Best secure, private WireGuard VPN providers for GNU/Linux in 2020

WireGuard VPN by Jason A. Donenfeld is defacto the state-of-art cryptography and technology when it comes to VPN that we can get today. It aims to be faster than IKEv2 as easy as managing SSH keys. The security of VPN connections is as robust as latest OpenVPN releases. It is a high performant network with minimal lines of code that is easy to deploy, audit and maintain. Because it lives inside the Linux kernel itself as a module, it leaves less room for attack surface.

It has gotten so popular and stable that it has attracted the attention of Mr Linus Torwalds, the creater of Linux kernel too. He has merged it into the upcoming Linux 5.6 kernel. It shows significant and relevance of WireGuard VPN. The outrageously saturated commercial privacy VPN providers have also been trying to catch up and up their game by introducing WireGuard VPN technology to their privacy seeking consumers.

All is not well, it is because the UDP network protocol used by WireGuard. Sadly, it is still hard to route it via restricted networks using fancy proxies owing to lack of TCP protocol support.

Other reasons to consider WireGuard VPN is its built-in roaming and effortless setup for Kill switch or VPN firewall.

A list of pioneers in adoption of WireGuard VPN is as follows:

1. IVPN.net

Jurisdiction – Gibraltar

Privacy policy on logs – IVPN don’t log anything in terms of user’s activity while connected or connecting to the VPN. No DNS, traffic, connection timestamp or duration, bandwidth, IP address or account activity logs are kept. To keep a check on concurrent connections a temporary record is made, when a user disconnects the relevant record is deleted.

Servers in Countries – 32

Devices or concurrent connections with base or standard plan – 2

VPN app for GNU/Linux – No

Whether P2P is allowed? Yes, on all servers

Whether Bitcoin or Cash is accepted as payment method? Both

VPN IPv6 connections – Not yet

This Gibraltar-based VPN provider is one of the earliest adopter and official ‘Silver Company Donor’ at WireGuard. It is known VPN provider with ethics that has been actively contributing to project like Tor, EFF, Open Rights Group, Access Now etc.

The staff has penchant for individual privacy and hence it works hard to uphold your fundamental universal right of privacy.

It has written about efforts it took to protect your privacy using WireGuard VPN. The VPN service is quite lucid about policies and how it works.

Other worth mentioning things are its own private DNS service.

All this for just 5 USD a month when paid annually.

Lack of VPN app for GNU/Linux and VPN IPv6 is not cool. It would be better if they offered automated script based installation for Network Manager or command line.

2. Mullvad.net

Jurisdiction – Sweden

Privacy policy on logs – Mullvad don’t log anything in terms of user’s activity while connected or connecting to the VPN. No DNS, traffic, connection timestamp or duration, bandwidth, IP address or account activity logs are kept. To keep a check on concurrent connections a record is made in temporary memory only; none of this information is permanently stored to disk.

Servers in Countries – 36

Devices or concurrent connections with base or standard plan – 5

VPN app for GNU/Linux – Yes with WireGuard support

Whether P2P is allowed? Yes, on all servers

Whether Bitcoin or Cash is accepted as payment method? Both, 10% off on Bitcoin payments

VPN IPv6 connections – Yes

This Sweden-based VPN provider is one of the first adopter and official ‘Bronze Company Donor’ at WireGuard.

Mullvad functions on the concept of ‘No email, no username’, just anonymity. A random number is generated upon sign up that is used as your login

It is one of the most privacy friendly VPN provider in the industry. You cannot go wrong with Mullvad in terms of privacy and security. It is technically sound and run by a dedicated team of experts.

Other worth mentioning things are its own public DNS service, use of dedicated servers exclusively and opensource code for VPN apps.

Privacy is fundamental to a well-functioning society because it allows norms, ethics, and laws to be safely discussed and challenged. Without privacy, a free and open society can neither flourish nor exist.

Mullvad is a flat rate service at 5 EUR a month. Also, it is serious about its pricing and sustainability. There is no discount ever other than the 10% discount you get when paying using Bitcoin.

There is nothing to complaint with Mullvad VPN. It is one of the best privacy VPN out there with dedicated VPN app for GNU/Linux.

