Difference between revisions of "VPN"
| Line 49: | Line 49: | ||
* <code>cd /etc/openvpn</code> | * <code>cd /etc/openvpn</code> | ||
** Copy the exit point you like from inside PIA here & change the extension to .conf | ** Copy the exit point you like from inside PIA here & change the extension to .conf | ||
*** <span style="color: rgb(22, 145, 121);">sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</span> | *** <span style="color: rgb(22, 145, 121);"><code>sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</code></span> | ||
** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...) | ** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...) | ||
** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass''' | ** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass''' | ||
| Line 55: | Line 55: | ||
* <code>sudo vi auth.txt</code> | * <code>sudo vi auth.txt</code> | ||
** copy your PIA username & password into this file (on 2 lines...) | ** copy your PIA username & password into this file (on 2 lines...) | ||
<span style="color: rgb(22, 145, 121);">Bob</span> | |||
<span style="color: rgb(22, 145, 121);">SecretSquirrel!</span> | |||
* <code>sudo vi /etc/default/openvpn</code> | * <code>sudo vi /etc/default/openvpn</code> | ||
** uncomment the '''#AUTOSTART="all"''' line | ** uncomment the '''#AUTOSTART="all"''' line | ||
* <code>sudo service openvpn start</code> | * <code>sudo service openvpn start</code> | ||
It may take a moment or two to initialise fully. And, startup | From this point on, accessing the internet from this machine (or VM or LXC) will go through your chosen PIA exit point. | ||
It may take a moment or two to initialise fully. And, startup may seem a little slower. But patience is a virtue... | |||
== Testing == | == Testing == | ||
Revision as of 14:35, 16 September 2025
 |
13 (trixie) |
| As always... | |
|---|---|
|
Start with: |
|
Setting Up OpenVPN & PIA as a client
While Private Internet Access offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.
Particularly if you want to use it on a server (or VM or LXC running mostly headless)...
A note about doing this on an LXC
Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.
On the PVE host:
(Replace VMID with the actual VMID of the container you're working on, of course...)
vi /etc/pve/lxc/VMID.conf
Add these 2 lines to the containers configuration
lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir
Reboot the container
install openvpn & the PIA files
sudo apt install openvpn unzip whoissudo mkdir /etc/openvpn/PIA<c/ode>cd /etc/openvpn/PIAsudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zipsudo unzip openvpn.zip
Configure openvpn
cd /etc/openvpn
- Copy the exit point you like from inside PIA here & change the extension to .conf
sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
- Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
- Add /etc/openvpn/auth.txt to the line: auth-user-pass
- auth-user-pass /etc/openvpn/auth.txt # like this...
sudo vi auth.txt
- copy your PIA username & password into this file (on 2 lines...)
Bob
SecretSquirrel!
sudo vi /etc/default/openvpn
- uncomment the #AUTOSTART="all" line
sudo service openvpn start
From this point on, accessing the internet from this machine (or VM or LXC) will go through your chosen PIA exit point.
It may take a moment or two to initialise fully. And, startup may seem a little slower. But patience is a virtue...
Testing
wget http://ipinfo.io/ip -qO -
Should give you an IP address that does NOT match your actual external IP
whois `wget http://ipinfo.io/ip -qO -`
Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)