"We are supported by our readers and may earn a commission when you buy through links on our site"

5 Best VPNs for Linux plus The Ones to Avoid

Try our best VPNs for Linux in order to stop wasting your time and internet bandwidth.

There is little doubt about the fact that there are many VPN clients which are open-source as well as available on the Linux platform via the OpenVPN free client.

However, it is also true that a native VPN client for Linux from the VPN service provider performs far better.

Not only that, it requires much fewer resources, configuration, and installation space.

Add to that the fact that generally speaking, dedicated VPN clients usually offer more features than generic ones.

Security Gladiators usually ranks those VPN services higher that offer users native clients for less used operating systems such as Linux.

Moreover, we take into account several other privacy and security features into consideration while assessing the quality of a given VPN service.

Apart from that, we also take a look at how these VPN services perform in the speed department.

All the good features and security won’t do any user any good if the VPN brings the user’s internet connection down to a halt.

Do people still use anything besides Windows?


They do.

Quite a lot in fact.

However, users of popular Linux distributions such as Mint, OpenSUSE, Fedora, and Ubuntu usually get the very short end of the stick as far as software applications are concerned.

And that is no more true in the case of VPN service providers.

Honestly speaking, most VPN services do not have Linux users on their priority list.

Or if they have them, then they have them somewhere very low.
Developers and companies do not want to spend time on users who use the Linux platform.

That is also one of the reasons why we at Security Gladiators, have spent a bit of time to find out which are the best VPN service providers in the world who have actually taken the time out and have given Linux users a bit of attention.

In order to connect to a VPN server on the Linux platform, VPN services have to make use of various VPN clients that are already available on the market.

Some of the most popular ones are,

  • Network Manager
  • AnyConnect
  • OpenConnect
  • OpenVPN

There are others as well but we won’t talk about them here.

However, the best VPN service providers are the ones that offer users native and plug-n-play VPN client.

As mentioned at the top as well, native clients give users the advantage of requiring fewer resources and configuration.

Moreover, they also tend to come packed with perks and features that their generic-looking and generic-sounding peers.

This is also the reason why each and every Linux VPN service that we have recommended in our list comes with a slick and native app just for those Linux users.


In August of 2018, NordVPN officially launched its own dedicated and native Linux application.

But it’s not as good as it sounds.


Well, for one, it doesn’t have a GUI.

Now, without a graphical user interface, the user has to make use of the command-line in order to get the app working.

Of course, it is better than having nothing.

Besides, using a command line makes it easier to set up and then use NordVPN and manually configure its VPN servers.

The official Linux applications come with the majority of standard features that one would expect from a great VPN service.

Moreover, we think that the NordVPN Linux version is comparable with VPN clients on various other operating systems.

Some of the features that NordVPN offers to users are,

  • Anti-malware filter feature
  • Adblocker
  • An automated and new kill switch feature.

Users who are in the habit of doing things the old-fashioned way should know that NordVPN boasts a pretty extensive user base of detailed tutorials and picture-assisted guides including comprehensive Linux setup instructions for PPTP, IKEv2 and OpenVPN protocols.

The company itself operates out of Panama.

This VPN service provider enables users to connect up to six simultaneous devices per account.

It has a zero-logs policy and offers specialized VPN servers for P2P, streaming and online security.

Not only that, it also unblocks geo-locked content on various apps and streaming sites such as,

  • BBC iPlayer
  • Hulu
  • Netflix.

The official NordVPN service offers users over 4500 VPN servers.

Users can make use of all these VPN servers in a total of more than 60 VPN servers.

NordVPN takes good care to protect each and every connection with a 256-bit AES encryption method.

The company’s IKEv2 VPN protocol features the very in-demand perfect forward secrecy function which is able to ensure that no one on the internet is able to decrypt the user’s past sessions even if that bad actor discovers the related encryption key.

Sometimes, NordVPN offers huge discounts on its 3-year subscription plans.

Click here to read our complete NordVPN review.

Click here to sign up for NordVPN right here and right now from the official website at the best price.



ExpressVPN was probably one of the first companies that truly cared about VPN clients for the Linux platform.

This VPN service provider came out with an official and native Linux VPN app way back in April 2016.

However, in order to run the service, users have to interact with the command-line interface.

