ProtonVPN
ProtonVPN is a VPN provider that utilizes the OpenVPN and WireGuard protocol.
Installation
OpenVPN
Install the openvpn package, then follow the OpenVPN setup.
WireGuard
Install the wireguard-tools package. Ensure systemd-resolvconf is also installed. Then follow the WireGuard setup.
Official ProtonVPN client
Install proton-vpn-gtk-appAUR - the latest GTK version maintained by the community as the Proton team can not maintain an Arch Linux version. (Read More)
You must also use NetworkManager and install network-manager-applet, otherwise the VPN will not connect. You can still use your current network manager, although running multiple network managers is not recommended.
Setup
OpenVPN setup
Download one or more OpenVPN configuration files from ProtonVPN Downloads page.
Copy the *.ovpn
client configuration files into /etc/openvpn/client/
and make backup of original.
Follow OpenVPN#The update-systemd-resolved custom script to make sure that all your network traffic uses VPN (Note: The steps mention a client.conf
file, which corresponds to the *.ovpn
files.) If you use systemd older than 229, follow OpenVPN#The update-resolv-conf custom script.
*.ovpn
referring to /etc/openvpn/update-resolv-conf
, as the script is placed in /usr/bin/update-systemd-resolved
insteadFor usage instructions, see Using OpenVPN.
WireGuard setup
Download WireGuard configuration files by signing into ProtonVPN and go to Downloads → WireGuard configuration.
Move the .conf
files into /etc/wireguard
. Consider renaming the .conf
files if necessary as WireGuard might not work well with names that are too long.
If you have not already, start/enable systemd-resolved
.
Usage
Using OpenVPN
Connect to the VPN:
# openvpn /etc/openvpn/client/client_config_file.ovpn
Provide OpenVPN / IKEv2 Username from the ProtonVPN Account page.
Press Ctrl+c
to close the VPN connection.
Using WireGuard
To start a VPN session, run the following command, and replace config_file with the name of your configuration file, excluding the .conf
suffix.
# wg-quick up config_file
To check the status of the connection, run
# wg
To end the connection, run
# wg-quick down config_file
Official command-line interface
Login:
# protonvpn-cli login <your_protonmail>
Connect to the VPN:
# protonvpn-cli connect
You should see a detailed country list with all available servers. Select preferred server and click OK.
Then select UDP or TCP protocol and click OK again.
If connection was successful, you will see following output:
Setting up ProtonVPN. Connecting to ProtonVPN on <SERVERNAME> with <PROTOCOL>. Successfully connected to ProtonVPN.
Where <SERVERNAME> is the servername that you have selected to connect to and <PROTOCOL> is the protocol used to connect to the server.
To automatically connect to the fastest server, use:
# protonvpn-cli c -f
A list of all options is available on the github repo[dead link 2024-10-12 ⓘ]
Tips and tricks
Enable VPN on boot
For systemd service configuration, see OpenVPN#systemd service configuration.
Only run certain applications through VPN with network namespaces
vopono supports automatic configuration file generation for ProtonVPN, and allows you to run applications inside temporary network namespaces so only those run through the VPN.
Save login information
To retain VPN credentials for subsequent connections, create the following file with your own login information on two lines and place it in the directory where you will run the startup script listed above.
username password
Then add the line auth-user-pass login.conf
to any relevant *.ovpn
files.
SysTray/Indicator
For the system/tray indicator to work, ensure you have installed libappindicator-gtk3 and gnome-shell-extension-appindicator.
Prevent IPv6 leaks
Currently, ProtonVPN's servers are compatible with the IPv4 internet protocol only. If IPv6 leaks are observed, you can prevent them by blocking IPv6 traffics or disabling IPv6. See IPv6#Disable IPv6.
Troubleshooting
Official client will not connect
You may see an error message like “Unknown reason occurred.” when attempting to connect.
Install NetworkManager (and configure if needed) then install network-manager-applet. Both need to be running for ProtonVPN official clients to connect, whether you are using the GUI or CLI application.
Community ProtonVPN Scripts
Another alternative is protonvpn-cli-communityAUR