AWS Client VPN for Linux

This document is a reference document for OpenVPN 3 Linux client. CloudConnexa Connector for Linux uses OpenVPN 3. Deploying Connector for CloudConnexa is covered separately here.

OpenVPN 3 Client for Linux

General reference guide for installing and operating openvpn3 client on various Linux distributions.

Note

This document is a reference document for OpenVPN 3 Linux client. CloudConnexa Connector for Linux uses OpenVPN 3. Deploying Connector for CloudConnexa is covered separately here.

The OpenVPN 3 Linux project is a new client built on top of the OpenVPN 3 Core Library, which is also used in the various OpenVPN Connect clients. For more information on the project, refer to the Community Wiki.

This client is built around a completely different architecture in regard to usage. It builds heavily on D-Bus and allows unprivileged users to start and manage their own VPN tunnels out-of-the-box. System Administrators wanting more control can also control and restrict this access both by hardening the default OpenVPN 3 D-Bus policy or facilitating features in OpenVPN 3 Linux.

Even though the project name carries “Linux”, it doesn’t mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.

The release notes are stored in git tags in the project git repository. They can also be viewed here: https://github.com/OpenVPN/openvpn3-linux/releases (expand the tag to see the full text).

Installation for Debian and Ubuntu

Follow these steps in order to install OpenVPN 3 Client on Linux for Debian and Ubuntu:

1. Open the Terminal by pressing ctrl + alt + T .
2. Type the following command into the Terminal: curl -fsSL https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub | gpg –dearmor | sudo tee /etc/apt/trusted.gpg.d/openvpn-repo-pkg-keyring.gpg . This will install the OpenVPN repository key used by the OpenVPN 3 Linux packages.
3. Type the following command into the Terminal: DISTRO=$(lsb_release -c | awk ”) . This will detect the OS distribution and will be automatically used in the next command.

Important

It is recommended to be cautious of the distribution and release you are running. Distribution and version should preferably be retrieved using the hostnamectl command, where the user needs to link the Operating System field with the supported distributions table.

Table 1. Debian and Ubuntu Supported Distributions

Distribution	Release	Release Name ($DISTRO)
Debian	10	buster
Debian	11	bullseye
Ubuntu	18.04	bionic
Ubuntu	20.04	focal
Ubuntu	22.04	jammy

Installation for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux

Packages for these distributions are provided via a Fedora Copr repository. Supported release versions for Fedora are releases 30, 31, and 32. Supported release versions for Red Hat Enterprise Linux / CentOS are releases 7 and 8.

In order to install the OpenVPN 3 Client for Fedora, Red Hat Enterprise Linux, CentOS, or Scientific Linux, follow the steps below:

1. Open Terminal by typing terminal into the search bar.
2. If you are running Red Hat Enterprise Linux or its clones, you need to install the Fedora EPEL repository first. Here is the list of commands for each version: (The original article on Fedora EPEL can be found here) RHEL/CentOS 6: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm RHEL/CentOS 7: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm On RHEL 7, it is recommended to also enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories: sudo subscription-manager repos –enable “rhel-*-optional-rpms” –enable “rhel-*-extras-rpms” –enable “rhel-ha-for-rhel-*-server-rpms RHEL/CentOS 8: sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm On RHEL 8, it is required to also enable the codeready-builder-for-rhel-8-$-rpms repository since EPEL packages may depend on packages from it: sudo ARCH=$( /bin/arch ) followed by sudo subscription-manager repos –enable “codeready-builder-for-rhel-8-$-rpms On CentOS 8, it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: sudo dnf config-manager –set-enabled PowerTools
3. You need to install the yum copr module first by running the following command: sudo yum install yum-plugin-copr .

Note

Fedora releases usually have the yum/dnf copr module preinstalled.

Using .ovpn Profile

Please note that by this point you should have downloaded a .ovpn profile to your machine.

Mandatory Commands

In order to start a one-shot configuration Profile, type the following command into the Terminal: openvpn3 session-start –config $

Important

A one-shot configuration Profile means that the configuration file is parsed, loaded, and deleted from the configuration manager as soon as the VPN session has been started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the openvpn3 session-start command directly.

Note

Using this approach, an imported configuration file can be used several times, and access to the configuration file itself is not needed to start VPN tunnels. By default, configuration profiles imported are only available to the User who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via openvpn3 config-acl to grant access to specific or all users on the system.

Important

This loads the configuration Profile and stores it in memory-only. That means if the system is rebooted, the configuration Profile is not preserved. If the –persistent argument is added to the command line above, the configuration Profile will be saved to disk in a directory only accessible by the user. Whenever the Configuration Manager is started, configuration files imported with –persistent will be automatically loaded as well.

