Private Internet Access/AUR

From ArchWiki
Jump to: navigation, search
Note: This is not meant to be installed through pipAUR directly. See [1] for more information.

This article details the installation and usage of private-internet-access-vpnAUR. For the general information on the service and additional packages, see Private Internet Access.

Installation

Install the private-internet-access-vpnAUR or private-internet-access-vpn-devAURpackage.

The package provides a tool that downloads the OpenVPN configuration files and stores them in /etc/openvpn. However, it updates the file names to better support using them on the command line.

Configuration for the package is stored in /etc/private-internet-access

After installation

If there are any issues with connectivity and you are running connman, please restart connman-vpn.service.

Usage

Enabling auto-login

Enabling auto-login allows a user to connect to the VPN service without having type any passwords on the command line (needed when using networkmanager). To set this up, you must do the following:

  • Create /etc/private-internet-access/login.conf
  • Add your username and password in the file. Make sure LINE 1 is your username and LINE 2 is your password. Do not add any other text to the file or it will not work (this is a limitation of OpenVPN):
/etc/private-internet-access/login.conf
USERNAME
PASSWORD
  • Change permissions of the file to 0600 and owner to root:root:
# chmod 0600 /etc/private-internet-access/login.conf
# chown root:root /etc/private-internet-access/login.conf
This secures the access to the file from non-root users. Read more on File permissions and attributes. It is required when activating auto-login.
  • Run pia -a as root.
    • If you have networkmanager installed, it will create the configuration files for networkmanager. Make sure to restart networkmanager to see them.
    • If you have connman installed, it will create the configuration files for connman. Start connman-vpn.service if not running already. It will auto load the profiles.
    • Regardless, it will create the OpenVPN .conf files in /etc/openvpn.
Tip: Disable auto-login in configurations by adding openvpn_auto_login = False to /etc/private-internet-access/pia.conf and running pia -a

Manually connecting to VPN

Run openvpn --config /etc/openvpn/client/{config_file_name} as root. {config_file_name} will be listed in the /etc/openvpn directory or run pia -l.

Automatically connect to VPN

  1. enable the connman-vpn.service.
  2. Run pia -a as root.
Note: These are unsupported configurations.

Advanced options

Warning: Protocols and port combinations no longer work as of Version 3.1. See Github Issue #17 or PIA's Support - Which encryption/auth settings should I use for ports on your gateways?
  • Create /etc/private-internet-access/pia.conf
  • For the [pia] section:
option option values description
openvpn_auto_login True,False Default: True; Configures if OpenVPN configuration files should have auto-login enabled. See #Enabling auto-login
  • For the [configure] section:
option option values description
apps cm, nm Default: all; This configures which applications are configured. The application will configure all applications installed; however, if a user only needed configurations for Conman, then setting this to 'cm' would generate only those configurations even if they had NetworkManager installed. OpenVPN configurations are always generated. cm = Conman; nm = NetworkManager
port See for list: PIA's Support -
Which encryption/auth settings should I use for ports on your gateways?
Default: 1198

Example configuration

The configuration enables auto-login, configures only Connman and OpenVPN, uses port 8080 over UDP, and configures only US East, US West, Japan, UK London, and UK Southampton VPN endpoints. OpenVPN is always configured.

/etc/private-internet-access-vpn/pia.conf

[pia]
openvpn_auto_login = True

[configure]
apps = cm
port = 8080
hosts = US East, US West, Japan, UK London, UK Southampton

Troubleshooting

In order to use the NetworkManager applet to connect:

  1. Right click the NetworkManager icon in the system tray
  2. and click Configure Network Connections...
  3. then click Add
  4. choose Import VPN...
  5. browse to /etc/openvpn/client/CA_Toronto.conf or whichever configuration you would like to use
  6. then click Open
  7. Remove only the :1198 from the Gateway: (if present) as only the domain name should be in this box
  8. for the Username: type in your p1234567 username
  9. for the Password: type in the password that goes with your p-xxxxx username
  10. then click Advanced...
  11. set Custom gateway port: and set it to 1198
  12. click on the Security tab
  13. set the Cipher: to AES-128-CBC
  14. set the HMAC Authentication: to SHA-1
  15. click OK
  16. click OK again

Concerning DNS Leaks (see python-pia/#13), NetworkManager leaks information due to how /etc/resolv.conf is setup. The script below was posted by @maximbaz to work around the problem. You may need to disable IPv6 if you continue to get leaks.

/etc/NetworkManager/dispatcher.d/pia-vpn

#!/bin/bash
#/etc/NetworkManager/dispatcher.d/pia-vpn

interface="$1"
status=$2

case $status in
  vpn-up)
    if [[ $interface == "tun0" ]]; then
      chattr -i /etc/resolv.conf
      echo -e "nameserver 209.222.18.222\nnameserver 209.222.18.218" > /etc/resolv.conf
      chattr +i /etc/resolv.conf
    fi
    ;;
  vpn-down)
    if [[ $interface == "tun0" ]]; then
      chattr -i /etc/resolv.conf
    fi
    ;;
esac

See also