To use our apps and configurations, please sign up for an ExpressVPN account first.
Use the following rough steps to setup ExpressVPN on Linux. The details of these steps will depend on your flavor of Linux. In general, you’re setting up an OpenVPN connection using our configuration files.
- Open the Welcome Email you received when you signed up for ExpressVPN. Click the link in the email.If you can’t find the link, log in to our website.
Once you’ve clicked the link in the welcome email or logged in to the website, click on Set Up ExpressVPN on the Active Subscriptions page. This will take you to the Downloads page.
- On your downloads page, select Linux & Routers OpenVPN and then download and save the .ovpn file(s) or locations (e.g. Los Angeles, New York, etc.) that you wish to connect to.
- Still on your setup page and still under the Linux & Routers OpenVPN setup option, scroll-down to “3. Optional” and click on the download link for your VPN certificates and keys to download your SSL files.
- Extract the downloaded zipped file.
- Launch a Terminal session, and then enter the following command:
sudo apt-get install -y network-manager-openvpn
- Click on your Network Manager icon on your desktop bar Notification Area. This icon can be in the shape of 2 computer screens or arrows or a wireless signal meter if you use a Wi-Fi connection.
- Click on Edit Connections.
- On the Network Manager Applet, click on the Add button, then select “Import a saved VPN configuration…” and then click on Create…
- Browse for one of the *.ovpn files that you’ve downloaded (on Step 2), then click on Open.
- After importing the config file, you will need to manually import the User Certificate (client.crt), CA Certificate (ca.crt) and Private Key (client.key) by using the SSL files obtained on Step 3. See example below:
- Next, click on the Advanced… button.
- Under the General tab, make sure to following boxes are checked:
- Use LZO data compression
- Use custom tunnel Maximum Transmission Unit (MTU): 1500
- Use custom UDP fragment size: 1300
- Restrict tunnel TCP Maximum Segment Size (MSS)
- Randomize remote hosts
- Under the Security tab, make set the Cipher to “BF-CBC” and HMAC Authentication to “SHA-1”
- Go to the TLS Authentication tab and enable/check “Use additional TLS authentication”
- For the Key File, browse for the “ta.key” file (included in the SSL files that you’ve downloaded under Step 3) and for the Key Direction, set it to 1.
- Click OK to finish the setup.
- Reboot your computer.
- To connect to the VPN, just click on your Network Manager icon, then point to “VPN Connections” and then click on the VPN connection that you have configured.
- The icon will blink for around 10-30 seconds. Once the VPN is connected, you will see a message stating the VPN connection has been successfully established. You will also see a “lock” on the top bar of the Network Manager icon.
To check that you’re connected OK, go to http://www.whatismyip.com and check that you now have one of our IPs. Also try going to facebook.com or other sites that are usually blocked for you and make sure they work now.
Running into problems with these steps or have suggestions to improve them?
Please let us know. Thanks!