Best VPN Solutions for Linux Users
If you access the Internet from your Linux laptop, you should be aware of the features of Virtual Private Network (VPN). This technology is especially relevant for those who connect to the Network through access points located in public places, however, in many situations a VPN will not harm the computer used at home.
VPN allows you to protect data transmitted from point "A" to point "B". Point “A” is your computer. Point “B” is a VPN provider, or a VPN system that you deployed yourself, either in the cloud or somewhere else, for example, in the office. You can interact with VPN services using multiple protocols, but their essence remains the same: the traffic that travels between the computer and the VPN service is encrypted. This ensures that data is protected from being intercepted on the way from the point of departure to the destination.
')
There are many routing scenarios applicable when working with a VPN. A typical scenario is to redirect all traffic over a VPN connection, but, in addition, you can apply the concept of “split tunneling”. With this approach, some data goes through a VPN, while others go over a regular Internet connection in accordance with the routing rules.
VPN is often spoken of as a tool that allows people who don’t want to open up to work safely on the Internet, for example, fearing persecution for their actions. However, the possibilities and scenarios for using a VPN are much broader. For example, using a VPN, you can not be afraid of trouble by connecting to the Internet through public networks.
First, let's talk about the reasons for using VPN. Most often, they include data privacy and security considerations , but that’s not all.
For example, whether you use a home broadband connection, or mobile Internet in international roaming, there are chances that you may fall under the alignment of traffic. This operation is performed by service providers to limit the speed of transmission of certain data in order to prioritize certain types of traffic.
For example, many providers in the UK use traffic equalization for cross-border data transfer to slow down video streaming and music services. This is done in order to save traffic by creating inconvenience for users to use these services. Some broadband Internet providers are doing the same thing, limiting file download speeds during peak hours.
VPN can help to avoid this, because when using VPN technology, all traffic going through your Internet connection is encrypted. This means that the provider will not be able to understand what exactly goes through your communication channel. One small drawback of this approach is that some providers can detect and slow down VPN traffic itself. Although, given the variety of different available virtual private networks and protocols, this can be avoided by using services that are not widely known (usually - not OpenVPN).
The classic scenario of using VPN is to use this technology when working in public Wi-Fi networks . If you carry a laptop with you everywhere (or a phone, or anything else that goes on the Internet), then it will not be surprising to connect to the Internet for free in a cafe.
The problem here is that you can’t know exactly what is happening with the data as it goes from your computer to the online service you want to use. The data can be intercepted by someone on the Internet, or, if the cafe's Wi-Fi network is hacked, right on this network. If you are going to work with data that should not fall into the wrong hands, be it posts in a social network or banking information, you should seriously consider security. The use of VPN will provide reliable protection of the traffic going through public networks.
Another very common scenario for using VPN is to connect to corporate networks from the outside. The use of this approach means that the computers of such networks from the outside are not directly accessible. Instead, only the VPN server is visible on the Internet. When users connect to a VPN, they can work with the internal resources of the corporate network as if they are connecting to it from the office. Using split tunneling while remotely connecting to an organization’s network allows, on the one hand, to work on the Internet or in a local network in the usual way, but at the same time exchange data with corporate IP addresses via VPN.
The same approach can be used in the home network. By installing a VPN server at home, or using the VPN capabilities of many popular routers, you can connect to your home network from anywhere and work in it as if you are at home. This is especially useful if you have data stored in a NAS, or you may want to remotely view a picture from a security IP camera without opening access to it from the Internet.
Many organizations these days deploy infrastructures in the cloud using providers like Amazon Web Services. The usual concept of cloud hosting is a virtual private cloud (Virtual Private Cloud, VPC). This approach allows companies to have multiple servers hosted in the cloud and interacting with each other, but inaccessible to anyone connected to the Internet. VPN can also be deployed inside a VPC, as a result, again, the outside world seems to have a minimal number of ports, which helps to increase the overall level of security.
One of the considerations regarding the use of VPN services is their geographical location. If you are, say, in the UK, but are connected to a VPN that is located in another country, say, the United States, this will affect activities such as browsing the web, since the target server will only see your “ output IP, which is the IP address of the server to which you ultimately redirect traffic.
Like you may not be satisfied. For example, if you use Google, everything may be in a language that you don’t understand, or the data you need may be blocked by geography. But there are also pluses - for example, if you are abroad and use a VPN located in the UK, in order to work with data that can be restricted from other places (a great example is BBC iPlayer).
Perhaps if you are interested in the VPN topic, you have heard about VPS and want to know what it is and what is the difference between VPN and VPS. VPS is a virtual private server (Virtual Private server) - a virtual computer located in the cloud. Here are the main features of VPN and VPS, revealing the features of these technologies.