In other words, it does not have any desktop GUI for the Linux platform like it has for the Mac and Windows operating system.

However, the setup and use are still pretty much easy.

Easier than manually downloading and then managing configuration files for each and every VPN server.

ExpressVPN has also done a good job of making sure that it always keeps its VPN server list up to date and in top condition.

Users have the option of easily switching between TCP and UDP over the very-secure OpenVPN protocol.

Apart from that, we would like to inform the users that ExpressVPN does cost users slightly more than some of its VPN rivals in the industry.

However, ExpressVPN comes with an official 30-day official money-back guarantee.

Our research also shows that ExpressVPN has VPN servers which are able to clock in much higher speeds than the majority of the VPN services out there in the market today.

ExpressVPN currently supports VPN services such as,

  • CentOS
  • Fedora
  • Debian
  • Ubuntu

The reason why ExpressVPN has managed to top the official Security Gladiators list of best VPN for Linux is that it manages to score highly in almost all areas including customer support, speed, and privacy.

As it turns out, it is also the only kind of VPN that has made it to our list which has consistently spent resources to make sure that it is able to unblock all streaming sites including the likes of,

  • BBC iPlayer
  • Hulu
  • Netflix
  • HBO

And a lot of other sites.

Currently, ExpressVPN allows users to connect up to there simultaneous devices per account.

As mentioned before, it has made some significant improvements to its core VPN service by introducing some advanced security features such as a Kill Switch and others.

Users who are lucky enough to catch a discount season can sign up for ExpressVPN at a 50 percent off.

Sometimes, the company even offers full three months access free of charge to its customers.

Hence, users don’t have to take any kind of risks when signing up for ExpressVPN.

Click here in order to read our full ExpressVPN review.

Private Internet Access

PIA, or Private Internet Access, has managed to score high marks in our list of best VPN lists in many different categories.

As far as reviews go, our’s shows that PIA is worth every penny considering the features and depth of those features that this VPN service offers.

However, the area where PIA loses the most amount of points is the one where it has to unblock various types of content on apps and services such as Netflix and Hulu.

It is also not good at getting rid of geo-restrictions on online content.

Private Internet Access is also anything but pretty.

However, if one can ignore those problems for a couple of seconds, then it is easy to see that PIA crushes the competition in terms of price.

In other words, it is extremely affordable.

It allows users to connect up to five different simultaneous devices.

Not only that, it also offers users an acceptable range of speeds on its VPN servers (we wouldn’t say the range is great though).

As far as security is concerned, Private Internet Access is pretty much as secure as VPN services come.

Private Internet Access VPN service has managed to become one of the most popular VPN services among Linux users.

And it fully deserves that position.


It offers users an OpenVPN protocol plus 256-bit AES encryption-protected connection by default.

However, users have the option of tweaking it to their heart’s content.

Private Internet Access works on both Fedora and Debian distributions.

With that said, it is also true that users of OpenSUSE and Fedora would find that it is slightly more complicated to set up Private Internet Access on their systems.

Click here to read out full Private Internet Access review.


AirVPN offers users native and dedicated Linux applications for both openSUSE/Fedora and Ubuntu/Debian.

Users have the option of using AirVPN Linux service through either a GUI or the command line.

Our research shows that AirVPN offers users comprehensive security settings the likes of which they are not likely to find anywhere else or on any other VPN client.

AirVPN allows users to activate a kill switch.

It also enables users to connect to the internet via OpenVPN over SSL and SSH.

This VPN service even offers a good number of alternative ports for forward traffic.

As far as prices go, our research shows that AirVPN is a mid-range VPN service.

Click here to read our full AirVPN review.


Mullvad also offers users an open-source VPN client for Ubuntu/Debian.

Moreover, the VPN client for Linux also comes with advanced security features such as,

  • IPv6 routing
  • IPv6 leak protection
  • DNS leak protection
  • Internet kill switch

The company does not keep any logs.

It does not even monitor connection logs.

Hence, when it comes to security, Mullvad is as airtight as it gets.

The company also allows a total of three simultaneous connections.

It even provides port forwarding for users who want to evade firewalls.

Even though the server selection is limited, Mullvad is pretty affordable when compared to the rest of its competitors.

Currently, Mullvad only offers a package for Ubuntu/Debian.

Click here to read our full Mullvad review.