3. AzireVPN.com

Jurisdiction – Sweden

Privacy policy on logs – AzireVPN don’t log anything in terms of user’s activity while connected or connecting to the VPN. No DNS, traffic, connection timestamp or duration, bandwidth, IP address or account activity logs are kept. Last time I check Azire doesn’t really do anything to keep an eye on number of concurrent connections, it expects you to ethically follow it

Servers in Countries – 9

Devices or concurrent connections with base or standard plan – 5

VPN app for GNU/Linux – Yes, WireGuard not supported

Whether P2P is allowed? Yes, on all servers

Whether Bitcoin or Cash is accepted as payment method? Both

VPN IPv6 connections – Yes

This Swedish VPN provider is not only one of the first adopter but also an active promoter of WireGuard VPN. It was found in 2012 to help people avoiding censorship and interception on the Internet.

It is the only privacy VPN provider I know of that offered WireGuard VPN access for free in order to promote WireGuard.

AzireVPN is probably the only VPN provider that physically co-locates their own hardware to datacenters for every location they offer themselves. They travel to the place with the hardware i.e. the diskless VPN servers to setup it in a rack or provided space. This kind of effort is unmatched in the whole industry. Kudos to AzireVPN!

Like Mullvad it is one of the most privacy friendly VPN provider out there. You cannot go wrong with AzireVPN in terms of privacy, security, speed and availability owing to dedicated own hardware setups. It is technically superb and run by a dedicated small team of in-house experts.

We have been working hard since 2012 to fight censorship and restrictions on the Internet.

Other worth mentioning things are its own public DNS service with DNScrypt support, dual-stack VPN, free of cost dynamic public IP addresses in each location and opensource code for VPN apps.

You would surely expect a VPN provider like Azire to charge more, but you can get it for just 3.25 EUR a month when pre-paid for 24 months.

It is a steal in terms of pricing given the amount of efforts they put. Lack of WireGuard VPN support in VPN app is not cool but bearable.

4. PrivateInternetAccess or PIA

Jurisdiction – USA

Privacy policy on logs – PIA don’t log anything in terms of user’s activity while connected or connecting to the VPN.

Servers in Countries – 44

Devices or concurrent connections with base or standard plan – 10

VPN app for GNU/Linux – Yes with WireGuard support

Whether P2P is allowed? Yes

Whether Bitcoin or Cash is accepted as payment method? Bitcoin, but no cash

VPN IPv6 connections – Not yet

PrivateInternetAccess is the biggest privacy VPN in the industry based in USA, land of the free. It is a strong financial supporter of WireGuard VPN along with a huge list of open source project and civil liberties/rights projects or organizations worldwide including EFF, FSF, Let’s Encrypt, freenode IRC network etc. It is one of the companies registered in USA that makes us believe in free will even in times of NSA. It is really hard for the world to imagine a no-logs privacy VPN based in USA. PIA has time and again proven itself to be one of the best low-cost reliable option for general folks out there.

For open source fans, PIA is not a stranger name at all. Most of us who use IRC or Let’s Encrypt SSL certs already know how much PIA loves to contribute with utmost generosity. Although it didn’t adopt WireGuard in early stage, but it was expected owing to the huge client base it has. It would not be easy for PIA to just switch over in a day. It needed its time and finally on March 18, this year they announced a public beta program to preview WireGuard protocol to its client base using their custom open source VPN apps.

After a few weeks of testing, it came out of beta on April 10th 2020 and is available for all consumers including VPN app for GNU/Linux.

Other worth mentioning features are Ad blocking, support for plethora of streaming services.

So the biggest VPN network access is available at a nominal rate of 2.85 USD a month only when paid yearly with added free months.

Lack of IPv6 support in 2020 is so uncool. Also some users would not like it to be a US based provider.

5. OVPN.com

Jurisdiction – Sweden

Privacy policy on logs – OVPN don’t log anything in terms of user’s activity while connected or connecting to the VPN. No DNS, traffic, connection timestamp or duration, bandwidth, IP address or account activity logs are kept.

Servers in Countries – 15

Devices or concurrent connections with base or standard plan – 4

VPN app for GNU/Linux – Yes but without WireGuard support as of yet

Whether P2P is allowed? Yes, on all servers

Whether Bitcoin or Cash is accepted as payment method? Both

VPN IPv6 connections – Yes

This Sweden-based VPN provider isn’t an early adopter of WireGuard VPN despite being an official ‘Bronze Company Donor’ at WireGuard.

