The Linux operating system has been there for a long time, and a lot of people have tried it. Most Linux users are motivated by the fact that the OS is free and superior to Windows in terms of stability and security. Those who wish to try out Linux usually go with the Debian-based Linux systems, Ubuntu and Linux Mint.

Using Linux systems is fun, but it requires a little knowledge to start. One operation you will undoubtedly be repeating over your time with Linux is installing software on the system. Installing common software like web browsers, music players and Skype is quite easy. However, if you want to do something like set up VPN on Linux, you may encounter some issues.

In this text, we are going to show you various methods to set up VPN on Linux. We will focus on VPN installation on Linux Ubuntu, but virtually the same guidelines will work for Linux Mint, Kali (based on Debian), and Debian. The instructions will also provide some useful guidelines for those who use other Linux distros.

Using custom VPN Linux software

The easiest way to configure a VPN on most operating systems is to use the VPN provider’s custom software. There is only a handful of VPN providers who offer custom Linux VPN clients. Some of the well known Linux VPN clients include Mullvad VPN and AirVPN. These VPN providers offer all the features that are commonly found on Mac and Windows systems.

AirVPN’s “Eddie” client offers support for various Linux configurations, while Mullvads Linux client provides support for Fedora, Arch Linux, Ubuntu/Debian, and Linux Elementary Freya. Both these providers are open source. Besides these two, ExpressVPN also provides a custom Linux client though it`s command-line only.

ExpressVPN is available for Fedora, Raspbian, and Ubuntu, but it is not open source.

OpenVPN for Linux Using NetworkManager

Besides the dedicated clients, the simplest way to set up and run OpenVPN on Linux systems is through the NetworkManager daemon. It`s worth noting that many argue against using NetworkManager due to various issues. However, the extent of these issues is not clear since most VPNs work well with NetworkManager.

Installing OpenVPN (Ubuntu GNOME)

Choose a VPN provider and register an account. After that, download the provider’s .ovpn config files for the servers you want to connect to. In most cases, you can download the files in a zip. You will then need to unzip the file you’ve downloaded before using it.

Note that previously the NetworkManager did not allow inline certificates and keys. Hence, most VPNs recommend downloading the keys and certificates separately. It is no longer necessary to do so.

  • Now download and install Ubuntu OpenVPN packages for the NetworkManager by opening the Terminal window and typing sudo apt-get install network-manager-openvpn-gnome
  • Confirm that OpenVPN is installed correctly by clicking the NetworkManager icon shown in the notification bar
  • After that, go to VPN Off->VPN Settings->VPN and click on the + button. The Add VPN box will show up with an OpenVPN option. In case you don’t see OpenVPN, restart your PC.
  • Click on “Import from file…” and navigate to where you saved the .ovpn files and open one of them.
  • An Add VPN box will appear showing the server VPN settings. Key in your unique username and password then hit Add and the VPN will be set up.

To start the VPN, go to NetworkManager->VPN Off and select a server to connect to.

OpenVPN directly Through the Linux Terminal

According to some, using OpenVPN through the Linux Terminal is more secure than using the NetworkManager. There is usually no general set up guide for using the Linux Terminal since the details vary by VPN and the type of Linux system you choose to use. Most reliable providers, however, provide users with guides.

Note that if you use OpenVPN directly, the DNS requests won’t be pushed to your VPN provider’s DNS servers. You can resolve IP leaks by changing the resolvconf to push the DNS to the VPN’s DNS servers.

Alternatively, you can manually set up the iptables firewall to make sure all traffic (including the DNS requests) go through the VPN server. At least, this will ensure that your VPN proxies all the DNS requests and also serve as a kill switch. The VPN website may provide documentation that can give you further help on these issues.

Manual Configuration of VPN for Linux with PPTP through the NetworkManager

PPTP is not a safe VPN protocol. We, therefore, recommend that you avoid using it. The NetworkManager comes with PPTP support and can make PPTP a useful solution when security isn’t a high priority. To use it:

  • Go to Network Manager->VPN Settings. Click on the + icon then choose the Point-to-Point Tunneling Protocol (PPTP)
  • Fill in the PPTP settings that your VPN provider has given you. Note that the settings provided are not strictly for Linux, so you are free to use settings for another platform or generic settings.

Manual Configuration of VPN for Linux with L2TP/IPsec

L2TP is a tunneling protocol that does not provide the user with any encryption for the traffic that goes through it. Therefore, it is implemented with the IPsec authentication suite (L2TP/IPsec).

How to install L2TP/IPsec for NetworkManager

NetworkManager-l2tp is the plugin for NetworkManager 1.2+ that supports L2TP/IPsec. To install it, fire up the Terminal and type in the following commands:

  • sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
  • sudo apt-get update
  • sudo apt-get install network-manager-l2tp

You may be asked to install additional binaries (for example for GNOME), in which case install the binaries for the specific Linux system you are using. Restart your computer, and L2TP should be enabled in NetworkManager. The setup is similar to using PPTP, except that you have to enter additional IPsec authentication details. Once more, use details provided by your VPN.

Currently, there is a bug in xl2tpd. The bug may interfere with using the IPsec protocol. The problem is already resolved in Fedora, so we can expect the fix to be patched in Debian and Ubuntu. You can check online for details and updates.

Manual configuration of VPN for Linux with IKEv2

IKEv2 is a safe and fast VPN protocol which is quickly gaining fame with VPN services. IKEv2 is supported in Linux through strongSwan. strongSwan has packages for most Linux versions, but you can still compile it yourself.

Installing IKEv2 protocol for the NetworkManager

You can create this from the source, or Ubuntu/Debian users can open the Terminal and enter sudo apt-get install network-manager-strongswan. The plugin works like the previously-described L2PT NetworkManager plugin. You only need to enter the IKEv2 settings given by your VPN (that is if it supports IKEv2).

How to test the Linux VPN client connection

If you are using NetworkManager, you can check the small network icon shown in the notification bar to confirm that you are connected. If you need further confirmation, you need to do an IP leak test to determine if the VPN client is connected and working well.

Recommended reads

Most Secure VPN protocols