Remove references to PIA VPN provider due to them being purchased recently by a 'shady' company
This commit is contained in:
parent
fcb7049270
commit
3c51a2a58f
|
@ -33,7 +33,6 @@ If you're not using the [link for beginners](for-beginners/README.md), the follo
|
||||||
- [FirewallD (firewall/routing)](armbian/firewalld.md)
|
- [FirewallD (firewall/routing)](armbian/firewalld.md)
|
||||||
- [Unbound (Non ISP DNS)](armbian/unbound.md)
|
- [Unbound (Non ISP DNS)](armbian/unbound.md)
|
||||||
- VPN Options
|
- VPN Options
|
||||||
- [Private Internet Access (VPN)](armbian/vpn/pia.md)
|
|
||||||
- [vpn.ac (VPN)](armbian/vpn/vpn_ac.md)
|
- [vpn.ac (VPN)](armbian/vpn/vpn_ac.md)
|
||||||
- [VPN Autoconnect](armbian/vpn/vpn_autoconnect.md)
|
- [VPN Autoconnect](armbian/vpn/vpn_autoconnect.md)
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ git clone https://github.com/slingamn/namespaced-openvpn.git
|
||||||
cd namespaced-openvpn
|
cd namespaced-openvpn
|
||||||
make install
|
make install
|
||||||
|
|
||||||
/usr/local/sbin/namespaced-openvpn --config /etc/openvpn/chicago.conf --auth-user-pass /etc/openvpn/auth_pia.txt
|
/usr/local/sbin/namespaced-openvpn --config /etc/openvpn/chicago.conf --auth-user-pass /etc/openvpn/auth.txt
|
||||||
|
|
||||||
ip netns list
|
ip netns list
|
||||||
|
|
||||||
|
|
|
@ -1,236 +0,0 @@
|
||||||
# Private Internet Access (PIA)
|
|
||||||
|
|
||||||
This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
|
|
||||||
|
|
||||||
The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
|
|
||||||
|
|
||||||
## Inspiration / Sources
|
|
||||||
|
|
||||||
- [http://blog.deadlypenguin.com/blog/2017/04/24/vpn-auto-connect-command-line/](http://blog.deadlypenguin.com/blog/2017/04/24/vpn-auto-connect-command-line/)
|
|
||||||
- [https://forums.linuxmint.com/viewtopic.php?t=97187](https://forums.linuxmint.com/viewtopic.php?t=97187)
|
|
||||||
- [https://unix.stackexchange.com/questions/301845/scripting-a-way-to-quickly-import-ovpn-files-to-networkmanager-on-ubuntu](https://unix.stackexchange.com/questions/301845/scripting-a-way-to-quickly-import-ovpn-files-to-networkmanager-on-ubuntu)
|
|
||||||
- [https://www.privateinternetaccess.com/pages/client-support/](https://www.privateinternetaccess.com/pages/client-support/)
|
|
||||||
|
|
||||||
## Prep Work
|
|
||||||
|
|
||||||
Download PIA OpenVPN advanced configs, drop them in a good place on the filesystem and script import.
|
|
||||||
|
|
||||||
All files can be found Under ```Advanced OpenVPN SSL Restrictive Configurations``` on the main PIA website.
|
|
||||||
|
|
||||||
### Download PIA OpenVPN Template Files
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
mkdir -p /etc/pia
|
|
||||||
cd /etc/pia
|
|
||||||
mkdir openvpn-strong
|
|
||||||
cd openvpn-strong
|
|
||||||
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip
|
|
||||||
unzip openvpn-strong.zip
|
|
||||||
cd ..
|
|
||||||
mkdir openvpn-strong-tcp
|
|
||||||
cd openvpn-strong-tcp
|
|
||||||
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip
|
|
||||||
unzip openvpn-strong-tcp.zip
|
|
||||||
cd ..
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Add OpenVPN To Network Manager
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
# NetworkManager Gnome is *required* to get a missing library on xenial
|
|
||||||
# OMIT Gnome item if you can get away with it...
|
|
||||||
|
|
||||||
apt update
|
|
||||||
apt install network-manager-openvpn
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Cleanup Files for Import
|
|
||||||
|
|
||||||
The cipher lines in the templates provided by PIA won't work 100% correctly on import. These commands will clean them up for import.
