
Install Linux VPN software
On most operating systems, the easiest way to set up a VPN is to use the software designated for the VPN provider. This is also true in Linux, but very few VPN providers offer a dedicated Linux GUI client.
In fact, the Just The VPN providers I know to offer a VPN GUI for Linux with a full set of features typically found in Windows and macOS software are AirVPN and Mullvad.
AirVPN’s “Eddie” client supports a range of Linux configurations and is open source.
Mullvad VPN client supports Ubuntu (Debian), Fedora, Linux Elementary Freya and Arch Linux. It is also open source.
ExpressVPN also offers a dedicated Linux client, but it’s command line only and not fully featured. It’s available for Ubuntu, Fedora, and Raspbian, but it’s not open source.
OpenVPN for Linux via NetworkManager
Aside from dedicated clients, perhaps the easiest way to install and use OpenVPN on most Linux systems is via the NetworkManager daemon.
It’s worth noting that AirVPN recommends against using NetworkManager “because there are several serious issues.” However, I haven’t been able to specify more details regarding this, and most VPNs seem happy to use it.
Install OpenVPN in Ubuntu GNOME
-
Register an account with your chosen VPN provider.
-
Download your provider’s .ovpn configuration files for the servers you wish to connect to. They can often be downloaded all at once as a .zip file, in which case you will need to decompress them before use.
In the past, NetworkManager didn’t like inline certificates and keys. For this reason, many VPNs recommend downloading them separately. But this seems no longer necessary.
-
Download and install the Ubuntu OpenVPN Packages for NetworkManager by opening a terminal window and typing:
sudo apt-get install network-manager-openvpn-gnome
-
Verify that OpenVPN is installed correctly by clicking on the NetworkManager icon in the notification bar.
then go to Turn off VPN -> VPN Settings -> VPN -> and click + button.
In the Add VPN box, you should see OpenVPN option. If you don’t see OpenVPN, restart your computer.
-
Assuming you see the OpenVPN option, don’t click it. Click “Import from file…” instead. Navigate to where you downloaded the .ovpn files and double click on one of them.
-
An “Add VPN” box will appear filled with the VPN settings for the server. Simply enter your username and password and hit “Add”.
The VPN is now set up. To start it, go to Network Manager -> Turn off VPN -> Select the server you wish to connect to.
Install OpenVPN directly via Linux Terminal
According to AirVPN, using OpenVPN via Linux Terminal is much safer than using NetworkManager, although I haven’t been able to independently confirm this or reveal details.
The OpenVPN package is available in Debian and many other repositories, but CentOS and RHEL users (for example) will first have to install an EPEL repository in your system.
-
Register an account with your chosen VPN provider.
-
Open Terminal and install OpenVPN using your usual package manager (eg APT, RPM or YUM).
For example, in Debian-based distributions, enter:
sudo apt-get install openvpn or sudo rpm install openvpn
On CentOS 7+ and Fedora 7+, you have to first install the EPEL repository:
sudo yum install epel version
Before installing OpenVPN:
yum install openvpn
Of course, it is always possible to compile from source on any Linux system. Download tarball from here, extract, then cd to the top level of the extracted directory, and type:
./initialize
Make
Install
-
Use a browser to download some OpenVPN configuration files from the VPN service’s website. Then open Terminal and cd in the directory where you downloaded it. The next step will be made easier if you rename the downloaded .ovpn files to something that is easy to write.
-
In terminal type:
sudo openvpn [openvpn file]
You can disconnect from the VPN by closing the terminal window in which OpenVPN is running.
Note that if you use OpenVPN directly, DNS requests will not be pushed to the VPN provider’s DNS servers. IP leaks can be resolved by modifying resolvconf to push DNS to your VPN’s DNS servers.
Alternatively, you can manually configure the iptables firewall to ensure that all traffic (including DNS requests) must pass through the VPN server. This will, at the very least, ensure that all DNS requests are proxyed by your VPN. It will also act as the key to the lock.
Configure VPN for Linux manually using PPTP via NetworkManager
PPTP is not a secure VPN protocol, so we generally recommend avoiding it. NetworkManager comes with “out of the box” PPTP support, which can make PPTP a useful “quick and dirty” solution when security isn’t a high priority.
go to Network Manager -> VPN Settings. tap on + Next to the VPN box -> Point-to-Point Tunneling Protocol (PPTP):
Fill in the PPTP settings that the VPN gave you. Note that these settings are not specific to Linux, so you can use the general settings or the settings given for another platform.
Manually configure VPN for Linux with L2TP / IPsec
As deprecated in The Complete VPN Cryptography Guide, L2TP is a tunneling protocol that does not provide any encryption or confidentiality for the traffic passing through it, so it is usually implemented with the IPsec (L2TP/IPsec) authentication suite.
How to install L2TP/IPsec for NetworkManager
NetworkManager-l2tp is a VPN plug-in for NetworkManager 1.2+ which includes L2TP/IPsec support.
To install, launch Terminal and enter the following commands:
sudo add-apt-repository ppa: nm-l2tp / network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp
You may be asked to install additional binaries (eg for GNOME), in which case go ahead. Restart your computer and L2TP should now be enabled in NetworkManager.
The setup is very similar to using PPTP (see above), except that you will need to enter some additional IPSec authentication details. Again, your VPN should be able to provide these general settings, and that’s okay.
May 2018 Update: There is currently a bug in xl2tpd which could put its use with the IPSec protocol at risk. The issue has already been fixed in Fedora, so I expect to get it fixed in Ubuntu and Debian soon. Please see here for details and latest updates.
Configure a VPN for Linux manually using IKEv2
IKEv2 is a secure and fast VPN protocol that is rapidly gaining popularity with VPN services. It is supported in Linux via strongSwan. strongSwan packages are available for most versions of Linux, or you can compile them yourself.
How to install IKEv2 for NetworkManager. You can build this from the source, or Debian/Ubuntu users can open Terminal and enter:
sudo apt-get install network-manager-strongswan
In use, the plugin works exactly the same as the L2PT NetworkManager plugin shown above.
Simply enter the IKEv2 settings provided by your VPN (if it supports IKEv2).
How to test a VPN for Linux
If you’re using NetworkManager, the little network lock icon in the notification bar lets you know at a glance that you’re connected.
For further confirmation, the VPN is connected and working properly, you can run an IP leak test…
Check Your VPN for IP Leaks
Once connected to a VPN (using any method), it is a good idea to check for IP leaks.
The example above shows a bad case of IPv6 leaks. The IPv4 DNS result correctly shows that I’m connected to a VPN server in the US, but the site can see my real IPv6 address in the UK via regular DNS and WebRTC leaks. FAIL!
For more information on staying secure with a VPN in the UK or US, check out the guides below:
Note that private use – [RFCxxxx] IP addresses are only local IP addresses. They cannot be used to identify an individual or a device, and therefore do not constitute an IP address leak.
Setting up a VPN for Linux: Conclusion
As with most things on Linux, things will never be so easy as they are on the most popular platforms. However, even inexperienced Debian/Ubuntu users won’t have any problems setting up a VPN using NetworkManager.
[ad_1]
Don’t forget to share this post with friends !