Which VPN for Linux I should stay away from

There is no shortage of online tutorials that want to show the user how to install a specific OpenVPN protocol.

And we’re not saying they are not great.

They are.

And the reason is OpenVPN.

OpenVPN is perhaps the best that the VPN market has to offer in terms of VPN protocol.

However, the thing is, as great as OpenVPN is, it is just a VPN client and a protocol.



OpenVPN, for all its greatness, is not really a VPN service.

But it is not one in and of itself.

In other words, users only require a VPN server (and/or servers) to connect to in order to make it work.

This is where a lot of people on the internet run into deep privacy issues.

Who do you trust?

Well, now that our readers have read this far, they already know which VPNs for Linux they can trust.

To put it another way, all of the VPN services that we have mentioned so far in this guide are paid VPN servers that do not store any logs.

They operate on a zero-log policy.

What does that mean for the end user?

It means that the VPN service would not monitor and/or record how the user makes use of its VPN service.

A zero-log policy also means that no hacker in the world can breach the VPN service provider’s VPN servers and then steal dirt on its users.

VPN companies that work with a zero-log policy do not have the option of selling the user’s information to any third parties.

Moreover, even law enforcement agencies cannot coerce zero-log VPN companies into submitting them private information about their VPN customers.

With free VPN services, users don’t have to pay anything (obviously) but the reality if more or less very different.

Readers should understand that these free VPNs are not free VPNs based on how they go about doing their business.

No company would want to go ahead and spend money hosting and maintaining different VPN servers in different locations without expecting some kind of compensation.

This is the reason why we think it is very important for all online consumers to read up fully on the VPN service’s logging and privacy policy that they are interested in.

And online consumers should do that before they actually connect to the service.

Furthermore, we also recommend that users should stay away from all those VPN services that do not offer any other VPN protocol option other than the PPTP one.


Well, some might have heard that the PPTP protocol is not only very simple to set up but also fast.

However, our research shows that it contains an unacceptable number of security vulnerabilities.


The itshidden VPN service is a free VPN service that only makes use of PPTP connections.

As mentioned before, that is a dead giveaway that itshidden is anything but a secure VPN service.

The other problem with this VPN service is that it has a single sentence privacy policy.

And it has typos present in it.

Now, typos are not really a deal-breaker in any deal (we know because we have made thousands ourselves) but in a one-sentence privacy policy document, someone should have taken care of that.

With that said, the interesting thing about the official itshidden privacy policy is that the company clearly claims that it does not involve itself in keeping any kind of traffic logs.

However, no one in their right mind can call that a privacy policy document.


Online consumers who have a habit of going to Google for each and everything that they want in life would come across SecurityKISS when they are searching for best free VPN for Linux.

The problem with SecurityKISS is that it stores connection logs of its users.

If that wasn’t bad enough, the company also stores IP addresses of its customers.

This is a practice that all privacy advocates in the industry frown upon.

SecurityKISS caps the per day usage to just 300MB in its free version.

As far as the paid version of this VPN service is concerned, it is not of any consequence whatsoever because our research shows there are, at the very least, a half dozen VPN servers better than SecurityKISS.


The USAIP service is another VPN service which we think is a mediocre VPN service.

However, this VPN service must have had some really good SEO experts working on it since it has managed to rank itself relatively high for what it offers into the search results page.

We don’t recommend using SecurityKISS as one’s primary VPN for Linux is because its Linux client is only able to make use of the PPTP protocol.

The other problem with this VPN service is that it does not own its own DNS servers.

It also makes no efforts to default to the official Google DNS service.

That means, the user’s internet service provider is still able to monitor the users’ online activity even when they have turned on this VPN service.

Perhaps the biggest problem with this VPN service is that it makes no effort to disclose its official logging policy.

That is a big no-no for any VPN service, let alone a mediocre one.

The things to look for in a good VPN for Linux


Readers need to understand that the list of best VPNs for Linux that we have mentioned above is based on several number of criteria.

Some of which are,

  • Fast VPN servers
  • Zero activity logs.
  • Zero IP address logs
  • It should offer an official and dedicated Linux application so that users don’t have to spend time doing manual configuration.
  • Has the ability to unblock geo-restricted streaming services, apps and websites.

A VPN is an acronym for Virtual Private Network.

