Why These VPNs Shine on CRUX

CRUX is a minimalist, source-based distro aimed at power users who enjoy full control over compilation options and system services. Its package manager prt-get works on a ports tree under /usr/ports, pulling down Buildfiles and patches before compiling everything from source. There’s no systemd—CRUX employs a BSD‐style /etc/rc.d init framework—and most desktops are lightweight window managers like Openbox, Fluxbox, i3 or tiling setups such as xmonad.

Given these peculiarities, you want a VPN solution that:

• Compiles cleanly from CRUX ports or runs as a simple binary/script.
• Plays nicely with a non-systemd init.
• Requires minimal graphical dependencies.
• Offers CLI tooling or simple shell scripts.

The following VPNs tick those boxes:

• WireGuard: In-kernel module, available as a CRUX port, tiny footprint and native wg-quick tool.
• OpenVPN: Ubiquitous, solid community support, CRUX port with straightforward openvpn binary and service script.
• Mullvad VPN: Offers a Linux tarball, supports both WireGuard and OpenVPN, and ships a simple shell wrapper.
• ProtonVPN CLI: Python-based tool installable via pip, pure CLI, no systemd required.

Comparison Table

1. Installing Configuring WireGuard

WireGuard is ideal for CRUX’s lean philosophy. It runs in the kernel (if your 5.x kernel already includes the module) and uses wg-quick from the wireguard-tools port.

1. Sync ports and install:

prt-get update
prt-get fetch wireguard-tools
prt-get install wireguard-tools

Ensure your kernel has CONFIG_WIREGUARD enabled. If not, rebuild the kernel or load via a DKMS module.

2. Create /etc/wireguard/wg0.conf:

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address    = 10.0.0.2/32
DNS        = 1.1.1.1

[Peer]
PublicKey  = SERVER_PUBLIC_KEY
Endpoint   = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

3. Enable IP forwarding and bring up the interface:

# /etc/rc.d/ipv4.default add net.inet.ip.forwarding=1
sysctl net.inet.ip.forwarding=1
wg-quick up wg0

To bring it up at boot, add wg-quick up wg0 to your /etc/rc.local or a custom rc.d script.

2. Installing Configuring Mullvad VPN

Mullvad provides a self-contained tarball with a daemon and CLI. Ideal if you don’t want to manage ports or Python dependencies.

1. Download and extract the latest tarball:

cd /usr/local/src
fetch https://mullvad.net/download/app/debian/latest/
tar xvf mullvad-vpn--linux.tgz
cd mullvad-vpn--linux

2. Install binaries and scripts:

cp -r usr/ /usr/

3. Login, choose protocol and connect:

mullvad account login YOUR_ACCOUNT_NUMBER
# For WireGuard:
mullvad relay set wireguard
# Start daemon:
rc-service mullvad-daemon start

Configuration files land under /etc/mullvad-vpn. You can script connection management or add the daemon to your boot sequence.

3. Installing Configuring ProtonVPN CLI

If you favour ProtonVPN’s privacy stance and a pure‐Python CLI, this route sidesteps ports entirely.

1. Install dependencies via ports:

prt-get install python3 python3-pip openvpn dialog

2. Install protonvpn-cli with pip:

pip3 install protonvpn-cli

3. Initialize and login:

protonvpn init
protonvpn c

The CLI will prompt for credentials and let you pick from OpenVPN or WireGuard. Add protonvpn c --sc to /etc/rc.local to auto-connect after boot.

Wrapping Up

For CRUX enthusiasts, the combination of source-based ports and BSD init scripts is a breeze for lightweight VPN solutions. WireGuard delivers top performance and minimal fuss. Mullvad offers a self-contained, rolling‐release tarball for quick setup. ProtonVPN CLI slots in neatly if you prefer Python tooling. Each choice respects CRUX’s do-it-yourself ethos, keeps your system lean, and empowers you to stay private without wrestling with heavyweight dependencies.