If you want to set up your VPN with Ubuntu, Kali or Mint, then you're in the right place. In this article, is a simple how-to guide to installing a VPN using Linux VPN GUI's, Network manager, and other methods.
Install OpenVPN in Linux Initially, we need to install OpenVPN in our Linux machine to use custom CA certificates. To do so, just simply open up terminal and paste below command in it. Sudo apt-get install -reinstall network-manager network-manager-gnome network-manager-openvpn network-manager-openvpn-gnome.
Thanks to its popularity, this article focuses on installing a VPN on Ubuntu, however, the same instructions apply to Linux Mint, Debian, and Kali (which is based on Debian), and should provide useful guidelines for users of other Linux distros.
Learn more about staying secure online
If you want to know more about how you can secure your data, check out the guides below:
- The most secure Linux distros - In this guide we list the two most secure Linux distrobutions out there.
- VPN Encryption - Everything you need to know about VPN encryption from PPTP to OpenVPN.
Install a VPN’s custom Linux software
In most Operating Systems, the easiest way to set up a VPN is to use a VPN provider’s custom software. This also true in Linux, but very few VPN providers offer a custom Linux GUI client.
In fact, the only VPN providers I know of to offer VPN GUIs for Linux with the full range of features typically found in Windows and macOS software are AirVPN and Mullvad .
AirVPN’s “Eddie” client supports a range of Linux configurations and is open source.
Mullvad’s VPN client supports Ubuntu (Debian), Fedora, Linux Elementary Freya, and Arch Linux. It is also open source.
ExpressVPN also offers a custom Linux client, but it is command-line only and is not very fully-featured. It is available for Ubuntu, Fedora, and Raspbian, but is not open source.
OpenVPN For Linux via NetworkManager
Outside of dedicated clients, probably the easiest way to install and use OpenVPN on most Linux systems is via the NetworkManager daemon.
It is worth noting that AirVPN recommends against using NetworkManager “due to multiple, critical problems.” I have not, however, been able to establish any more details regarding this, and most VPNs seem happy to use it.
Installing OpenVPN in Ubuntu GNOME
Register an account with your chosen VPN provider.
Download your provider’s .ovpn config files for the servers you wish to connect to. These can often be batch-downloaded as a .zip file, in which case you will need to it unzip before use.
In the past, NetworkManager did not like inline certificates and keys. Because of this, many VPNs recommend downloading them separately. But this no longer appears to be necessary.
Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:
sudo apt-get install network-manager-openvpn-gnome
Check that OpenVPN is correctly installed by clicking on the NetworkManager Icon in the notification bar.
Then go to VPN Off -> VPN Settings -> VPN -> and click the + button.
In the Add VPN box, you should see an OpenVPN option. If you don’t see OpenVPN, then restart your PC.
Assuming you see the OpenVPN option, don’t click on it. Click on “Import from file…” instead. Navigate to where you downloaded the .ovpn files and double-click on one.
An “Add VPN” box will appear populated by the server’s VPN settings. Simply fill in your Username and Password and hit “Add.”
The VPN is now set up. To start it, go to NetworkManager -> VPN off -> and select the server you wish to connect to.
Installing OpenVPN directly via the Linux Terminal
According to AirVPN, using OpenVPN via Linux Terminal is also more secure than using NetworkManager, although I have not been able to confirm this independently or uncover the details.
The OpenVPN package is available in the Debian and many other repositories, but CentOS and RHEL users (for example) will first have to install the EPEL repository into your system.
Register an account with your chosen VPN provider.
Open Terminal and install OpenVPN using your usual package manager (such as APT, RPM, or YUM).
For example, in Debian-based distros enter:
sudo apt-get install openvpnor
sudo rpm install openvpn
In CentOS 7+ and Fedora 7+ you first have to install the EPEL repository:
sudo yum install epel-release
Before installing OpenVPN:
yum install openvpn
It is, of course, always possible to compile from source on any Linux system. Download the tarball from here, extract, cd to the top-level of the extracted directory, and type:
Use a browser to download some OpenVPN configuration files from your VPN service's website. Then open Terminal and cd into the directory you downloaded them into. It will make the next step easier if you rename the downloaded .ovpn files into something easy to type.
In Terminal type:
sudo openvpn [openvpn file]
You can disconnect from the VPN by closing the Terminal window OpenVPN is running in.
Note that if using OpenVPN directly, DNS requests will not be pushed to the VPN provider’s DNS servers. IP leaks can be resolved by modifying resolvconf to push DNS to your VPN’s DNS servers.
Alternatively, you can manually configure the iptables firewall to ensure all traffic (including DNS requests) must go via the VPN server. This will, at least, ensure all DNS requests are proxied by your VPN. It will also act as a kill switch.
Manually Configure VPN for Linux using PPTP via NetworkManager
PPTP is not a secure VPN protocol, so we generally recommend that you avoid it. NetworkManager comes with PPTP support “out of the box,” however, which can make PPTP a useful “quick and dirty” solution when security is not a high priority.
Go to Network Manager -> VPN Settings. Click the + icon next to the VPN box -> Point-to-Point Tunneling Protocol (PPTP):
Fill in the PPTP setting given to you by your VPN. Note that these settings are not specific to Linux, so you can use generic settings or settings given for another platform.
Manually Configure VPN for Linux using L2TP/IPsec
As disused in our Complete VPN Encryption Guide, L2TP is a tunneling protocol that does not provide any encryption or confidentiality to traffic that passes through it, so it is usually implemented with the IPsec authentication suite (L2TP/IPsec).