And its main job is to encrypt all of the user’s internet traffic that is generated via their internet-enabled devices.

A VPN service also routes the encrypted internet traffic through an intermediary VPN server which is located in the country of their (the users’) choosing.

This offers online consumers a ton of benefits which range from enhanced online privacy to unblocked geo-restricted services, apps, and websites.

How to secure the Linux operating system

Our research shows that signing up for a VPN service is one of the best steps that online consumers can take towards security their Linux computer system.

However, for full protection, online consumers need a bit more than that.

Pretty much like all modern operating systems, the Linux operating system comes with its own set of vulnerabilities and adversaries such as hackers who are always ready and waiting to exploit any security vulnerabilities.

That is why we recommend that users should take advantage of a multiple number of tools to take their Linux security to the next level.

Readers should remember that these steps are mainly for users who are extra-concerned about their online privacy.

Online consumers, in order to fully protect themselves on a Linux platform, should probably make use of,

  • Security-focused online web browser extensions.
  • Firewall
  • Tripwire
  • Anti-rootkit software applications.
  • Antivirus software applications.

There are lots of guides on the internet (and on our site) that discuss how to use these tools for the Linux platform.

Our research shows that typical online users would also need a guide on how to install such tools for maximum Linux security.

We are in the process of writing up a guide which would offer users a ton of advice and tips for securing their Linux computer machine.

Should I use a VPN for the Linux platform?


Everyone should.

The thing online consumers must understand is that a VPN has a multiple number of use cases.

And they are free to apply the advantages a VPN affords them in a number of varying and different scenarios.


At the core of any VPN service is privacy.

A VPN is a dedicated tool that is designed to protect the user’s privacy.

Users who are always worrying about a hacker or someone else monitoring what they do when they are connected to the internet should always keep in handy a VPN service.

And there are many ‘folks’ who want to know what anyone and everyone is doing on the internet.

We’re talking about folks such as,

  • Hackers
  • Internet service providers
  • Government agencies

A good VPN service can assist in protecting the user from all such problems.

Any VPN service worth its salt, goes about achieving a good level of privacy for its users in a total of three key ways.

The first way is encryption.

A VPN service basically encrypts all of the user’s data that he/she sends and/or receives over the thing we know as the internet.

The data does not leave the user’s device unless and until it is totally encrypted.

But the VPN service has to make sure that it makes use of a strong encryption technology.

At least as strong as 256-bit or 128-bit AES.

The vast majority of the security community considers AES encryption both sufficient and strong.

Both of the above-mentioned variants have also become pretty common with modern VPN services.

A VPN service making use of any one of these encryption technologies would actually make sure that no one in the world would even get a sniff at an opportunity to crack it.

To take an example, the user’s internet service provider is always hungry to record the user’s browsing history.

But when the user is making use of a VPN service, the internet service provider would only see some text that is indecipherable.

The second benefit of using a VPN service is that (continuing from the same example as before), any given Internet service provider, or ISP, could employ any tactic but it would still see the VPN user’s online internet traffic.

The ISP would not know where the traffic is coming from and it certainly wouldn’t know where it is going.

In fact, the only thing that the VPN service provider can see is that some data from the user’s computer is traveling between the user’s computer machine and the VPN service’s VPN server.

Moreover, the internet service provider, or ISP, still cannot know anything about the destination of the user’s internet traffic.

As a result of that, it is unable to monitor what kind of services, apps, and websites the user has visited in any given session.

Readers should also remain assured that no website that the user visits would be able to track the user’s online activity so easily.

Why is that?

It is precisely because the user’s IP address remains in a hidden state behind the VPN server’s VPN server as long as the user can ensure that he/she has activated the VPN service.

More specifically, users should know that IP addresses are very important.

In other words, they play a critical role in how various third-party advertising companies and all the other data mining entities that study and create user profiles.

One important distinction that users should make at this point is the difference between various VPN service’s logging policies.

Each and every VPN service provider that we have mentioned on our list of best VPNs for Linux, has a strict logging policy.

Or rather, strict zero-log policy.

That means, our recommended VPN services do not engage in keeping traffic logs on their users.

They essentially have no way to monitor the user’s activity while the user has connected to the internet via their VPN server.

There are many VPN service providers that log the user’s activities.

