Setting Up OpenVPN & PIA as a client

From Da Nerd Mage Wiki
Revision as of 14:41, 16 September 2025 by Tinker (talk | contribs) (Created page with "{{{!}} class="wikitable" style="float: right; width: 322px;" border="2" {{!}}+ Proven on: {{!}}- <!-- Debian --> {{!}} style="text-align: center; width: 60px;" {{!}} [[File:Logo Debian.png{{!}}60px{{!}}link=https://www.debian.org/{{!}}center{{!}}middle{{!}}frameless]] {{!}} style="text-align: center; width: 40px;" {{!}} 13 (trixie) {{!}} <br> {{!}}} {{{!}} class="wikitable" style="border-collapse: collapse; width: 33%; left;" {{!}}- style="text-align: center;" ! st...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Proven on:
Logo Debian.png
 13 (trixie)


As always...

Start with:

  • sudo apt update
  • sudo apt upgrade

While Private Internet Access offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.

Particularly if you want to use it on a server (or VM or LXC running mostly headless)...

A note about doing this on an LXC

Something you may have noticed if you've been playing about with LXCs for a bit... Sometimes, to do tricks, you have to jump through a hoop or two.

On the PVE host:

(Replace VMID with the actual VMID of the container you're working on, of course...)

  • vi /etc/pve/lxc/VMID.conf

Add these 2 lines to the containers configuration 

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

Reboot the container

install openvpn & the PIA files

  • sudo apt install openvpn unzip whois
  • sudo mkdir /etc/openvpn/PIA
  • cd /etc/openvpn/PIA
  • sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
  • sudo unzip openvpn.zip

Configure openvpn

  • cd /etc/openvpn
    • Copy the exit point you like from inside PIA here & change the extension to .conf
      • sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
    • Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
    • Add /etc/openvpn/auth.txt to the line: auth-user-pass
      • auth-user-pass /etc/openvpn/auth.txt # like this...
  • sudo vi auth.txt
    • copy your PIA username & password into this file (on 2 lines...)


Bob

SecretSquirrel!

  • sudo vi /etc/default/openvpn
    • uncomment the #AUTOSTART="all" line
  • sudo service openvpn start

From this point on, accessing the internet from this machine (or VM or LXC) will go through your chosen PIA exit point.

It may take a moment or two to initialise fully. And, startup may seem a little slower. But patience is a virtue...

Testing

  • wget http://ipinfo.io/ip -qO -

Should give you an IP address that does NOT match your actual external IP

  • whois `wget http://ipinfo.io/ip -qO -`

Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=Setting_Up_OpenVPN_%26_PIA_as_a_client&oldid=3886