VPN

From Da Nerd Mage Wiki
Jump to navigation Jump to search

Setting Up OpenVPN & PIA as a client

(In actual fact... This set of steps is applicable to pretty much any Debian-derived system if you skip the first step...)

Edit the containers config file (On the PVE host)

Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two. This particular step is a good example.

Add these 2 lines to the containers configuration (Replace VMID with the actual VMID of the container you're working on, of course...)

  • vi /etc/pve/lxc/VMID.conf
    • lxc.cgroup2.devices.allow: c 10:200 rwm
    • lxc.mount.entry: /dev/net dev/net none bind,create=dir

Reboot the container

install openvpn & the PIA files (On the LXC container)

  • sudo apt install openvpn unzip whois
  • sudo mkdir /etc/openvpn/PIA
  • cd /etc/openvpn/PIA
  • sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
  • sudo unzip openvpn.zip

Configure openvpn (On the LXC container)

  • cd /etc/openvpn
    • Copy the exit point you like from inside PIA here & change the extension to .conf
      • sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
    • Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
    • Add /etc/openvpn/auth.txt to the line: auth-user-pass
      • auth-user-pass /etc/openvpn/auth.txt # like this...
  • sudo vi auth.txt
    • copy your PIA username & password into this file (on 2 lines...)
      • Bob
      • SecretSquirrel!
  • sudo vi /etc/default/openvpn
    • uncomment the #AUTOSTART="all" line
  • sudo service openvpn start

From this point on, accessing the internet from the LXC will go through your chosen PIA exit point.

It may take a moment or two to initialise fully. And, startup of the LXC may seem a little slow. But patience is a virtue...

Testing

  • wget http://ipinfo.io/ip -qO -

Should give you an IP address that does NOT match your actual external IP

  • whois `wget http://ipinfo.io/ip -qO -`

Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=VPN&oldid=3875