Some just do it in different ways than others.

Needless to say, users should avoid signing up for such services like the plague.

If a VPN service is tracking the user’s internet traffic then that is almost as good as the user not making use of a VPN service and letting his/her internet service provider, or ISP, log his/her information.


There is no doubt about the fact that privacy and security often go pretty much hand in hand.

And a good VPN service can help users to secure their device by protecting it from all sorts of online threats.

Take, for example, public WiFi.


It is pretty much a minefield for users who have not given their devices the gift of VPN protection.

Hackers have the ability to hijack all unsecured public WiFi routers.

Not only that, modern hackers are also able to create their own version of fake public WiFi hotspots.

In this manner, they get the opportunity to wreak all kind of mischief and havoc on a given user’s device.

Any user who has made the mistake of connecting to such fake public WiFi hotspots can look forward to some real information theft.

A good hacker has enough ability to modify and/or steal any kind of data that the user may send over a network that is unsecured.

The problems don’t go away even if the user doesn’t connect to a public WiFi network.

That is the reason why modern VPN services promise their users protection from several different online threats other than public WiFi networks.

VPN services go about their work by masking the user’s IP address.

Any good VPN service can and does remove common attack vectors that many hackers use in order to target specific devices of specific people.

A lot of VPN services also offer users VPN clients which have built-in filters to fight against malware.

Unblocking geo-locked online content

As mentioned before as well, a ton of modern online services, apps, and websites have started to put restrictions on residents of specific regions and/or countries.

This is, again, an area where VPN services can provide some significant help.

Good VPN services offer users the ability to unblock geographically-restricted online content.

Sometimes the term that is used is geo-locked content.

Geo-restricted or geo-locked content is something that streaming sites usually employ in order to keep users away from their premium content.

We’re talking about websites such as,

  • Amazon Prime Video
  • BBC iPlayer
  • Hulu
  • Netflix

No, even the likes of shopping sites and online banking have started to apply such techniques.

However, VPN services can handle all of them by spoofing the user’s location for him/her.

When such a website or a streaming service that makes use of geo-restricted content, it only sees the exact location of the VPN service’s VPN server that he/she chose in order to connect to the internet.

In other words, such streaming services and websites can’t see the user’s real location.

And that is what counts.

With the help of a good VPN service, the user can even take care of various blackout restrictions that sporting events have started to make use of for their live streams.

The other thing readers need to bear in mind is that a lot of streaming video service providers are pretty much averse to users making use of VPN services.

Why is that?

It is because of their content licensing agreements.

These agreements essentially force streaming services to only offer specific content within a specific region.

Following from that, streaming services regularly block connections that come from known VPN services.

This is also the reason why only a handful of VPN services have the ability to bypass all types of online restrictions.

All that users have to do is to search enough in order to find the best list of the best VPN services for their favorite streaming services such as Hulu and Netflix along with others.

Click here for best VPN for Netflix.

Click here for best VPN for Hulu.

From the list that we have provided in this guide, it is clear that NordVPN is the best VPN when it comes to the best VPN for Linux list.

We feel that it is the most capable and reputable unblocker of content as well.

Bypass censorship

There is little doubt about the fact that censorship stinks.

It doesn’t matter if the users are in an authoritarian region such as China or a simple office building that is protected by an overzealous firewall component.

By simply making sure that the user’s internet traffic goes right around the present firewall directly through a given VPN server, users have the opportunity to evade all types of restrictions and then move ahead to access the internet in a much free and open way.

As we have reported many times here:

It is perfectly legal to make use of a VPN service in almost all countries except for a tiny number of countries which have banned the use of VPN services.

Users should heed a warning though:
A good number of countries have employed methods which enable them to block known servers of various VPN services.

Consequently, very few number of VPN services are able to unblock and bypass censorship measures in various countries such as China and Iran.

What users need to do here is they should check with each and every individual VPN service provider and ask their representatives if the VPN service he/she represents can unblock various uncensored sites from their (customers/users) country.


What is life if one can’t even download his favorite Linux distribution in the form of a torrent file?

Well, life is lots of different thing to lots of different people who may or may not want to use a Torrent client to download their favorite Linux distribution.

Internet service providers, or ISPs, do not like torrenting.

They actually frown upon it.

It doesn’t matter if the user is downloading the torrent illegally or legally.

