How to configure VPN on Linux

VPN Everyone wants to have secure and private access to the Internet and using a VPN is one of the ways to achieve that. In this article, you will learn how to configure the most popular VPN protocols on Linux (OpenVPN, Cisco AnyConnect, SSL-VPN, L2TP/IPsec)

What is a VPN?

A VPN (Virtual Private Network) is software that encrypts your data and moves it through a “tunnel” between your computer and a remote network. This makes your data secure and safe when you are connected to any network online because your computer is not directly exposed to the Internet. It is shielded by a remote network to which you connect with the VPN software.

What are the benefits?

Using a VPN can be very beneficial, even for those who think one is not needed. It bears several benefits.

Your data is encrypted

When you are connected to a public network, any information is at risk to hackers. Bank details, personal information, and more can be at risk if you are not protected. Some internet service providers (IPS) are not fair and may collect and sell your internet activity data. By using a VPN, you encrypt all the traffic going to and from your computer and thus protect yourself from these issues.

Mask your IP address

When you use a VPN, your IP address is not known to the Internet, because all your activity looks like it goes from the IP address of your VPN instead of your real IP. This may be extremely useful if you need to protect your identity.

Access restricted content

Certain websites restrict access to their content only to local users. For example, many media websites have such restrictions and you may not be able to access them when you are abroad. I showed how you can fix this issue by using the IP settings in the TOR browser. Using a VPN is a more elegant solution because there is no connection slow-down as in TOR. Many VPN services provide an option to select an IP of any country. So, you may pretend that you access a website from within a country but in fact, you are located outside of it.

Avoid internet speed throttling

Besides selling your data, your internet service provider (IPS) may also be unfair and may throttle or slow down your internet connection when you use too much bandwidth. There are several ways to check if your connection is throttled Using a VPN allows avoiding the monitoring by IPS and thus speed throttling.

Access office computer

You may also need to configure a VPN to be able to connect to your office computer or your work server. Office computers are often protected by the corporate network firewall, and you won’t be able to connect to them directly. You first need to connect to that corporate network using VPN software and only then to your computer/server. Recently many of us started to work remotely, and if configuring a VPN on Linux doesn’t look easy, this tutorial must help you.

How to configure VPNs on Linux

There are many versions of VPNs and they require different settings to make them work. We will have a look at the most common ways to configure VPN on Linux and we will focus on the programs that are available in Linux default repositories and enable VPN connection through the graphical network manager. Our goal is to see an established VPN connection using different VPN protocols. An example of the network manager icon that indicated working VPN in GNOME and KDE:

VPN connection is working

VPN software (DEB, RPM, sh, etc.)

Many VPN services provide a software package or a script that you download and install to get their VPN configured automatically. This is the easiest way to get a VPN working Unfortunately, these packages and scripts may not work equally well on all Linux distros because they are usually tailored only for the most popular Linux distros.

OpenVPN

OpenVPN is one of the most popular software to set up a VPN service. It is open-source software that is used by many businesses. You can even use OpenVPN to set up your own private VPN server.

Most Linux distros have OpenVPN pre-installed and you can find it in the Network settings. If you do not see the OpenVPN option in your network manager, you need to install it:

sudo apt install openvpn network-manager-openvpn network-manager-openvpn-gnome

After the installation, open the OpenVPN settings:

Settings -> Network -> add a new VPN -> OpenVPN

OpenVPN option in Network Manager

And add your VPN credentials. Depending on how your OpenVPN server is configured, you need to use different authentication methods:

  • Certificates (TLS)
  • Password
  • Password with Certificates (TLS)
  • Static key

I used the Certificates (TLS) method when I set up my private OpenVPN server, so I download all the certificates and keys and specify them this way:

OpenVPN TLS settings

Alternatively, if you have the OpenVPN.ovpn configuration file (file name may be different), you can import it and all the settings will be extracted from it automatically:

Settings -> Network -> VPN -> Import from file…

However, the import option doesn’t work correctly all the time, you can also open the OpenVPN.ovpn configuration file with a text editor and copy-paste the credentials to the network manager.