VPN Features
VPS Features
Now let's talk about the best VPN services.
Here are four best Linux VPN solutions you can use to protect your Internet connections. The first three are “do it yourself” tools, and the fourth is a traditional VPN provider.
When it comes to deploying your own VPN server, there are many options. You can take a clean Linux, and then install and configure the necessary packages. This approach will give the maximum level of control, but will require a considerable investment of time. Another option is to use tools for automatic deployment of VPN services. There are quite a few open source projects offering this feature, the most significant of which can be considered Streisand .
The Streisand Script creates a new server using L2TP / IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, Tor Bridge, and WireGuard. This gives the user a variety of connection methods that can satisfy almost any need, allowing you to connect to a VPN from any platform.
Particularly pleased that Streisand generates instructions for all these services. After installation, the user receives the HTML file of the manual, which can be given to friends or family members, and there are instructions on how to connect on the server itself.
The script is designed to work in Ubuntu 16.04 (current LTS release), it can be used to prepare the existing server via the Internet, and to automatically deploy a new one of one of the many cloud VPS providers, among them - Amazon EC2, DigitalOcean, Google Compute Engine, Linode, Rackspace. Streisand developers are planning to add support for Amazon Lightsail in the near future.
The server installation process is fully automated and takes only about 10 minutes. If necessary, the VPS can be completely reinstalled. It is very convenient and reduces the risk of hacking VPS. Streisand is an open-source project, it is checked by many independent developers, which makes it possible to speak about its high level of security.
While Streisand is a very popular VPN platform, this is far from the only solution of this type. Often used alternative - Algo - a set of Ansible-scripts (as Streisand), which simplifies the installation of its own IPSEC VPN. Algo includes, by default, the most secure settings. Again, it works with popular cloud providers, and most importantly, it does not require client software on most devices with which you can connect to it.
So why use Algo and not Streisand? Algo is much more limited than Streisand, and this is often referred to as its main advantage. In addition, Algo only supports IKEv2 with a single encryption subsystem - AES-GCM, HMAC-SHA2, and P-256 DH. It does not install Tor, OpenVPN or other servers, some of whom doubt the safety of use. Algo only supports one widely-spread protocol; it does not require client software on most devices. In addition, Algo is much better than Streisand shows itself in supporting a large number of users, providing a script that can be used after installing the server to update the list of users at the discretion of the administrator.
Apart from this main difference, many other aspects of Algo are similar to Streisand. It is deployed on Ubuntu, it can be installed on DigitalOcean, Amazon EC2, Microsoft Azure or on your own server. After the installation is completed, Algo generates the configuration files required for the connection. Algo, in addition, has its own optional installation features, such as ad blocking via a local DNS resolver and HTTP proxy, and limited SSH users to tunnel traffic.
The Algo website has details on how to connect to VPN services created with it from devices running on Apple’s development system, Android and Windows devices, and, of course, from computers running Linux.
Connecting Linux devices is provided using the strongSwan client, which allows you to connect quickly and reliably. If you want to connect from other types of clients or configure the connection yourself, certificate / key files are provided.
As in the case of Streisand, the project is open source, it is constantly updated and corrected.
Many of the VPN protocols and solutions used today have been around for a very long time, many consider them ineffective. If you look at the discussions about Streisand and Algo, you can find a lot of reasoning about which services and protocols to include in these products. The passions are added by the very different approaches used in these decisions. As a result, the question of what should be the means for organizing a VPN remains open. Although, to answer it, perhaps, will allow WireGuard .
WireGuard is a very simple, but fast and modern VPN service that uses current data encryption methods. Developers say that its goal is to be faster, simpler, smaller, more convenient than IPSec services, both in terms of work and in terms of installation. They say that it was created in order to be much better than the ubiquitous standard OpenVPN.
WIreGuard is designed as a multi-purpose VPN that can run on multiple platforms and is suitable for all types of use. WireGuard was originally created for the Linux kernel, but it is planned to be cross-platform and deployable in a variety of environments.
How good is he? Although it is currently under active development, it is already called by many the safest, easiest to use and simplest VPN solution in the industry.
On the WireGuard website there is an installation guide , and, of course, there are two options here - compile it from the source code or install as a ready-made package. PPA is provided for Ubuntu, you can install it on systems such as Debian, Arch, Fedora, CentOS, OpenSUSE, and many other distributions. There is a version for those who prefer macOS.
WireGuard is something more than something nice, but useless, despite the fact that the project is under active development. It is, at least, worth a try. Thanks to its competent implementation in the form of a simple network interface, amazing performance and minimal attack surface, it may well become the most popular VPN solution of the future.
