Difference between revisions of "VPN"
Jump to navigation
Jump to search
| Line 20: | Line 20: | ||
= Setting Up OpenVPN & PIA as a client = | = Setting Up OpenVPN & PIA as a client = | ||
While [https://www.privateinternetaccess.com/ Private Internet Access] offers an "app" to manage usage, | While [https://www.privateinternetaccess.com/ Private Internet Access] offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases. | ||
Particularly if you want to use it on a server (or VM or LXC running mostly headless)... | |||
== A note about doing this on an LXC == | == A note about doing this on an LXC == | ||
Something you may have noticed if you've been playing about with LXCs for a bit... | Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two. | ||
'''On the PVE host:''' | '''On the PVE host:''' | ||
| Line 30: | Line 31: | ||
* <code>vi /etc/pve/lxc/'''''VMID'''''.conf</code> | * <code>vi /etc/pve/lxc/'''''VMID'''''.conf</code> | ||
Add these 2 lines to the containers configuration | Add these 2 lines to the containers configuration | ||
lxc.cgroup2.devices.allow: c 10:200 rwm | lxc.cgroup2.devices.allow: c 10:200 rwm | ||
lxc.mount.entry: /dev/net dev/net none bind,create=dir | lxc.mount.entry: /dev/net dev/net none bind,create=dir | ||
Reboot the container | Reboot the container | ||
==install openvpn & the PIA files | == install openvpn & the PIA files == | ||
* sudo apt install openvpn unzip whois | * sudo apt install openvpn unzip whois | ||
| Line 46: | Line 45: | ||
* sudo unzip openvpn.zip | * sudo unzip openvpn.zip | ||
== Configure openvpn | == Configure openvpn == | ||
* cd /etc/openvpn | * cd /etc/openvpn | ||
** Copy the exit point you like from inside PIA here & change the extension to .conf | ** Copy the exit point you like from inside PIA here & change the extension to .conf | ||
*** <span style="color: rgb(22, 145, 121);" >sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span> | *** <span style="color: rgb(22, 145, 121);">sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span> | ||
** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...) | ** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...) | ||
** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass''' | ** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass''' | ||
*** <span style="color: rgb(22, 145, 121);" >auth-user-pass /etc/openvpn/auth.txt # like this...</span> | *** <span style="color: rgb(22, 145, 121);">auth-user-pass /etc/openvpn/auth.txt # like this...</span> | ||
* sudo vi auth.txt | * sudo vi auth.txt | ||
** copy your PIA username & password into this file (on 2 lines...) | ** copy your PIA username & password into this file (on 2 lines...) | ||
*** <span style="color: rgb(22, 145, 121);" >Bob</span> | *** <span style="color: rgb(22, 145, 121);">Bob</span> | ||
*** <span style="color: rgb(22, 145, 121);" >SecretSquirrel!</span> | *** <span style="color: rgb(22, 145, 121);">SecretSquirrel!</span> | ||
* sudo vi /etc/default/openvpn | * sudo vi /etc/default/openvpn | ||
** uncomment the '''#AUTOSTART="all"''' line | ** uncomment the '''#AUTOSTART="all"''' line | ||
| Line 67: | Line 66: | ||
== Testing == | == Testing == | ||
* wget <nowiki>http://ipinfo.io/ip</nowiki> -qO - | * wget <nowiki>http://ipinfo.io/ip</nowiki> -qO - | ||
Should give you an IP address that does NOT match your actual external IP | Should give you an IP address that does NOT match your actual external IP | ||
* whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -` | * whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -` | ||
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...) | |||
Will give you a wall-o-text. | |||
Revision as of 14:27, 16 September 2025
 |
13 (trixie) |
| As always... | |
|---|---|
|
Start with: |
|
Setting Up OpenVPN & PIA as a client
While Private Internet Access offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.
Particularly if you want to use it on a server (or VM or LXC running mostly headless)...
A note about doing this on an LXC
Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.
On the PVE host:
(Replace VMID with the actual VMID of the container you're working on, of course...)
vi /etc/pve/lxc/VMID.conf
Add these 2 lines to the containers configuration
lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir
Reboot the container
install openvpn & the PIA files
- sudo apt install openvpn unzip whois
- sudo mkdir /etc/openvpn/PIA
- cd /etc/openvpn/PIA
- sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
- sudo unzip openvpn.zip
Configure openvpn
- cd /etc/openvpn
- Copy the exit point you like from inside PIA here & change the extension to .conf
- sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
- Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
- Add /etc/openvpn/auth.txt to the line: auth-user-pass
- auth-user-pass /etc/openvpn/auth.txt # like this...
- Copy the exit point you like from inside PIA here & change the extension to .conf
- sudo vi auth.txt
- copy your PIA username & password into this file (on 2 lines...)
- Bob
- SecretSquirrel!
- copy your PIA username & password into this file (on 2 lines...)
- sudo vi /etc/default/openvpn
- uncomment the #AUTOSTART="all" line
- sudo service openvpn start
From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.
It may take a moment or two to initialise fully. And, startup of the LXC may seem a little slow. But patience is a virtue...
Testing
- wget http://ipinfo.io/ip -qO -
Should give you an IP address that does NOT match your actual external IP
- whois `wget http://ipinfo.io/ip -qO -`
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)