6.2 KiB
Private Internet Access (PIA)
This is a VERY advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
The author strongly recommends reading through this and adapting/tuning well ahead of any real need(s).
Inspiration / Sources
- http://blog.deadlypenguin.com/blog/2017/04/24/vpn-auto-connect-command-line/
- https://forums.linuxmint.com/viewtopic.php?t=97187
- https://unix.stackexchange.com/questions/301845/scripting-a-way-to-quickly-import-ovpn-files-to-networkmanager-on-ubuntu
- https://www.privateinternetaccess.com/pages/client-support/
Prep Work
Download PIA OpenVPN advanced configs, drop them in a good place on the filesystem and script import.
All files can be found Under Advanced OpenVPN SSL Restrictive Configurations
on the main PIA website.
Download PIA OpenVPN Template Files
mkdir -p /etc/pia
cd /etc/pia
mkdir openvpn-strong
cd openvpn-strong
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip
unzip openvpn-strong.zip
cd ..
mkdir openvpn-strong-tcp
cd openvpn-strong-tcp
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip
unzip openvpn-strong-tcp.zip
cd ..
Add OpenVPN To Network Manager
# NetworkManager Gnome is *required* to get a missing library on xenial
# OMIT Gnome item if you can get away with it...
apt update
apt install network-manager-openvpn
Cleanup Files for Import
The cipher lines in the templates provided by PIA won't work 100% correctly on import. These commands will clean them up for import.
cd /etc/pia
cd openvpn-strong
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
sed -i 's/sha256/SHA256/g' *.ovpn
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong/crl.rsa.4096.pem_g' *.ovpn
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong/ca.rsa.4096.crt_g' *.ovpn
cd ..
cd openvpn-strong-tcp
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
sed -i 's/sha256/SHA256/g' *.ovpn
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong-tcp/crl.rsa.4096.pem_g' *.ovpn
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong-tcp/ca.rsa.4096.crt_g' *.ovpn
cd ..
Import / Setup
Manual Import
Import the cleaned up, provided OpenVPN profiles. This will require intervention on your part after the profile is created in NetworkManager to ensure it can connect properly.
Note: this assumes UDP profiles, tweak for the openvpn-strong-tcp
directory if desired or necessary
Initial Import / Edit
nmcli connection import type openvpn file /etc/pia/openvpn-strong/[con_name].ovpn
nmcli con show
vim /etc/NetworkManager/system-connections/[con_name]
Adjustments/Necessary Verification
id=PIA - [con_name]
[vpn]
auth=SHA256
cipher=AES-256-CBC
password-flags=0
user-name=[your_username]
[vpn-secrets]
password=[your_password]
Update Profiles in NetworkManager
# Reload For Changes
nmcli connection reload [uuid_from_above]
# Connect
nmcli con up [uuid_from_above]
Scripted Import
Some automated imports based on how the ovpn
files are normally imported via nmcli
Note: this assumes UDP profiles, you'll need to tweak this as you see fit for TCP
Install uuidgen
apt update
apt install uuid-runtime
Create List of VPN Endpoints
cat > /etc/pia/server_list.txt << EOF
us-west.privateinternetaccess.com=PIA - USA (West)
us-east.privateinternetaccess.com=PIA - USA (East)
us-midwest.privateinternetaccess.com=PIA - USA (Midwest)
aus.privateinternetaccess.com=PIA - Australia (Sydney)
austria.privateinternetaccess.com=PIA - Austria
belgium.privateinternetaccess.com=PIA - Belgium
ca-toronto.privateinternetaccess.com=PIA - Canada (Toronto) (East)
ca-vancouver.privateinternetaccess.com=PIA - Canada (Vancouver) (West)
fi.privateinternetaccess.com=PIA - Finland
france.privateinternetaccess.com=PIA - France
germany.privateinternetaccess.com=PIA - Germany
hk.privateinternetaccess.com=PIA - Hong Kong
in.privateinternetaccess.com=PIA - India
japan.privateinternetaccess.com=PIA - Japan
mexico.privateinternetaccess.com=PIA - Mexico
nl.privateinternetaccess.com=PIA - Netherlands
no.privateinternetaccess.com=PIA - Norway
sg.privateinternetaccess.com=PIA - Singapore
spain.privateinternetaccess.com=PIA - Spain
sweden.privateinternetaccess.com=PIA - Sweden
swiss.privateinternetaccess.com=PIA - Switzerland
turkey.privateinternetaccess.com=PIA - Turkey
uk-london.privateinternetaccess.com=PIA - UK (London)
brazil.privateinternetaccess.com=PIA - Brazil
EOF
Setup NeworkManager Profiles
Some fancy bash tricks to get the full list of NetworkManager PIA connections imported in one copy/paste.
*Note: You'll need to fill in [your_username]
and [your_password]
before running this block of commands.
export PIA_USER="[your_username]"
export PIA_PASSWORD="[your_password]"
while read line;
do
desc=$(echo $line | cut -f2 -d'=')
dns=$(echo $line | cut -f1 -d'=')
file="/etc/NetworkManager/system-connections/$desc"
cat > "$file" <<EOF
[connection]
id=$desc
uuid=`uuidgen`
type=vpn
permissions=
secondaries=
[vpn]
connection-type=password
auth=SHA256
password-flags=0
remote=${dns}:1197
cipher=AES-256-CBC
comp-lzo=yes
reneg-seconds=0
remote-cert-tls=server
ca=/etc/pia/openvpn-strong/ca.rsa.4096.crt
dev=tun
service-type=org.freedesktop.NetworkManager.openvpn
username=${PIA_USER}
[vpn-secrets]
password=${PIA_PASSWORD}
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
EOF
chmod 600 "$file"
done < /etc/pia/server_list.txt
systemctl restart NetworkManager
nmcli con show
Testing VPN (Post Setup)
Go to each link below and verify you're safe.