What if, instead of deploying your own VPN solution, you prefer to subscribe to using a ready-made service? There are a lot of things in this area, for example, the GoldenFrog VyprVPN service, which is called “the most powerful VPN in the world”.
What does VyprVPN give? Among its features - high speed, server placement, which more than seven hundred, in about 70 places around the world. VyprVPN has about 200,000 IP addresses available, the service offers simple applications for a wide range of devices and an intelligent masking technology for OpenVPN tunnels called Chameleon.
Perhaps the main minus of VyprVPN is a closed source code. Of the advantages, it can be noted that GoldenFrog declares that it does not use the services of third-party companies, and that it owns all of its software and hardware, including the network infrastructure, and serves it all on its own. According to the company, this approach provides a very high level of confidentiality protection.
The VyprVPN service is based on Ubuntu servers and on a huge open source stack, which includes OpenVPN, strongSwan, Nginx, OpenSSL, Python and many other technologies. Parts of the system with a closed code is basically what unites everything else - web interfaces, clients, APIs, and so on. According to GoldenFrog, the code is closed for approximately 0.7% of the company's software stack.
Chameleon’s VyprVPN feature also has private source code, but this is one of the convincing arguments for using the service. Chameleon is based on OpenVPN. It takes the packets that need to be sent over the network and adds a layer of obfuscation, which is designed to counter deep packet inspection (DPI, Deep Packet Inspection) systems, the very unpleasant tool with which providers perform traffic equalization.
In addition, unlike other VPNs, Chameleon copes even with particularly aggressive providers. If this possibility interests you most, it is quite possible that you will not find a better VPN than VyprVPN .
For whatever reason you are looking for a VPN system for Linux, we hope our review has given you some food for thought. If you want to delve into finding the right VPN for you - here is an overview of the best VPN services of 2017, and here is a useful resource for those who are engaged in choosing a VPN.
Dear readers! Do you use VPN?
VPN allows you to protect data transmitted from point "A" to point "B". Point “A” is your computer. Point “B” is a VPN provider, or a VPN system that you deployed yourself, either in the cloud or somewhere else, for example, in the office. You can interact with VPN services using multiple protocols, but their essence remains the same: the traffic that travels between the computer and the VPN service is encrypted. This ensures that data is protected from being intercepted on the way from the point of departure to the destination.
')
There are many routing scenarios applicable when working with a VPN. A typical scenario is to redirect all traffic over a VPN connection, but, in addition, you can apply the concept of “split tunneling”. With this approach, some data goes through a VPN, while others go over a regular Internet connection in accordance with the routing rules.
VPN is often spoken of as a tool that allows people who don’t want to open up to work safely on the Internet, for example, fearing persecution for their actions. However, the possibilities and scenarios for using a VPN are much broader. For example, using a VPN, you can not be afraid of trouble by connecting to the Internet through public networks.
Why do we need virtual private networks?
First, let's talk about the reasons for using VPN. Most often, they include data privacy and security considerations , but that’s not all.
For example, whether you use a home broadband connection, or mobile Internet in international roaming, there are chances that you may fall under the alignment of traffic. This operation is performed by service providers to limit the speed of transmission of certain data in order to prioritize certain types of traffic.
For example, many providers in the UK use traffic equalization for cross-border data transfer to slow down video streaming and music services. This is done in order to save traffic by creating inconvenience for users to use these services. Some broadband Internet providers are doing the same thing, limiting file download speeds during peak hours.
VPN can help to avoid this, because when using VPN technology, all traffic going through your Internet connection is encrypted. This means that the provider will not be able to understand what exactly goes through your communication channel. One small drawback of this approach is that some providers can detect and slow down VPN traffic itself. Although, given the variety of different available virtual private networks and protocols, this can be avoided by using services that are not widely known (usually - not OpenVPN).
Data protection
The classic scenario of using VPN is to use this technology when working in public Wi-Fi networks . If you carry a laptop with you everywhere (or a phone, or anything else that goes on the Internet), then it will not be surprising to connect to the Internet for free in a cafe.
The problem here is that you can’t know exactly what is happening with the data as it goes from your computer to the online service you want to use. The data can be intercepted by someone on the Internet, or, if the cafe's Wi-Fi network is hacked, right on this network. If you are going to work with data that should not fall into the wrong hands, be it posts in a social network or banking information, you should seriously consider security. The use of VPN will provide reliable protection of the traffic going through public networks.
