|
|
| Line 19: |
Line 19: |
|
| |
|
| * [[Setting Up OpenVPN & PIA as a client]] | | * [[Setting Up OpenVPN & PIA as a client]] |
|
| |
| = Setting Up OpenVPN & PIA as a client =
| |
| While [https://www.privateinternetaccess.com/ Private Internet Access] offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.
| |
|
| |
| Particularly if you want to use it on a server (or VM or LXC running mostly headless)...
| |
| == A note about doing this on an LXC ==
| |
| Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.
| |
|
| |
| '''On the PVE host:'''
| |
|
| |
| (Replace '''VMID''' with the actual VMID of the container you're working on, of course...)
| |
|
| |
| * <code>vi /etc/pve/lxc/'''''VMID'''''.conf</code>
| |
| Add these 2 lines to the containers configuration
| |
|
| |
| lxc.cgroup2.devices.allow: c 10:200 rwm
| |
| lxc.mount.entry: /dev/net dev/net none bind,create=dir
| |
| Reboot the container
| |
|
| |
| == install openvpn & the PIA files ==
| |
| * <code>sudo apt install openvpn unzip whois</code>
| |
| * <code>sudo mkdir /etc/openvpn/PIA</code>
| |
| * <code>cd /etc/openvpn/PIA</code>
| |
| * <code>sudo wget <nowiki>https://www.privateinternetaccess.com/openvpn/openvpn.zip</nowiki></code>
| |
| * <code>sudo unzip openvpn.zip</code>
| |
|
| |
| == Configure openvpn ==
| |
| * <code>cd /etc/openvpn</code>
| |
| ** Copy the exit point you like from inside PIA here & change the extension to .conf
| |
| *** <span style="color: rgb(22, 145, 121);"><code>sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...</code></span>
| |
| ** Edit the .conf file and remove the '''<nowiki><crl-verify></nowiki>''' block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
| |
| ** Add '''/etc/openvpn/auth.txt''' to the line: '''auth-user-pass'''
| |
| *** <span style="color: rgb(22, 145, 121);">auth-user-pass /etc/openvpn/auth.txt # like this...</span>
| |
| * <code>sudo vi auth.txt</code>
| |
| ** copy your PIA username & password into this file (on 2 lines...)
| |
| <span style="color: rgb(22, 145, 121);">Bob</span>
| |
| <span style="color: rgb(22, 145, 121);">SecretSquirrel!</span>
| |
| * <code>sudo vi /etc/default/openvpn</code>
| |
| ** uncomment the '''#AUTOSTART="all"''' line
| |
| * <code>sudo service openvpn start</code>
| |
|
| |
| From this point on, accessing the internet from this machine (or VM or LXC) will go through your chosen PIA exit point.
| |
|
| |
| It may take a moment or two to initialise fully. And, startup may seem a little slower. But patience is a virtue...
| |
|
| |
| == Testing ==
| |
| * <code>wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -</code>
| |
| Should give you an IP address that does NOT match your actual external IP
| |
|
| |
| * <code>whois `wget <nowiki>http://ipinfo.io/ip</nowiki> -qO -`</code>
| |
| Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)
| |
