Using Cyberghost VPN on ArchLinux

Mar 15, 2015 min read

Last week I started using a VPN, You can read in this lifehacker article on why you could use one.

I started using it for two reasons:

  • Ciphered and tunneled communications
  • Geolocated video

For me It’s more a matter of security and freedom too, the other reasons are secondary.

I use Cyberghost, but you can see in this extense article which one to choose if you’re interested.

I chose Cyberghost because they are in Europe (Romania), because they don’t keep any logs and I like what they stand for. They have some free proxies if you want to test the service first, but they will probably go much slower.

Note: You can just use the Network Manager in GNOME/KDE and others, use this tutorial if you want to configure it via the command line.

To get the VPN working on Arch, you install OpenVPN.

# pacman -S openvpn

We go to the cyberghost website, logged in, My Devices.

Then you go below and save the configuration, download the Cyberghost.opvn file.

Move the file Cyberghost.opvn to /etc/openvpn and rename it to vpn-de.conf (you can name it whatever you want, I have it this way to switch between countries, vpn-country-code).

We need two more files, we create an /etc/openvpn/user.txt and we add our Cyberghost credentials (user, password) in different lines, like this.


The second file, we get the script to update-resolv (DNS) every time we open/close the VPN connection, you can get it from this gist linked from the ArchWiki. We put it in /etc/openvpn/ and make it executable chmod +x /etc/openvpn/

We’ve got all the files, now let’s edit our /etc/openvpn/vpn-de.conf to update DNS with our update-resolv script and to get the user.txt credentials. We’ll need to do this changes in all the /etc/openvpn/vpn-<country>.conf per country cyberghost configurations (if we have more than one configuration).

We change the line



auth-user-pass /etc/openvpn/user.txt

and before the certificate tag &lt;ca&gt; we add the lines to update the DNS in this same file.


up /etc/openvpn/
down /etc/openvpn/

That’s it! We can now enjoy our vpn using the following command.

# systemctl start openvpn@vpn-de

where vpn-de is our /etc/openvpn/vpn-de.conf profile/configuration, if you change the name (for example /etc/openvpn/cyberghost.conf) your command will be…

# systemctl start openvpn@cyberghost

If this looks tedious you could just use the network manager in GNOME/KDE or others, but what’s the fun in that right? :-)

UPDATE 29th Apr 2017: There is a new updated article regarding best VPN services