Another very common scenario for using VPN is to connect to corporate networks from the outside. The use of this approach means that the computers of such networks from the outside are not directly accessible. Instead, only the VPN server is visible on the Internet. When users connect to a VPN, they can work with the internal resources of the corporate network as if they are connecting to it from the office. Using split tunneling while remotely connecting to an organization’s network allows, on the one hand, to work on the Internet or in a local network in the usual way, but at the same time exchange data with corporate IP addresses via VPN.
The same approach can be used in the home network. By installing a VPN server at home, or using the VPN capabilities of many popular routers, you can connect to your home network from anywhere and work in it as if you are at home. This is especially useful if you have data stored in a NAS, or you may want to remotely view a picture from a security IP camera without opening access to it from the Internet.
Many organizations these days deploy infrastructures in the cloud using providers like Amazon Web Services. The usual concept of cloud hosting is a virtual private cloud (Virtual Private Cloud, VPC). This approach allows companies to have multiple servers hosted in the cloud and interacting with each other, but inaccessible to anyone connected to the Internet. VPN can also be deployed inside a VPC, as a result, again, the outside world seems to have a minimal number of ports, which helps to increase the overall level of security.
Where is the VPN located?
One of the considerations regarding the use of VPN services is their geographical location. If you are, say, in the UK, but are connected to a VPN that is located in another country, say, the United States, this will affect activities such as browsing the web, since the target server will only see your “ output IP, which is the IP address of the server to which you ultimately redirect traffic.
Like you may not be satisfied. For example, if you use Google, everything may be in a language that you don’t understand, or the data you need may be blocked by geography. But there are also pluses - for example, if you are abroad and use a VPN located in the UK, in order to work with data that can be restricted from other places (a great example is BBC iPlayer).
VPN and VPS
Perhaps if you are interested in the VPN topic, you have heard about VPS and want to know what it is and what is the difference between VPN and VPS. VPS is a virtual private server (Virtual Private server) - a virtual computer located in the cloud. Here are the main features of VPN and VPS, revealing the features of these technologies.
VPN Features
- This service is usually provided by specialized companies.
- VPNs can be deployed by technically literate users.
- VPN services vary widely in price - from free to very expensive.
- Typically, the quality of a VPN depends on its cost.
- If the encryption key is shared by different users, the data can, in theory, be intercepted.
- Popular VPN providers often have points of presence (PoP, Point of Presence) in different countries.
- Access speed usually varies depending on the location of the user.
VPS Features
- VPS providers provide certain processor, memory, data storage and traffic resources based on monthly payments.
- Typically, cloud servers come with basic OS builds that the user can customize.
- Most often this is a linux server.
- VPS are ideal for deploying your own VPN solution.
Now let's talk about the best VPN services.
Best Linux VPN Solutions
Here are four best Linux VPN solutions you can use to protect your Internet connections. The first three are “do it yourself” tools, and the fourth is a traditional VPN provider.
â–ŤStreisand
When it comes to deploying your own VPN server, there are many options. You can take a clean Linux, and then install and configure the necessary packages. This approach will give the maximum level of control, but will require a considerable investment of time. Another option is to use tools for automatic deployment of VPN services. There are quite a few open source projects offering this feature, the most significant of which can be considered Streisand .
The Streisand Script creates a new server using L2TP / IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, Tor Bridge, and WireGuard. This gives the user a variety of connection methods that can satisfy almost any need, allowing you to connect to a VPN from any platform.
Particularly pleased that Streisand generates instructions for all these services. After installation, the user receives the HTML file of the manual, which can be given to friends or family members, and there are instructions on how to connect on the server itself.
The script is designed to work in Ubuntu 16.04 (current LTS release), it can be used to prepare the existing server via the Internet, and to automatically deploy a new one of one of the many cloud VPS providers, among them - Amazon EC2, DigitalOcean, Google Compute Engine, Linode, Rackspace. Streisand developers are planning to add support for Amazon Lightsail in the near future.
The server installation process is fully automated and takes only about 10 minutes. If necessary, the VPS can be completely reinstalled. It is very convenient and reduces the risk of hacking VPS. Streisand is an open-source project, it is checked by many independent developers, which makes it possible to speak about its high level of security.
â–ŤAlgo
While Streisand is a very popular VPN platform, this is far from the only solution of this type. Often used alternative - Algo - a set of Ansible-scripts (as Streisand), which simplifies the installation of its own IPSEC VPN. Algo includes, by default, the most secure settings. Again, it works with popular cloud providers, and most importantly, it does not require client software on most devices with which you can connect to it.