An internet service provider, ISP, may just penalize the user’s account for the sole reason that the user downloaded something via a torrent client.

The actual punishment can come in the form of a restricted bandwidth, to take an example.

Furthermore, there is also no point in denying the fact that the current BitTorrent network is actually rife with those annoying copyright trolls who are always on the lookout for opportunities to make a quick buck.

How do they do that?

They do it by collecting the IP addresses of all the downloaders and then sending them threatening legal settlement letters via their internet service providers.

So for those who identify themselves as torrentors, they should consider a VPN service as an essential tool in their arsenal.

VPN services help torrentors when they connect to the internet via their VPN service by hiding the nature of their internet traffic.

No ISP (internet service provider) in the world can distinguish between various different types of traffic to catch torrenters or even normal users.

VPN services mask the user’s IP address with their own VPN server’s IP address.

This stops copyright trolls from tracking their targets down.


All that the user has to do is to make sure to sign up for that VPN service which does not log the user’s real IP address.

Users should also reference the official list of best VPNs for Linux that we have mentioned above with our best VPNs for torrenting.

Click here to have a look at our best VPNs for torrenting.

After that, users should find the best VPN that fits their VPN needs.

Important information on the OpenVPN protocol

The thing readers need to know about OpenVPN protocol is that even if a given VPN service provider does not provide users with a dedicated and/or native VPN client for their specific Linux distribution, the vast majority of them (VPN services) would provide all the necessary files which work with the OpenVPN client.

All that the user has to do is to download a special configuration file for each given VPN server that the user wants to connect to.

We are aware of the fact that this process is begging to get tedious if the user likes to have available to him/her plenty of VPN options.

However, for the majority of online consumers, this process is perfectly feasible as users don’t typically use hundreds or even tens of VPN servers.

So what’s the problem with the OpenVPN client?
Nothing much really.

It is great and everything.

However, it is still a generic VPN client.

And because of that, it is not exactly packed with various security features such as internet kill switches and DNS leak prevention measures.

But again, if the user is able to find all the scripts and the related packages which take care of all such things from him/her then that’s fine.

On the other hand, it is always more convenient (something which we prefer) for the user if the client offers all of the advanced security features as built-in features.

How to install OpenVPN on Linux and how to connect OpenVPN on Linux?

Let’s answer both these questions.

In this section of the guide, we will show all users how to install OpenVPN VPN client on Linux (more specifically Ubuntu but the process should work on all Debian-based Linux distributions).

There are many other distributions such as CentOS and Mint which should have no trouble in working with the OpenVPN client if users follow the same set of steps that we will mention below.

However, the actual command can vary in a slight way.

With that out of the way, let’s get to the actual steps.

  1. Open up a new terminal (search for it via your Linux distribution’s program search function).
  2. Then type up sudo apt-get install -y openvpn.
    After that hit enter.
  3. Now, the user must type his/her password and then hit Enter again.
  4. After that, the user should type Y and then hit Enter in order to accept all the dependencies and, therefore, complete the installation.
  5. Then the user has to enter the command sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome.
    After that the user has to hit Enter.
  6. Then the user should type sudo apt-get install openvpn easy-rsa.

One other thing users need to note here is that if they are running the absolute latest version of Ubuntu on their systems then they may need to swap out the apt-get portion of the commands that we have mentioned above with yum (weird right?).

Once the user has installed the official OpenVPN VPN client, the user still has to access the necessary config files.

Usually, users have the option of downloading .ovpn configuration files right from their VPN service provider’s official website.

Each of the config (configuration) file has an association with a specific VPN server and also a location.

So, the wise user would definitely grab quite a few of them if he/she wants to connect to a VPN server located in different countries.

The user should do that for each location that he/she wants to change his/her IP address to.

Moreover, users also have to make sure to have backup servers in a case where their main VPN server goes down for a while.

In order to connect to a given server via the command line, users have to follow the below-given three steps (and these three steps should work with almost all Linux distributions).

  1. Once the user has successfully installed the OpenVPN client, he/she should type up sudo openvpn -config command directly into the terminal and then press the Enter key.
  2. After that, the user must drag and then drop the .ovpn config file for the exact server that he/she wants to connect to directly into the Linux terminal.
    The terminal has the capacity to automatically capture the .ovpn config file.
  3. Then, the user has to hit the Enter button again and then wait for the message that says “Initialization Sequence Completed”.