How to install L2TP/IPsec for NetworkManager
NetworkManager-l2tp is a VPN plugin for NetworkManager 1.2+ which includes support for L2TP/IPsec.
To install, fire up Terminal and enter the following commands:
sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp
You may be prompted to install additional binaries (e.g. for GNOME), in which case go ahead. Restart your PC and L2TP should now be enabled in NetworkManager.
Setup is very similar to using PPTP (see above), except that you will need to enter some additional IPSec authentication details. Again, your VPN should be able to provide these, and generic settings are fine.
Update May 2018: There is currently a bug in xl2tpd which may compromise its use with the IPSec protocol. The issue has already been fixed in Fedora, so I would expect it to be patched in Ubuntu and Debian soon. Please see here for the details and latest updates.
Manually Configure VPN for Linux using IKEv2
IKEv2 is a secure and fast VPN protocol that is rapidly gaining popularity with VPN services. It is supported in Linux via strongSwan. strongSwan packages are available for most versions of Linux, or you can compile it yourself.
How to install IKEv2 for NetworkManager. You can build this from the source, or Debian/Ubuntu users can open Terminal and enter:
sudo apt-get install network-manager-strongswan
In use, the plugin works just like the L2PT NetworkManager plugin described above.
Simply enter the IKEv2 settings provided by your VPN (if it supports IKEv2).
How to Test a VPN for Linux
If using NetworkManager, a small network lock icon in the notification bar lets you know at-a-glance that you are connected.
For further confirmation the VPN is connected and working correctly, you can run an IP leak test…
Check your VPN for IP leaks
Once connected to the VPN (using whatever method), it is a good idea to check for IP leaks.
The example above shows a bad case of IPv6 leaks. The IPv4 DNS result correctly shows that I am connected to a VPN server in the US, but the website can see my real UK IPv6 address via both a regular DNS leak and WebRTC. Fail!
For more information about staying secure with a VPN in the UK or US check out the guides below:
Note that Private-Use – [RFCxxxx] IPs are local IPs only. They cannot be used to identify an individual or device, and so do not constitute an IP leak.
Setup VPN for Linux: Conclusion
As with most things Linux, things are never quite as easy as they are on more mainstream platforms. That said, even inexperienced Debian/Ubuntu users should have no problems setting up a VPN using NetworkManager.
- Fastest VPN we test
- Servers in 94 countries
- Unblocks Netflix, iPlayer and more
The fastest VPN we test, unblocks everything, with amazing service all round
Large brand with very good value, and a budget price
Longtime top ranked VPN, with great price and speeds
One of the largest VPNs, voted best VPN by Reddit
In this blog post, I am going to install and configure OpenVPN client on Kali Linux for secure VPN Connection.
Using OpenVPN is very simple. In most of the distributions it is installed by default. If it is not, you can download and install it very easily.
Step 1 – Download / Install OpenVPN:
On Kali Linux, OpenVPN is already available in debian repositories, so we just need to install required packages by apt-get command as follows:
Step 2 – Download OpenVPN certificates:
The certificates required for OpenVPN setup are normally “Client-Key”, “Client-Certificate” and “CA-Certificate”. In my case, certificates required are:
4- TA.key ( Authentication Key, NOT necessary, only if it has been provided to you)
I need all these files as I configured Server based on all these settings like HMAC Authenticaiton and LZO Compression. So, let’s begin configuring.
Step 3a – Make a VPN directory to keep things ordered
(Trust me on this… you’ll be so glad)
# mkdir VPN-Files
# cp <AllCerts> <VPN-Files-Directory>
Step 3b – Configure VPN
– Goto Settings by Clicking Arrow on Top Right Corner and Click Settings icon (Screw Driver icon).
– On “All Settings” window, select “Network”
– On “Network” window, click on + (Plus) icon to add VPN network as shown below:
– On next window, select “VPN” and then “OpenVPN” on next to that window.
– On next opened window form “Add Network Connection”.
– Fill-up all the required settings as:
– Name: Provide any Name for this VPN connection here.
– Gateway: Provide IP or hostname of the VPN Server here, in my case, it is “myvpn.muhammadattique.com”
– Type: Select type of VPN connection you need to configure. In my case, I only have certificates (without any user authentication).
– Now click on “Advanced” button to configure further options.
– Port: Like in my case, if you are using different port other than default, enter it here. But if you are using default, leave it as it is.
Kali Linux Vpn Tool
– I have to select “LZO Compression” as this is required in my connection case.
– Click on “Security” Tab.
– Select “Cipher” you are using, in my case, it is “AES-256-CBC”
– Select “HMAC Authentication“, I’m using “default“.
– Click on “TLS Authentication” Tab. As I have to provide authentication key i.e. “TA.key” file as I mentioned before.
Install Free Vpn Kali Linux Downloads
– Select “Authentication Direction“. It must be opposite to direction of server. i.e. If OpenVPN Server is configured with direction “0”, then all of its clients will be configured with direction “1”, like in my case.
Install Free Vpn Kali Linux Windows 10
– Click “OK” and “Add” … Connection has been created.
– Move the Connection Slider next to VPN Connection name to connect it. If configuration was correct, then it should be connected as shown below.
Verify VPN has been connected and working as expected by viewing / checking your Public IP. Simplest way is to browse following URL, it will show you your public IP.