How to set up a VPN on Linux in 5 minutes for free
In this short and overdue tutorial, we will set up a virtual private network (VPN) to help protect your online anonymity. I will not be covering much on what a VPN is or what these settings are. We’re going to set one up. Let’s get straight to it.
This works on Ubuntu <=16.xx and most other distros. If you’re on Ubuntu 18+ then see this post for updated steps.
If you have any issues run a test on ipleak.net to find out what exactly is leaking information then view this response and the one linked in it. If it doesn’t help solve your problem then post a comment with as much information as possible.
- Computer with Linux OS. I’m using Ubuntu. The commands may be different if you’re not on a Debian based distro.
- Admin/Sudo privileges
- Basic computer skills
- Basic knowledge of what a VPN is
Take note of everything you change and make backups in case something goes wrong. Also, for the record, I’m not affiliated with any of the sites linked here. Follow this tutorial at your own risk since you could mess up some settings.
Part 1: Changing your DNS
Your domain name server (DNS) can give away some information about you, so we will want to change that. Start by using a tool such as DNS leak test to see what information is visible. Then work on hiding it.
- We’re going to use OpenDNS. Head to their website and grab their two name server IP addresses that can be found on their Setup Guide Page
2. Edit: /etc/dhcp/dhclient.conf
In your terminal type or copy/paste the command below. Nano is a text editor in the terminal. If the file is located somewhere else on your machine google or look for it.
sudo nano /etc/dhcp/dhclient.conf
Look for the line that says “prepend domain-name-servers.” If it’s commented out with a # symbol at the beginning of the line, uncomment it by removing the #. Now change the line so it uses the IP addresses from OpenDNS, and add one more 220.127.116.11 like mine below. Your internet may temporarily stop working at this point!
prepend domain-name-servers 18.104.22.168, 22.214.171.124, 126.96.36.199;
That line means it will use the first address, then the second if the first one fails, and finally 188.8.131.52 if the first two fail. This usually will not happen. We add 184.108.40.206 because by default it uses 3 addresses. If we don’t add the third one and the first two fail then your real address gets used. Now save and exit as shown below:
Press CTRL + O
Press CTRL + X
This will save and close the file. Now we’ll need to restart network-manager with the next command.
sudo service network-manager restart
You should now check to see if it works. Enter the command below, and see if the nameservers show up. Do a DNS leak test on the website linked above.
I did the steps, but the cat command only shows nameserver 127.0.1.1
Thanks to Dietmar and AnalyzeTrades for this issue/solution
Try commenting/removing dns=dnsmasq from /etc/NetworkManager/NetworkManager.conf
Part 2: Setting up a VPN
Fixing a DNS leak in web browser:
- In Firefox type about:config in your address bar and press Enter.
- On the config page search for: media.peerconnection.enabled
- Change it to false by double clicking on it.
- Restart Firefox.
I don’t know how this is done in other browsers.
Getting a Free VPN
- Google for a free VPN, and make sure it’s good. I’ll be using VPNBook for the rest of the steps.
- On VPNBook, you just download the config file for the VPN you want. Copy the username and password. The password changes periodically, so you will need to get it again later. It doesn’t matter where you are located when choosing your config file. You can be in the U.S., download the Euro one, and appear to be from Europe.
3. After you extract the downloaded zip file, open your terminal again. Change to the directory where you extracted it, or right click and choose “Open in Terminal.” We have just a few more steps now.
4. Install OpenVPN to use the config.
sudo apt-get install openvpn
5. Close your browser and anything connected to the internet. To use OpenVPN, enter the command below to run the config you want. Once it says “Initialization Complete,” you’re all set. You should keep the terminal open. If it fails, try a different VPN, or read the error and try to figure it out.
sudo openvpn vpnbook-ca1-tcp443.ovpn
6. Finally, test if it works by doing another DNS leak test.
Congratulations if you made it this far and it works! Here’s a bonus simple bash script that you can run. You just need to change the password when needed.
Bash Script 1
credits to Adnan Rahić
cd /path/to/VPNBook.com-OpenVPN-Euro1username="vpnbook"password="he2qv5h"read -sp "Enter Sudo Password: " sudopassword
/usr/bin/expect << EOF
spawn sudo openvpn vpnbook-euro1-tcp443.ovpnexpect "password for $USER: "send "$sudopassword\r"expect "Enter Auth Username: "send "$username\r"expect "Enter Auth Password: "send "$password\r"expect "$ "
This will start the VPN without the need to enter the username and password manually. The VPN will also stay running in the background. Here’s a script for killing it if the need arises.
#!/bin/bashsudo pkill vpn
Bash Script 2
#!/bin/bashecho "user: vpnbook"echo "pass: 5VHZEps"sudo openvpn vpnbook-ca1-tcp443.ovpn
Just put that into a new file, right click > properties > permissions, and allow executing file as a program. This example uses the Canada tcp 443 config.
Here are a few great articles by Quincy Larson that talk about VPNs, internet privacy, and security.
How to set up a VPN in 10 minutes for free (and why you urgently need one)
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and…medium.freecodecamp.comHow to encrypt your entire life in less than an hour
“Only the paranoid survive.” — Andy Grovemedium.freecodecamp.org
If you’re interested in ethical hacking and security, there’s a free 15 hour course on YouTube.