If the user has followed all the steps in order and exactly as we have mentioned, then Linux should connect such users to the internet via a VPN connection.

Users have the option of minimizing the Linux terminal window.

However, if the user closes the Linux terminal window, Linux would disconnect the user from the actual VPN server.

Aside from that, users should remember that this is just one single way to connect.

Users have all the options in the world.

They can also make an attempt to connect via the OpenVPN GUI or Ubuntu Network Manager.

Of course, these methods would require the user to make use of private keys and/or CA certificates from their VPN service providers.

Hence, users should make sure they are able to have that from their VPN service provider’s official website.

How to install the kill switch feature on my VPN in Linux?

There is a way.

Kill switch features have become very important for online consumers.

The reason for that is simple.

Kill switches provide further security.

Security against what?

Against an unexpected drop in VPN connection.

If there is no kill switch in place then the user’s computer machine would continue to send and also receive internet traffic sent directly over the user’s internet service provider’s, or ISP, network which is unprotected.

There is also a huge possibility that the user would not even notice that such an event has taken place.

In order to prevent such a thing from ever happening, users can make themselves a simple version of the Kill Switch feature.

This kill switch feature would halt any and all internet traffic unless and until it detects the restoration of the user’s VPN connection.

In this section of the guide, we will show users how they can write a few easy rules by making use of iptables and also the application known as Ubuntu Ultimate Firewall.

The first step here is to create a script called startvpn.sh which puts various standard firewall rules in place.

All of such firewall rules essentially only allow internet traffic over the given VPN’s tun0 network interface.

Moreover, these firewall rules also only allow internet traffic over that same interface (mentioned in the previous sentence) to go directly to the user’s VPN server.

So here are the lines that users have to write in their Linux command line in order to get going.

$ cat startvpn.sh

sudo ufw default deny outgoing

sudo ufw default deny incoming

sudo ufw allow out on tun0 from any to any

sudo ufw allow out from any to # <– keep a note of this number as it is the IP address from the mote field of the user’s configuration file.

sudo ufw enable

sudo ufw status

sudo openvpn client.conf &


If the user successfully places these firewalls then there is no network traffic that can pass over any other type of network interface.

Users will notice that whenever their VPN connection drops, the VPN client will remove the tun0 interface from their system.

It would do that so there is lack of interface for the internet traffic to pass through.

As a result, the user’s internet connection meets its death.

Now, users should also note that whenever a given VPN session end, they would need to remove the firewall rule in place in order to enable normal network traffic over their default network interfaces.

There are many ways to do that.

Let’s talk about the simplest one of them all.

This would involve the user disabling UFW altogether.

Perhaps we should also mention that if the user happens to have existing UFW rules which are running in a normal way, then the user would do well to actually craft an even more elegant teardown Linux script instead.

The new script which we will mention below has the ability to remove all the firewall rules and then also kill the openvpn connection with a script which will go by the name of stopvpn.sh.

$ cat stopvpn.sh

sudo ufw disable

sudo ufw status

sudo kill `ps -ef | grep openvpn | awk ‘{print $2}’`

Users who want to make use of some other means in order to connect to their VPN service can go ahead and eliminate the very last two lines of each given script in this guide.

However, in a configuration with none of the last two lines of our script, the user will have no option but to remember to run the startvpn.sh script manually before trying to start the VPN connection by taking advantage of another method.

Moreover, once the user’s VPN session comes to an end, the user would also have to remember to run the second stopvpn.sh script in order to stop the VPN service.

That is hard to do.

Moreover, the user would have to experience a noticeable lack of online connectivity until the user is able to run the internet.

Best Linux distribution for privacy.

Which is it?

Users who are extra concerned about their privacy should know that the simple step of switching away from Windows and/or macOS to any given open-source Linux distribution is a huge one.

And that too in the right direction.

Microsoft and Apple both monitor and collect tons of personal data from their users with the help of their respective operating systems.

It is also true that both of the companies have made a reputation for cooperating with intelligence and law enforcement agencies such as the NSA in the US.

Operating systems like Microsoft make use of their customers’ data in order to sell them advertisements.