Cisco AnyConnect VPN

Cisco AnyConnect VPN is another popular VPN software that is used by many businesses and institutions. Often they require you to install Cisco proprietary software that will run on your computer and connect you to the Cisco AnyConnect VPN:

4.Cisco VPN proprietary login window

However, you do not need to install it to be able to connect to the Cisco AnyConnect VPN. Actually, I have had problems with installing the Cisco AnyConnect proprietary client on some computers. I prefer to have more control over my system and use open-source software when possible. Luckily, there is an open-source protocol that is compatible with Cisco AnyConnect. Just install OpenConnect:

sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome

After the installation, go to the VPN settings:

Settings -> Network -> add a new VPN -> OpenConnect (Cisco AnyConnect)

Add the VPN address of your Cisco AnyConnect VPN provides to the Gateway and try to connect. You are likely to see this log-in window, where you enter your username and password:

Cisco VPN OpenConnect login window

If your Cisco AnyConnect VPN configuration also requires setting up certificates and scripts, you can add them in the settings window:

Cisco VPN OpenConnect Settings

SSL-VPN

I also have experience working with organizations that use an SSL-VPN (Secure Sockets Layer Virtual Private Network). The documentation on the VPN configuration stated that it was necessary to download and install FortiClient. I prefer to avoid installing third-party software and search for build-in Linux tools to configure an SSL-VPN. Turned out, it exists and it is straightforward to install and configure.

First, install fortisslvpn packages:

sudo apt install network-manager-fortisslvpn network-manager-fortisslvpn-gnome

Then, open its settings and configure it:

Settings -> Network -> add a new VPN -> select Fortinet SSLVPN (fortisslvpn) -> configure using your VPN account credentials

fortisslvpn settings

Usually, you only provide the address/gateway and the user name. You are prompted to enter your password when you try to connect.

L2TP/IPsec

L2TP/IPsec (Layer 2 Tunneling Protocol) is one more protocol of a VPN connection. I use it only occasionally as a backup VPN when the SSL-VPN connection doesn’t work. Its configuration on Linux is similar to other VPNs.

Install l2tp packages:

sudo apt install network-manager-l2tp network-manager-l2tp-gnome

Settings -> Network -> add a new VPN -> select VPN (l2tp) -> add the L2TP credentials -> IPsec Settings -> _add the IPsec credentials

An example of the L2TP settings:

L2TP settings

An example of the IPSec settings:

IPSec settings

Troubleshooting

Most VPN services are simple and straightforward to configure on Linux. You usually need only provide these settings:

  • Name: Whatever you want to call your VPN
  • Gateway: It is a web address or IP of your VPN. Sometimes you also need to provide a port number like this: vpn.somewebsite.com:443.
  • User name: your VPN account username. If your username is your email, try to use only the username without @somewebsite.com.
  • Password: Usually you can enter and save a password during the configuration in the network manager. But for some VPN, you only enter the user names and you are prompted to type the password when you try to connect.
  • Keys and certificates: many VPNs require to add keys and certificates to be able to establish a connection. Make sure you have downloaded and added to your configuration all the keys and certificates from your VPN provider. If you cannot find where to add them, check the “Advanced” setting for that VPN connection.

Finally, I have highlighted only the graphical configuration of a few VPNs, but all VPNs can also be configured and tested in the command line. If you have trouble establishing a VPN connection with GUI, try the command-line way. Here, is an example how to configure VPN in the command line on Linux.

Conclusion

Unfortunately, very few organizations provide clear instructions on how to configure a VPN on Linux. Often you have to follow the instructions for Windows and Mac and guess how to adapt them to Linux. However, almost any VPN can be configured on Linux. There was no VPN which I was not able to make work on Linux. I’ve shared my experience of configuring a VPN on Linux. If you have experience configuring other VPN protocols on Linux, please share it in the comments below. Also, if you have problems configuring a VPN on Linux, please comment below and we will try to help you.

Please consider supporting this project:


Become a patron Buy me a coffeeBuy me a coffee Shop on Amazon Buy Linux Laptop Build Linux PC BTC: 1CfCLTYCqqDfYbngcvQtEav3n7SMZihfSS

Average Linux User
Average Linux User I am the founder of the Average Linux User project, which is a hobby I work on at night. During the day I am a scientist who uses computers to analyze genetic data.
Learn how to write in Markdown with this Quick Reference.
Notify me of new comments on this post.
* E-mail is used to display Gravatar.