Difference between revisions of "VPN"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{{!}} class="wikitable" style="float: right; width: 322px;" border="2"
{{!}}+ Proven on:
{{!}}- <!-- Debian -->
{{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]]
{{!}} style="text-align: center; width: 40px;" {{!}} 13 (trixie)
{{!}}
{{!}}}


{{{!}} class="wikitable" style="border-collapse: collapse; width: 33%; left;"
{{!}}- style="text-align: center;" 
! style="width: 50%;" colspan="2" {{!}} As always...
{{!}}-
{{!}} {{!}}
Start with:
{{!}} {{!}}
*<code>sudo apt update</code>
*<code>sudo apt upgrade</code>
{{!}}}


= Setting Up OpenVPN & PIA as a client =
* [[Setting Up OpenVPN & PIA as a client]]
* [[TailScale]]
* [[Building a VPN tunnel from scratch]]
* [[a VPN monitoring Script{{!}}a VPN monitoring Script]]


While [https://www.privateinternetaccess.com/ Private Internet Access] offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.
Older articles:


Particularly if you want to use it on a server (or VM or LXC running mostly headless)...
* [[Setup a VPN]]
== A note about doing this on an LXC ==
* [[VPN Setup]]
Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.
 
'''On the PVE host:'''
 
(Replace '''VMID''' with the actual VMID of the container you're working on, of course...)
 
* <code>vi /etc/pve/lxc/'''''VMID'''''.conf</code>
Add these 2 lines to the containers configuration
 
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir
Reboot the container
 
== install openvpn & the PIA files ==
 
* <code>sudo apt install openvpn unzip whois</code>
* <code>sudo mkdir /etc/openvpn/PIA<c/ode>
* <code>cd /etc/openvpn/PIA</code>
* <code>sudo wget <nowiki>https://www.privateinternetaccess.com/openvpn/openvpn.zip</nowiki></code>
* <code>sudo unzip openvpn.zip</code>
 
== Configure openvpn ==
 
* <code>cd /etc/openvpn</code>
** Copy the exit point you like from inside PIA here & change the extension to .conf
*** <span style="color: rgb(22, 145, 121);">sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span>
** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass'''
*** <span style="color: rgb(22, 145, 121);">auth-user-pass /etc/openvpn/auth.txt # like this...</span>
* <code>sudo vi auth.txt</code>
** copy your PIA username & password into this file (on 2 lines...)
*** <span style="color: rgb(22, 145, 121);">Bob</span>
*** <span style="color: rgb(22, 145, 121);">SecretSquirrel!</span>
* <code>sudo vi /etc/default/openvpn</code>
** uncomment the '''#AUTOSTART="all"''' line
* <code>sudo service openvpn start</code>
From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.
 
It may take a moment or two to initialise fully. And, startup of the LXC may seem a little slow. But patience is a virtue...
 
== Testing ==
* <code>wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -</code>
Should give you an IP address that does NOT match your actual external IP
 
* <code>whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -`</code>
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Latest revision as of 13:21, 21 September 2025


Older articles:

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=VPN&oldid=4007