OVPN is one of the only VPN providers like AzireVPN that physical owns all the servers. Here with OVPN the disk-less servers are kept in isolated racks. Everything basically runs in the random access memory. Software security is highly scrutinized so no loophole is left open for hackers to exploit. The specialized VPN hardware is co-located to the data-centers that gives it extra mileage in comparison to renting dedicated or virtual machines from a trusted provider.

A public beta for WireGuard support was launched in limited locations including USA, Germany and Sweden on April 10, 2020. Although, there is no support for WireGuard in the VPN apps as of yet. It is currently being tested for improvements.

The VPN app for GNU/Linux is solid and works out of the box without any issues including kill switch support.

That being so, it is a fairly stable to use WireGuard with official clients as of now with GNU/Linux.

There is unique thing done by OVPN, it has insuranced itself to cover the legal fees to be able to stand tall during legal battles however long it goes. This extra step is taken to protect OVPN’s consumers against any sort of illegal data demands against the privacy policy by State. It might not be the most efficient solution but certainly helps.

OVPN’s core focus is privacy and integrity.

If you are not already impressed, OVPN supports most Nordic streaming services also Netflix from US, DE etc.

OVPN also publishes monthly transperency report for its consumers with details on most of its servers. It inspires confidence in you as a user.

Other worth mentioning things are own public DNS servers, availability of dedicated public IPv4 in each location at a nominal cost of 3 EUR a month and opensource code for VPN apps.

You would surely expect a VPN provider like OVPN to charge a hefty month fee, but you can get it for just 4.99 EUR a month when paid for an year in advance.

Nothing to complain about OVPN. Better than AzireVPN in most aspects.

6. NordVPN

Jurisdiction – Panama

Privacy policy on logs – NordVPN don’t log anything in terms of user’s activity while connected or connecting to the VPN. No DNS, traffic, connection timestamp or duration, bandwidth, IP address or account activity logs are kept.

Servers in Countries – 62

Devices or concurrent connections with base or standard plan – 6

VPN app for GNU/Linux – Yes with WireGuard support

Whether P2P is allowed? Yes

Whether Bitcoin or Cash is accepted as payment method? Bitcoin only

VPN IPv6 connections – No

NordVPN is one of the biggest VPN providers with fastest servers in the industry.

 

Obviously, it was never expected of it to go first with WireGuard VPN despite being an official ‘Bronze Company Donor’ at WireGuard. It believed in the technology and hence helped its development.

NordVPN first introdced WireGuard as mid-2019 and called it NordLynx.

What is NordLynx?

NordLynx is the technology that we built around the WireGuard® VPN protocol. It lets you experience WireGuard’s speed benefits without compromising your privacy. The WireGuard protocol alone can’t ensure complete privacy as it can’t dynamically assign IP addresses to everyone connected to a server. We developed something called a double NAT (Network Address Translation) system. The double NAT system allows us to establish a secure VPN connection without storing any identifiable data on a server. Dynamic local IP addresses remain assigned only while the session is active. Meanwhile, user authentication is done with the help of a secure external database.

NordVPN also offers blazing fast servers, 24×7 support and SmartPlay to unblock your favorite streaming services without any hassle.

SmartPlay is a NordVPN feature that helps you securely access the content that would otherwise be unavailable. Best of all, it does it in a way that you never even have to think about it. It’s implemented in our apps seamlessly, so there’s nothing to set up, update, or activate.

Other worth mentioning features is Dedicated IP servers as add-on, obfuscated servers and Onion Over VPN servers.

NordVPN is a popular powerful VPN service, but the access to one of the biggest VPN network is available at a nominal price of 4.99 USD a month when paid for 2-year in advance.

Lack of IPv6 support is so uncool in 2020. The big and fast network of servers make it a solid contender to PIA from US.

My Choice

Out of the bunch, I would recommend AzireVPN or OVPN.com depending on the feature set required. I really appreciate the serious efforts they put in to uphold privacy, integrity and security of data transmited to their servers. OVPN is going to be my final pick as has a penchant for dedicated IP with open ports and content library from streaming services abroad at the same time.

Let me know what you think. Thanks for reading!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.