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
cd /etc/pia
|
|
||||||
cd openvpn-strong
|
|
||||||
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
|
|
||||||
sed -i 's/sha256/SHA256/g' *.ovpn
|
|
||||||
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong/crl.rsa.4096.pem_g' *.ovpn
|
|
||||||
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong/ca.rsa.4096.crt_g' *.ovpn
|
|
||||||
cd ..
|
|
||||||
cd openvpn-strong-tcp
|
|
||||||
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
|
|
||||||
sed -i 's/sha256/SHA256/g' *.ovpn
|
|
||||||
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong-tcp/crl.rsa.4096.pem_g' *.ovpn
|
|
||||||
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong-tcp/ca.rsa.4096.crt_g' *.ovpn
|
|
||||||
cd ..
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
## Import / Setup
|
|
||||||
|
|
||||||
### Manual Import
|
|
||||||
|
|
||||||
Import the cleaned up, provided OpenVPN profiles. This will require intervention on your part after the profile is created in NetworkManager to ensure it can connect properly.
|
|
||||||
|
|
||||||
*Note: this assumes UDP profiles, tweak for the ```openvpn-strong-tcp``` directory if desired or necessary*
|
|
||||||
|
|
||||||
#### Initial Import / Edit
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
nmcli connection import type openvpn file /etc/pia/openvpn-strong/[con_name].ovpn
|
|
||||||
nmcli con show
|
|
||||||
vim /etc/NetworkManager/system-connections/[con_name]
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Adjustments/Necessary Verification
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
id=PIA - [con_name]
|
|
||||||
|
|
||||||
[vpn]
|
|
||||||
auth=SHA256
|
|
||||||
cipher=AES-256-CBC
|
|
||||||
password-flags=0
|
|
||||||
user-name=[your_username]
|
|
||||||
|
|
||||||
[vpn-secrets]
|
|
||||||
password=[your_password]
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Update Profiles in NetworkManager
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
# Reload For Changes
|
|
||||||
nmcli connection reload [uuid_from_above]
|
|
||||||
|
|
||||||
# Connect
|
|
||||||
nmcli con up [uuid_from_above]
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Scripted Import
|
|
||||||
|
|
||||||
Some automated imports based on how the ```ovpn``` files are normally imported via ```nmcli```
|
|
||||||
|
|
||||||
*Note: this assumes UDP profiles, you'll need to tweak this as you see fit for TCP*
|
|
||||||
|
|
||||||
#### Install ```uuidgen```
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
apt update
|
|
||||||
apt install uuid-runtime
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Create List of VPN Endpoints
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
cat > /etc/pia/server_list.txt << EOF
|
|
||||||
us-west.privateinternetaccess.com=PIA - USA (West)
|
|
||||||
us-east.privateinternetaccess.com=PIA - USA (East)
|
|
||||||
us-midwest.privateinternetaccess.com=PIA - USA (Midwest)
|
|
||||||
aus.privateinternetaccess.com=PIA - Australia (Sydney)
|
|
||||||
austria.privateinternetaccess.com=PIA - Austria
|
|
||||||
belgium.privateinternetaccess.com=PIA - Belgium
|
|
||||||
ca-toronto.privateinternetaccess.com=PIA - Canada (Toronto) (East)
|
|
||||||
ca-vancouver.privateinternetaccess.com=PIA - Canada (Vancouver) (West)
|
|
||||||
fi.privateinternetaccess.com=PIA - Finland
|
|
||||||
france.privateinternetaccess.com=PIA - France
|
|
||||||
germany.privateinternetaccess.com=PIA - Germany
|
|
||||||
hk.privateinternetaccess.com=PIA - Hong Kong
|
|
||||||
in.privateinternetaccess.com=PIA - India
|
|
||||||
japan.privateinternetaccess.com=PIA - Japan
|
|
||||||
mexico.privateinternetaccess.com=PIA - Mexico
|
|
||||||
nl.privateinternetaccess.com=PIA - Netherlands
|
|
||||||
no.privateinternetaccess.com=PIA - Norway
|
|
||||||
sg.privateinternetaccess.com=PIA - Singapore
|
|
||||||
spain.privateinternetaccess.com=PIA - Spain
|
|
||||||
sweden.privateinternetaccess.com=PIA - Sweden
|
|
||||||
swiss.privateinternetaccess.com=PIA - Switzerland
|
|
||||||
turkey.privateinternetaccess.com=PIA - Turkey
|
|
||||||
uk-london.privateinternetaccess.com=PIA - UK (London)
|
|
||||||
brazil.privateinternetaccess.com=PIA - Brazil
|
|
||||||
EOF
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Setup NeworkManager Profiles
|
|
||||||
|
|
||||||
Some fancy bash tricks to get the full list of NetworkManager PIA connections imported in one copy/paste.
|
|
||||||
|
|
||||||
*Note: You'll need to fill in ```[your_username]``` and ```[your_password]``` before running this block of commands.