Apart from that, both operating systems are essentially closed-source.

That means, the public has no option to peak at each operating system’s source code in order to see where all the backdoors and security vulnerabilities lie.

On the other hand, there is Linux

It is open source.

And the security community frequently audits it.

We won’t deny the fact that Ubuntu once did try to flirt with the idea of monetizing users with Amazon.

However, that is not true for others.

The vast majority of distributions are not on the market to make a quick buck by selling the user’s data to advertising companies and third-party marketing companies.

But it is also true that not all Linux distributions are created equal.

In other words, some Linux distributions offer more security than other distributions.

If a given user is actually looking out for a distribution which functions as a good day-to-day static/desktop replacement machine however also offers security and privacy from the ground up then our recommendation is Ubuntu Privacy Remix.

What is Ubuntu Privacy Remix?

Well, it is a new Debian-based Ubuntu build.

It stores all the data that it collects on its users on a media that is removable and encrypted.


We’re talking about a simple external hard drive.

Reports say that the Debian-based Ubuntu is a non-manipulative operating system that is supposed to be totally immune to any malware infection.

Of course, the user would still require to make use of a VPN service in order to encrypt his/her own internet connection.

The majority of the applications that come from VPN service providers that we have mentioned above should work perfectly fine with a Linux distribution such as Ubuntu Privacy Remix.

However, we are aware of the fact that there will always be those users for whom even Ubuntu Privacy Remix is not enough.

For such users who want absolute and complete anonymity for their computer machine, everybody is recommending TAILS.

So that is what we will do as well.

The answer is:

TAILS or The Amnesiac Incognito Live System.

Keeping the acronym on the side for a moment, this operating system is a Linux distribution that comes to us via the generosity of the same people who introduced the Tor network to the world.

The Amnesiac Incognito Live System, or TAILS, is a live operating system which the developers have designed for users to install and run on a CD or USB drive.

Think of it as a hardened version of the Linux operating system which can route all the user’s internet traffic via the Tor network.

Users should know that this operating system would leave no trace of any user using it after the user has removed the USB or the CD from a given computer system.

How to make your own VPN

Valid question.

Some online users would go to the extreme of not trusting commercial VPN service providers right from the outset.

We get that.

Of course, there are also those users who just want to spend some time in a DIY solution and/or project.

For such users, there is always the option of rolling one’s own VPN service.

So as a first step, the user will need to set up his/her own server.

There are many common options here.


Basically one can make use of any virtual private cloud service.

The most notables ones are Digital Ocean and Amazon Web Services.

There are also a variety of tools for users who want more options at their disposal.

These tools will assist the user is creating a homegrown VPN service up and running in as little time as possible.

So here are the tools,

  • StrongSwan
  • SoftEther VPN
  • Algo
  • Streisand
  • OpenVPN

Each of the tools that we have mentioned above comes with its own cons and pros in terms of ease of use, features, security, and protocol.

There are lots of tutorials on the internet on how to set up a new OpenVPN connection with the help of a Linux client and with an Amazon EC2 Linux instance.

We’ll have a guide for that pretty soon as well.

However, users should know, despite the fact that rolling one’s own VPN service gives one complete control over all the major aspects of how a given VPN operates and perhaps, even more, there are noticeable drawbacks.

The first drawback is that a homegrown VPN service is a lot more difficult to use compared to pre-existing VPN servers and pre-configured VPN apps.

The second problem is that if the user is making use of a cloud service such as Digital Ocean and/or AWS, then the user’s data would still pass through the corporate hands of another third-party company.

The third drawback is that, the user can only utilize a single server.

And that would, in turn, mean that the user would only have a single location to change his original location to.

The fourth and the final problem with rolling up one’s own VPN service (and this is also the most important drawback) is that it means that only the user and maybe a handful of other people (mostly acquaintances) would make use of it.

Needless to say, it would make it a lot easier for anyone to trace all the online activity coming from the given server to a particular person connected to the server.

Therefore, the best VPNs for Linux remain the same as we recommended above.

Readers should also know that commercial VPN services are able to assign users various shared IP addresses.

Sometimes, each shared IP address has dozens or even hundreds of VPN users pooling together and making using of the same IP address.

This approach is very effective in anonymizing internet traffic as it approaches to leave the VPN server out to the open world of the internet.


Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.