VPN Wired

Your Online Security Advisor

Nord_W

How to Add a VPN in Linux

Add VPN in Linux

Using a VPN on Linux to bolster security and shield online privacy is becoming a necessity. However, Linux has a unique “issue” – there are plenty of diverse distributions. Ergo, it doesn’t make financial sense for VPN providers that support Linux to build dedicated applications (let alone with GUI) or spend time explaining how commands differ. Our goal is to fix that problem by talking in general terms, then provide the practical application with the most widely used free VPN client you’ll likely use yourself, whether you’re using a VPN service or building a VPN server. With that, let’s dive straight into how to add a VPN in Linux.

Note. We outlined the 3 ways to add a VPN in Linux when we demonstrated adding a VPN to Ubuntu. All 3 methods should work on Debian-based distributions, and with some changes, on others. We’ll reference it quite often, so keep it in front of you.

1. Add a VPN in Linux via an app with a GUI

This method largely remains the same. If you can find a VPN provider with a GUI-based application for your distribution, install and launch it. Here’s what to type after opening Terminal without quotation marks:

  • Debian-based distros: “sudo apt-get install vpn-app-name” or “sudo rpm install vpn-app-name”
  • Fedora 7+, CentOS 7+, Red Hat Enterprise Linux: You’ll most likely have to install an EPEL repository by typing “sudo yum install epel-release-name”. Replace the name with the latest Fedora EPEL release and install extra packages/repositories if recommended. Finally, install a VPN app by typing “yum install vpn-app-name”.
  • Arch Linux: Update repository by typing “pacman -Syu”. Enter “sudo bash pacman -s vpn-app-name”. Type y to confirm.

2. Adding VPN to Linux using NetworkManager

This method is nearly identical for all Linux distros because NetworkManager is a daemon that allows for the configuration of different network interfaces. You might have to update your distro to the newest version if it isn’t natively supported, though. Alternatively, find a command for an older Linux version or as part of a VPN app. One example is NetworkManager on Arch Linux as part of OpenVPN: “sudo pacman -S openvpn networkmanager-openvpn”.

3. Use a VPN on Linux via an app with CLI

Because OpenVPN is a free, open-source app with a CLI (command-line interface), available for most Linux distros, we’ll use it as an example again. Follow these steps to add a CLI-based VPN depending on the OpenVPN version:

1. OpenVPN 2.X

This method is primarily used for OpenVPN servers by leading VPN providers. The instructions in the Ubuntu guide apply here too, and you can exchange vpn-app-name with openVPN in commands in method 1 above to install the openVPN 2.X app packages. To make connecting to the VPN easier on other distributions, do this:

  1. Copy the .ovpn configuration file to the OpenVPN root folder. It’s “~/etc/openvpn” on Debian-based systems, for example.
  2. Using the same example, we execute this command in Terminal:
    openvpn –config /etc/openvpn/config-file-name.ovpn
  3. Note. Change the file path and config file name to match yours.
  4. Enter the username and password when prompted.
  5. Tip. You can test the connection safely by typing:
    openvpn /etc/openvpn/client/client.conf

Enable DNS support

Because Linux has so many variations, and users often utilize their VPN provider’s DNS servers, OpenVPN left DNS support out of their program by default. Therefore, you’ll be instructed to do this by your VPN service to prevent DNS leaks. In case you don’t, enable external scripts for DNS implementation in OpenVPN in this fashion:

  1. Use cd to navigate to the folder where your configuration file is.
  2. Open it via a text editor by typing:
    nano config-file-name.ovpn
  3. Paste these 3 lines at the bottom of the file:
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
  4. Change the address and name of the config file to match yours.
  5. Save changes and connect to OpenVPN.

2. OpenVPN 3

The knowledge of what is a VPN and why they should use it, makes many users adept at creating their OpenVPN servers. We pointed out that lack of app support, let alone GUI-based apps, is why this is so common on Linux. Furthermore, we demonstrated creating a VPN server on a router using OpenVPN, and plan to publish guides on building a VPN server locally or via cloud services (Amazon Web Services, for example) soon. But to connect, you must master using an OpenVPN 3 client. Therefore, here’s how adding OpenVPN 3 to Linux distributions looks:

Installation on Debian-based distributions

On Linux operating systems based on Debian, do this:

  1. Ensure apt supports HTTPS transport to download necessary files by typing:
    sudo apt install apt-transport-https
  2. Download the OpenVPN 3 repository key by entering:
    sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub
  3. Add the key by typing:
    sudo apt-key add openvpn-repo-pkg-key.pub
  4. Install the repository by typing:
    sudo wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-<DISTRO>.list
  5. Replace <DISTRO> with the release name of your distro. For example, focal corresponds to Ubuntu 20.04.
  6. Update apt by typing:
    sudo apt update
  7. Finally, install OpenVPN 3 by typing:
    sudo apt install openvpn3

Installing on Unix-like distributions

Red Hat Enterprise Linux, Fedora, CentOS, to name a few, utilize the packages from the Fedora EPEL repository in method 1 above. So, installing OpenVPN 3 on these distros looks like this:

  1. Open Terminal.
  2. Install the EPEL repository. Here’s an example for RHEL 8/CentOS 8 for demonstration:
    sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  3. As you can see in the repository article, you must enable these bonus packages:
    • CodeReady Builder on RHEL 8: Type these 2 commands in succession:
      sudo ARCH=$( /bin/arch )”
      sudo subscription-manager repos –enable “codeready-builder-for-rhel-8-${ARCH}-rpms”
    • PowerTools on CentOS 8: Type this:
      sudo dnf config-manager –set-enabled PowerTools
  4. Skip this step on Fedora releases. On RHEL 8 and CentOS 8, you must install copr module by typing:
    sudo yum install yum-plugin-copr
  5. Now, install OpenVPN 3 copr repository like this:
    sudo yum copr enable dsommers/openvpn3
  6. Finally, install the OpenVPN 3 client itself by entering:
    sudo yum install openvpn3-client

Adding a config and connecting to the VPN

At this point, the commands for OpenVPN 3 are independent of a Linux distribution:

  • Import config file: openvpn3 config-import –config  “path/to/the/config-file-name.ovpn”
  • Check the list of imported configs: openvpn3 configs-list
  • Connect to VPN from a config: openvpn3 session-start –config  “path/to/the/config-file-name.ovpn”
  • Check the list of active VPN sessions: openvpn3 sessions-list
  • Change users: openvpn3 session-acl
  • Disconnect from the VPN: openvpn3 session-manage –session-path “path/to/the/config-file-name.ovpn” –disconnect

Milan

VPN is one of my passions. I love being secure and helping others avoid any potential threats online. I also contribute to several VPN guide websites online.