Note

When a configuration Profile is available via openvpn3 configs-list , it can easily be started via openvpn3 session-start using the configuration Profile name (typically the filename used during the import)

AWS Client VPN for Linux

The following procedures show how to install the AWS provided client for Linux, and to establish a VPN connection using the AWS provided client. The AWS provided client for Linux does not support automatic updates.

Contents

Requirements

To use the AWS provided client for Linux, the following is required:

• Ubuntu 18.04 LTS or Ubuntu 20.04 LTS (AMD64 only)

The client reserves TCP port 8096 on your computer. For Client VPN endpoints that use SAML-based federated authentication (single sign-on) the client reserves TCP port 35001.

Before you begin, ensure that your Client VPN administrator has created a Client VPN endpoint and provided you with the Client VPN endpoint configuration file.

Installation

There are multiple methods that can be used to install the AWS provided client for Linux. Use one of the methods provided in the following options. Before you begin, ensure that you’ve read the requirements.

Option 1 — Install via package repository

1. Add the AWS VPN Client public key to your Ubuntu OS.

wget -qO- https://d20adtppz83p9s.cloudfront.net/GTK/latest/debian-repo/awsvpnclient_public_key.asc | sudo tee /etc/apt/trusted.gpg.d/awsvpnclient_public_key.asc

echo "deb [arch=amd64] https://d20adtppz83p9s.cloudfront.net/GTK/latest/debian-repo ubuntu-18.04 main" | sudo tee /etc/apt/sources.list.d/aws-vpn-client.list

Ubuntu 20.04

echo "deb [arch=amd64] https://d20adtppz83p9s.cloudfront.net/GTK/latest/debian-repo ubuntu-20.04 main" | sudo tee /etc/apt/sources.list.d/aws-vpn-client.list

sudo apt-get update

sudo apt-get install awsvpnclient

Option 2 — Install using the .deb package file

1. Download the .deb file from AWS Client VPN download or by using the following command.

curl https://d20adtppz83p9s.cloudfront.net/GTK/latest/awsvpnclient_amd64.deb -o awsvpnclient_amd64.deb

sudo dpkg -i awsvpnclient_amd64.deb

Option 3 — Install the .deb package using Ubuntu Software Center

1. Download the .deb package file from AWS Client VPN download .
2. After downloading the .deb package file, use the Ubuntu Software Center to install the package. Follow the steps for installing from a standalone .deb package using Ubuntu Software Center, as described on the Ubuntu Wiki .

Connecting

The AWS provided client is also referred to as the AWS VPN Client in the following steps.

To connect using the AWS provided client for Linux

1. Open the AWS VPN Client app.
2. Choose File, Manage Profiles.
3. Choose Add Profile.

Release notes

The following table contains the release notes and download links for the current and previous versions of AWS Client VPN for Linux.

• Fixed a connectivity issue when NAT64 is enabled in the client network.
• Minor bug fixes and enhancements.

• Improved security posture.

• Improved security posture.

10 Best Linux VPN Clients and Services

Do you want to secure your online privacy? If yes, then you have come to the right place. Despite the trademark as Linux is the safest and most secure OS, online surfing and life are not as safe as you think. There are lots of unwanted intrusions ready to make your digital life imbalanced.

Here you must learn how to combat various intrusions and malicious threats. Securing online privacy is one concerning a topic in today’s technology world. So being a Linux user or any other OS hobbyist, you must secure your online identity, privacy, and footprints.

In this case, VPN services with a Linux VPN Client come into the picture to ensure your anonymity and online security.

Some popular Linux VPN client software is available in the community to connect a VPN server, like OpenVPN, AnyConnect, Network Manage, and OpenConnect. But it would be better if the VPN services provide a native Linux VPN client that makes a plug-and-play mode with minimum manual configuration.

Best Linux VPN Client Software and Services

This roundup article will share a generic list of the best Linux VPN clients and some best VPN services. This will help privacy-minded users add an extra layer of protection and security to keep the internet connection private. Moreover, you can also have the facility of unblocking content or bypass censorship.

1. ProtonVPN Client Tool for Linux

ProtonVPN is created by a group of scientists, engineers, and cryptographers to secure the internet for everyone and anywhere you access the internet. This VPN service is focused on privacy, security, and freedom. It creates an encrypted VPN tunnel where your personal passwords and banking data remain safe even when using a public or untrusted data connection.

It keeps your browsing data private and does not share it with any third party. It also lets you have access to geo-locked content or any website. The Tor anonymity network is smoothly integrated with ProtonVPN so that you can get all the traffic through it.

2. ExpressVPN – All Round VPN for Linux

ExpressVPN is one of the best VPNs for Linux, and it supports a wide range of Linux distros, including Ubuntu, Debian, CentOS, Fedora, etc. This VPN service provides impressive Linux support and speedy performance.

