Install on Linux

With WireGuard

WireGuard is a simple and modern VPN protocol. It's generally considered faster and more secure than OpenVPN, but isn't as widely supported. We recommend using it when available.


  1. Download and install the WireGuard software from its official website.
  2. Create a new WireGuard key in your account and download the configuration file.
    You need one for each device that you want to associate with your account.
  3. Place the configuration file in /etc/wireguard.
    Then, start it with the following command: sudo wg-quick ccvpn-fr up
  4. You can check your IP address by refreshing this page (or opening it on the device) and looking at the bottom.

With OpenVPN and NetworkManager

OpenVPN is an older VPN protocol and software, still considered secure and one of the best VPN protocols available. This guide focuses on its integration with NetworkManager. If you are not using NetworkManager, skip to the next guide.


  1. Install the required packages:
    • Debian: sudo apt-get install openvpn resolvconf network-manager-openvpn network-manager-openvpn-gnome
    • Fedora: sudo yum install openvpn networkmanager-openvpn
    • Arch: sudo pacman -S openvpn networkmanager-openvpn
  2. You will also need our CA certificate, available here: https://vpn.ccrypto.org/ca.crt
    You can right click on that link and save the file, it will be required to connect.
  3. Create a new connection and choose the type OpenVPN.
  4. You will need to fill in the following VPN configuration:
    • Tab VPN
      • Gateway: Pick one in the server list, or gw.random.204vpn.net for a random server.
      • Type: Password
      • User name and Password: The same as on this site.
      • CA certificate: The ca.crt file downloaded in the previous step.
    • Tab VPN, click on Advanced, then the first General tab
      • Use custom gateway port: It should be checked and set to 1196.
      • Use a TCP connection: It should be unchecked to use the fastest UDP mode. If you have issues connecting, you can try setting the port to 443 and checking this option.
      • Randomize remote hosts: It should be checked.
      • IPv6 tun link: It should be checked unless you get IPv6-related issues.
  5. Save the new connection and connect to it.

With OpenVPN and systemd

  1. Install the required packages:
    • Debian: sudo apt-get install openvpn resolvconf
    • Fedora: sudo yum install openvpn
    • Arch: sudo pacman -S openvpn openresolv
  2. You will also need our CA certificate, available here: https://vpn.ccrypto.org/ca.crt
    You can right click on that link and save the file or wget it later, it will be required to connect.
  3. In your account, download a .ovpn configuration file, and copy it into /etc/openvpn with a .conf extension.
    Keep the name simple, as it will be used in a systemd service name.
    If you downloaded multiple config files as an archive, extract it so that the individual .ovpn files are directly in the /etc/openvpn folder, and rename them to .conf.
  4. Start the OpenVPN services: sudo systemctl start openvpn@ccrypto-fr.service
  5. (Optional) Save your username and password:
    • Create a text file in /etc/openvpn containing your username and password on two lines as follows: Alice
      p4ssw0rd
    • For additional security, only allow root to access this file: sudo chown root:root /path/to/the/file.txt sudo chmod 600 /path/to/the/file.txt
    • Then, open the .conf file with a text editor (nano, vim, gedit, ...) and add this line at the end of the file: auth-user-pass /path/to/the/file.txt
    • Reconnect and it should not ask for your password.
    • To start it on boot, use this: sudo systemctl enable openvpn@ccrypto-fr.service