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
export PIA_USER="[your_username]"
|
|
||||||
export PIA_PASSWORD="[your_password]"
|
|
||||||
while read line;
|
|
||||||
do
|
|
||||||
desc=$(echo $line | cut -f2 -d'=')
|
|
||||||
dns=$(echo $line | cut -f1 -d'=')
|
|
||||||
file="/etc/NetworkManager/system-connections/$desc"
|
|
||||||
|
|
||||||
cat > "$file" <<EOF
|
|
||||||
[connection]
|
|
||||||
id=$desc
|
|
||||||
uuid=`uuidgen`
|
|
||||||
type=vpn
|
|
||||||
permissions=
|
|
||||||
secondaries=
|
|
||||||
|
|
||||||
[vpn]
|
|
||||||
connection-type=password
|
|
||||||
auth=SHA256
|
|
||||||
password-flags=0
|
|
||||||
remote=${dns}:1197
|
|
||||||
cipher=AES-256-CBC
|
|
||||||
comp-lzo=yes
|
|
||||||
reneg-seconds=0
|
|
||||||
remote-cert-tls=server
|
|
||||||
ca=/etc/pia/openvpn-strong/ca.rsa.4096.crt
|
|
||||||
dev=tun
|
|
||||||
service-type=org.freedesktop.NetworkManager.openvpn
|
|
||||||
username=${PIA_USER}
|
|
||||||
|
|
||||||
[vpn-secrets]
|
|
||||||
password=${PIA_PASSWORD}
|
|
||||||
|
|
||||||
[ipv4]
|
|
||||||
dns-search=
|
|
||||||
method=auto
|
|
||||||
|
|
||||||
[ipv6]
|
|
||||||
addr-gen-mode=stable-privacy
|
|
||||||
dns-search=
|
|
||||||
method=auto
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 "$file"
|
|
||||||
|
|
||||||
done < /etc/pia/server_list.txt
|
|
||||||
|
|
||||||
systemctl restart NetworkManager
|
|
||||||
nmcli con show
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
## Testing VPN (Post Setup)
|
|
||||||
|
|
||||||
Go to each link below and verify you're safe.
|
|
||||||
|
|
||||||
- [https://www.privateinternetaccess.com/pages/whats-my-ip/](https://www.privateinternetaccess.com/pages/whats-my-ip/)
|
|
||||||
- [http://dnsleak.com/](http://dnsleak.com/)
|
|
||||||
- [http://ipv6leak.com/](http://ipv6leak.com/)
|
|
||||||
- [http://emailipleak.com/](http://emailipleak.com/)
|
|
|
@ -8,8 +8,6 @@ The author *strongly* recommends reading through this and adapting to other serv
|
||||||
|
|
||||||
## Inspiration / Sources
|
## Inspiration / Sources
|
||||||
|
|
||||||
This is an adaptation of the [PIA](pia.md) setup but for vpn.ac instead.
|
|
||||||
|
|
||||||
- [https://vpn.ac/ovpn](https://vpn.ac/ovpn)
|
- [https://vpn.ac/ovpn](https://vpn.ac/ovpn)
|
||||||
|
|
||||||
## Prep Work
|
## Prep Work
|
||||||
|
|
|
@ -15,7 +15,7 @@ Some basic setup for auto-connecting a *specific* VPN connection. You'll need/wa
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
# Get UUID for PIA endpoint you want as a default
|
# Get UUID for endpoint you want as a default
|
||||||
nmcli con show
|
nmcli con show
|
||||||
mkdir /etc/autovpn
|
mkdir /etc/autovpn
|
||||||
# Setup the default so it can be used via autovpn script (see below)
|
# Setup the default so it can be used via autovpn script (see below)
|
||||||
|
|
Reference in New Issue