Setting Up OpenVPN & PIA as a client

From Da Nerd Mage Wiki
Revision as of 22:30, 21 September 2025 by Tinker (talk | contribs) (→‎Tips)
Jump to navigation Jump to search
Proven on:
Logo Debian.png
 13 (trixie)
As always...

Start with:

  • sudo apt update
  • sudo apt upgrade

While Private Internet Access offers an "app" to manage usage, that's not a particularly useful way to do things in a whole lot of cases.

Particularly if you want to use it on a server or VM or LXC running mostly headless...

NOTE: If you are working on an LXC, see this.

install openvpn & the PIA files

  • sudo apt install openvpn unzip whois
  • sudo mkdir /etc/openvpn/PIA
  • cd /etc/openvpn/PIA
  • sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
  • sudo unzip openvpn.zip

Configure openvpn

  • cd /etc/openvpn
    • Copy the exit point you like from inside PIA here & change the extension to .conf
      • sudo cp PIA/ukraine.ovpn ./ukraine.conf # an example...
    • Edit the .conf file and remove the <crl-verify> block. (For some reason openvpn thinks PIAs CRL blocks are ALWAYS malformed...)
    • Add /etc/openvpn/auth.txt to the line: auth-user-pass
      • auth-user-pass /etc/openvpn/auth.txt # like this...

(Working on an alternate method that uses a single file to give access to all of the exit points.)

  • sudo vi auth.txt
    • copy your PIA username & password into this file (on 2 lines...)
Bob
SecretSquirrel!
  • sudo vi /etc/default/openvpn
    • uncomment the #AUTOSTART="all" line
  • sudo service openvpn start

From this point on, accessing the internet from this machine (or VM or LXC) will go through your chosen PIA exit point.

It may take a moment or two to initialise fully. And, startup may seem a little slower. But patience is a virtue...

Testing

  • wget http://ipinfo.io/ip -qO -

Should give you an IP address that does NOT match your actual external IP

  • whois `wget http://ipinfo.io/ip -qO -`

Will give you a wall-o-text. In that wall-o-text, you'll find the country code of where ipinfo.io thinks you are. (This, of course, should match your chosen exit point...)

Tips

NOTE: When using a VPN, you may need to use IP addresses to refer to other machines on your LAN. This depends entirely on your LAN configuration, but it's a simple quick fix if you run into issues reaching local resources.

Further testing is required, but in previous versions of this, I've found that OpenVPN did not reconnect after a network outage. Tho that was with OpenVPN running from inetd, so may no longer be an issue...

I've discovered that service openvpn restart seems to actually act exactly the same as service openvpn stop. This seems wrong...

In order to RESTART openvpn, it is a 2 step process.

  • service openvpn stop
  • service openvpn start

Monitoring

Retrieved from ‘https://wiki.nerdmage.ca/index.php?title=Setting_Up_OpenVPN_%26_PIA_as_a_client&oldid=4015