Though ExpressVPN does not offer any desktop GUI, you have a command-line interface that might be difficult for newbie Linux users. You can use OpenVPN to configure this Linux VPN service, and it doesn’t record any online activity or logging of traffic information.

3. Private Internet Access

Private Internet Access (PIA) is a well-known VPN service with a 256-bit AES encrypted connection to provide you with an anonymous IP to protect your online footprints and privacy. Besides all other protocols, OpenVPN is the default and most secure one.

This Linux VPN service provides a kill switch, IPV6, and DNS leak protection. It does not keep any traffic or user activity logs on the VPN server.

4. Pritunl Client – Open Source OpenVPN Client

Pritunl is a free, minimalist, and open source cross-platform OpenVPN client. This Linux VPN Client lets you connect with OpenVPN servers in the fastest way. Moreover, you can also import OpenVPN profiles and do a little bit of configuration with the existing connection.

Pritunl client is simple, easy to use, and offers a modern colorful UI. You can import OpenVPN profiles as many as you want. You can find easy documentation on installing Pritunl OpenVPN clients on various Linux distros on the official site.

5. TorGuard – Privacy with Anonymous VPN

TorGuard Linux VPN service is best known for the perfect balance of price and performance. This best VPN for Linux provides a military-grade encrypted internet connection for your digital footprint and stays as long as you want with speed and performance using anonymous IP. This VPN service provides a native Linux VPN client with a nifty how-to guide for easy configuration.

TorGuard is relentlessly concerned and committed to online security and privacy protection. The service includes multiple protocol support, AnyConnect, OpenConnect SSL support, Perfect Forward Secrecy (TLS), unwanted ads, malware, and intrusion blocking. This Linux VPN server does not store any logging or traffic logs in the VPN server and protection from deep packet inspection.

6. AirVPN – Best VPN for Security and Privacy

AirVPN is a reliable, highly customizable, and privacy-focused best VPN for Linux. It has a native Linux VPN client for all the major distributions. You can either use a command line or GUI for easy configuration. This is an OpenVPN-based Linux VPN server that ensures a solid and encrypted defense tunnel for privacy and net neutrality.

This military-grade encryption tunnel prevents unwanted intrusions like spying on ISP, the government, or any criminal organization. This best VPN service is transparent enough on online security and privacy fronts. This offers tools like a kill switch, an internal DNS solution, and support for OpenVPN over SSH, SSL, or Tor.

7. HideMyAss – Best VPN for Novice Users

HMA is a good choice for novice users to easily and configurable native Linux VPN clients or even OpenVPN. This VPN service provides a well-written how-to guide for Linux.

It’s a cross-platform and multi-device supported VPN service. You can enjoy unlimited uploads and downloads, fast and ultra-reliable network access, secure public Wi‑Fi, and Watch anything anywhere.

8. Mullvad – Privacy is a Universal Right

Mullvad provides an open source VPN client for Ubuntu/Debian based on a graphical user interface. Mullvad is one of the best VPN services with lots of features like IPv6 routing, a kill switch, perfect port forwarding, IPv6 and DNS leak protection, etc. All those tools are just for your online identity, location, and activity to be private.

This VPN service creates a strong AES-256 encrypted connection to browse the web securely and protect your privacy. Mullvad’s Linux VPN server does not store any activity logs and keeps you as anonymous as you want in your digital life.

9. VPN Unlimited – Top-Notch Protection

VPN Unlimited is quite well known across all the major OS platforms,s including Linux, Windows, Android, macOS, iOS, etc. It supports OpenVPN protocol, stops tracking, ad blocking, and anti-malware.

This Linux VPN service does not share data, personal passwords, or bank data with any third party. VPN Unlimited encrypts the data connection and ensures total security with uncompromised speed.

10. Buffered VPN – Private, Safe, and Fair

If you want to protect yourself from unwanted online intrusion or spyware, then a Buffered VPN is for you. It has been rated and voted one of the best and fastest VPN services in the Linux community.

It’s easy to set up on Linux but only supports OpenVPN protocol. Buffered VPN is compatible across devices and ensures a high-speed connection with no restrictions . It has a very simple and modern Linux VPN client. Check out the official tutorial on installing in Ubuntu.

What Makes a Good Linux VPN?

Here I’ve tried to enlist all the best VPN services for Linux based on support as native Linux VPN clients and a clear and transparent privacy policy that spells everything out.

So while selecting the best VPN for Linux, you must look forward to some criteria like a Linux VPN client is available with little or no manual configuration, ensures a speedy performance, does not keep any traffic or activity logs, can download or watch unlimited streaming services, unblock geo-locked websites and apps, etc.

Final Thought

Is this article on the Best Linux VPN client and services helpful? Let us know which one you use or intend to use . Did I miss any important one in this VPN services list? Share your experiences and suggestions in the comment below.