Difference between revisions of "VPN"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
Line 39: Line 39:
== install openvpn & the PIA files ==
== install openvpn & the PIA files ==


* sudo apt install openvpn unzip whois
* <code>sudo apt install openvpn unzip whois</code>
* sudo mkdir /etc/openvpn/PIA
* <code>sudo mkdir /etc/openvpn/PIA<c/ode>
* cd /etc/openvpn/PIA
* <code>cd /etc/openvpn/PIA</code>
* sudo wget <nowiki>https://www.privateinternetaccess.com/openvpn/openvpn.zip</nowiki>
* <code>sudo wget <nowiki>https://www.privateinternetaccess.com/openvpn/openvpn.zip</nowiki></code>
* sudo unzip openvpn.zip
* <code>sudo unzip openvpn.zip</code>


== Configure openvpn ==
== Configure openvpn ==


* cd /etc/openvpn
* <code>cd /etc/openvpn</code>
** Copy the exit point you like from inside PIA here & change the extension to .conf
** Copy the exit point you like from inside PIA here & change the extension to .conf
*** <span style="color: rgb(22, 145, 121);">sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span>
*** <span style="color: rgb(22, 145, 121);">sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span>
Line 53: Line 53:
** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass'''
** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass'''
*** <span style="color: rgb(22, 145, 121);">auth-user-pass /etc/openvpn/auth.txt # like this...</span>
*** <span style="color: rgb(22, 145, 121);">auth-user-pass /etc/openvpn/auth.txt # like this...</span>
* sudo vi auth.txt
* <code>sudo vi auth.txt</code>
** copy your PIA username & password into this file (on 2 lines...)
** copy your PIA username & password into this file (on 2 lines...)
*** <span style="color: rgb(22, 145, 121);">Bob</span>
*** <span style="color: rgb(22, 145, 121);">Bob</span>
*** <span style="color: rgb(22, 145, 121);">SecretSquirrel!</span>
*** <span style="color: rgb(22, 145, 121);">SecretSquirrel!</span>
* sudo vi /etc/default/openvpn
* <code>sudo vi /etc/default/openvpn</code>
** uncomment the '''#AUTOSTART="all"''' line
** uncomment the '''#AUTOSTART="all"''' line
* sudo service openvpn start
* <code>sudo service openvpn start</code>
From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.
From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.


Line 65: Line 65:


== Testing ==
== Testing ==
* wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -
* <code>wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -</code>
Should give you an IP address that does NOT match your actual external IP
Should give you an IP address that does NOT match your actual external IP


* whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -`
* <code>whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -`</code>
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Revision as of 14:29, 16 September 2025

Proven on:
Logo Debian.png
 13 (trixie)
As always...

Start with:

  • sudo apt update
  • sudo apt upgrade

Setting Up OpenVPN & PIA as a client

While Private Internet Access offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.

Particularly if you want to use it on a server (or VM or LXC running mostly headless)...

A note about doing this on an LXC

Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.

On the PVE host:

(Replace VMID with the actual VMID of the container you're working on, of course...)

  • vi /etc/pve/lxc/VMID.conf

Add these 2 lines to the containers configuration 

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

Reboot the container

install openvpn & the PIA files

  • sudo apt install openvpn unzip whois
  • sudo mkdir /etc/openvpn/PIA<c/ode>
  • cd /etc/openvpn/PIA
  • sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
  • sudo unzip openvpn.zip

Configure openvpn

  • cd /etc/openvpn
    • Copy the exit point you like from inside PIA here & change the extension to .conf
      • sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
    • Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
    • Add /etc/openvpn/auth.txt to the line: auth-user-pass
      • auth-user-pass /etc/openvpn/auth.txt # like this...
  • sudo vi auth.txt
    • copy your PIA username & password into this file (on 2 lines...)
      • Bob
      • SecretSquirrel!
  • sudo vi /etc/default/openvpn
    • uncomment the #AUTOSTART="all" line
  • sudo service openvpn start

From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.

It may take a moment or two to initialise fully. And, startup of the LXC may seem a little slow. But patience is a virtue...

Testing

  • wget http://ipinfo.io/ip -qO -

Should give you an IP address that does NOT match your actual external IP

  • whois `wget http://ipinfo.io/ip -qO -`

Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=VPN&oldid=3880