So why use Algo and not Streisand? Algo is much more limited than Streisand, and this is often referred to as its main advantage. In addition, Algo only supports IKEv2 with a single encryption subsystem - AES-GCM, HMAC-SHA2, and P-256 DH. It does not install Tor, OpenVPN or other servers, some of whom doubt the safety of use. Algo only supports one widely-spread protocol; it does not require client software on most devices. In addition, Algo is much better than Streisand shows itself in supporting a large number of users, providing a script that can be used after installing the server to update the list of users at the discretion of the administrator.
Apart from this main difference, many other aspects of Algo are similar to Streisand. It is deployed on Ubuntu, it can be installed on DigitalOcean, Amazon EC2, Microsoft Azure or on your own server. After the installation is completed, Algo generates the configuration files required for the connection. Algo, in addition, has its own optional installation features, such as ad blocking via a local DNS resolver and HTTP proxy, and limited SSH users to tunnel traffic.
The Algo website has details on how to connect to VPN services created with it from devices running on Apple’s development system, Android and Windows devices, and, of course, from computers running Linux.
Connecting Linux devices is provided using the strongSwan client, which allows you to connect quickly and reliably. If you want to connect from other types of clients or configure the connection yourself, certificate / key files are provided.
As in the case of Streisand, the project is open source, it is constantly updated and corrected.
â–ŤWireGuard
Many of the VPN protocols and solutions used today have been around for a very long time, many consider them ineffective. If you look at the discussions about Streisand and Algo, you can find a lot of reasoning about which services and protocols to include in these products. The passions are added by the very different approaches used in these decisions. As a result, the question of what should be the means for organizing a VPN remains open. Although, to answer it, perhaps, will allow WireGuard .
WireGuard is a very simple, but fast and modern VPN service that uses current data encryption methods. Developers say that its goal is to be faster, simpler, smaller, more convenient than IPSec services, both in terms of work and in terms of installation. They say that it was created in order to be much better than the ubiquitous standard OpenVPN.
WIreGuard is designed as a multi-purpose VPN that can run on multiple platforms and is suitable for all types of use. WireGuard was originally created for the Linux kernel, but it is planned to be cross-platform and deployable in a variety of environments.
How good is he? Although it is currently under active development, it is already called by many the safest, easiest to use and simplest VPN solution in the industry.
On the WireGuard website there is an installation guide , and, of course, there are two options here - compile it from the source code or install as a ready-made package. PPA is provided for Ubuntu, you can install it on systems such as Debian, Arch, Fedora, CentOS, OpenSUSE, and many other distributions. There is a version for those who prefer macOS.
WireGuard is something more than something nice, but useless, despite the fact that the project is under active development. It is, at least, worth a try. Thanks to its competent implementation in the form of a simple network interface, amazing performance and minimal attack surface, it may well become the most popular VPN solution of the future.
â–ŤVyprVPN
What if, instead of deploying your own VPN solution, you prefer to subscribe to using a ready-made service? There are a lot of things in this area, for example, the GoldenFrog VyprVPN service, which is called “the most powerful VPN in the world”.
What does VyprVPN give? Among its features - high speed, server placement, which more than seven hundred, in about 70 places around the world. VyprVPN has about 200,000 IP addresses available, the service offers simple applications for a wide range of devices and an intelligent masking technology for OpenVPN tunnels called Chameleon.
Perhaps the main minus of VyprVPN is a closed source code. Of the advantages, it can be noted that GoldenFrog declares that it does not use the services of third-party companies, and that it owns all of its software and hardware, including the network infrastructure, and serves it all on its own. According to the company, this approach provides a very high level of confidentiality protection.
The VyprVPN service is based on Ubuntu servers and on a huge open source stack, which includes OpenVPN, strongSwan, Nginx, OpenSSL, Python and many other technologies. Parts of the system with a closed code is basically what unites everything else - web interfaces, clients, APIs, and so on. According to GoldenFrog, the code is closed for approximately 0.7% of the company's software stack.
Chameleon’s VyprVPN feature also has private source code, but this is one of the convincing arguments for using the service. Chameleon is based on OpenVPN. It takes the packets that need to be sent over the network and adds a layer of obfuscation, which is designed to counter deep packet inspection (DPI, Deep Packet Inspection) systems, the very unpleasant tool with which providers perform traffic equalization.
In addition, unlike other VPNs, Chameleon copes even with particularly aggressive providers. If this possibility interests you most, it is quite possible that you will not find a better VPN than VyprVPN .
Results
For whatever reason you are looking for a VPN system for Linux, we hope our review has given you some food for thought. If you want to delve into finding the right VPN for you - here is an overview of the best VPN services of 2017, and here is a useful resource for those who are engaged in choosing a VPN.
Dear readers! Do you use VPN?
Source: https://habr.com/ru/post/343050/
All Articles