Private Internet Access/AUR
This article details the installation and usage of private-internet-access-vpnAUR. For the general information on the service and additional packages, see Private Internet Access.
Contents
Installation
Install the private-internet-access-vpnAUR or private-internet-access-vpn-devAURpackage.
The package provides a tool that downloads the OpenVPN configuration files and stores them in /etc/openvpn. However, it updates the file names to better support using them on the command line.
Configuration for the package is stored in /etc/private-internet-access.
After installation
If there are any issues with connectivity and you are running connman, please restart connman-vpn.service.
Usage
Enabling auto-login
Enabling auto-login allows a user to connect to the VPN service without having to type any passwords on the command line (needed when using networkmanager). To set this up, you must do the following:
- Create
/etc/private-internet-access/login.conf - Add your username and password in the file. Make sure LINE 1 is your username and LINE 2 is your password. Do not add any other text to the file or it will not work (this is a limitation of OpenVPN):
/etc/private-internet-access/login.conf
USERNAME PASSWORD
- Change permissions of the file to 0600 and owner to root:root:
# chmod 0600 /etc/private-internet-access/login.conf # chown root:root /etc/private-internet-access/login.conf
This secures the access to the file from non-root users. Read more on File permissions and attributes. It is required when activating auto-login.
- Run
pia -aas root.- If you have networkmanager installed, it will create the configuration files for networkmanager. Make sure to restart networkmanager to see them.
- If you have connman installed, it will create the configuration files for connman. Start
connman-vpn.serviceif not running already. It will auto load the profiles. - Regardless, it will create the OpenVPN
.conffiles in/etc/openvpn.
openvpn_auto_login = False to /etc/private-internet-access/pia.conf and running pia -a Manually connecting to VPN
Run openvpn --config /etc/openvpn/client/{config_file_name} as root. {config_file_name} will be listed in the /etc/openvpn directory or run pia -l.
Automatically connect to VPN
- For connman:
-
enable the
connman-vpn.service. - Run
pia -aas root.
- For openvpn you can look here: OpenVPN#systemd service configuration.
Advanced options
- Create
/etc/private-internet-access/pia.conf - For the
[pia]section:
| option | option values | description |
|---|---|---|
| openvpn_auto_login | True,False | Default: True; Configures if OpenVPN configuration files should have auto-login enabled. See #Enabling auto-login |
- For the
[configure]section:
| option | option values | description |
|---|---|---|
| apps | cm, nm | Default: all; This configures which applications are configured. The application will configure all applications installed; however, if a user only needed configurations for Conman, then setting this to 'cm' would generate only those configurations even if they had NetworkManager installed. OpenVPN configurations are always generated. cm = Conman; nm = NetworkManager |
| port | See for list: PIA's Support - Which encryption/auth settings should I use for ports on your gateways? |
Default: 1198 |
Example configuration
The configuration enables auto-login, configures only Connman and OpenVPN, uses port 8080 over UDP, and configures only US East, US West, Japan, UK London, and UK Southampton VPN endpoints. OpenVPN is always configured.
/etc/private-internet-access-vpn/pia.conf
[pia] openvpn_auto_login = True [configure] apps = cm port = 8080 hosts = US East, US West, Japan, UK London, UK Southampton
Troubleshooting
Using NetworkManager's applet
In order to use the network-manager-applet to connect:
- Right click the NetworkManager icon in the system tray
- and click Configure Network Connections...
- then click Add
- choose Import VPN...
- browse to
/etc/openvpn/client/CA_Toronto.confor whichever configuration you would like to use - then click Open
- Remove only the
:1198from theGateway:(if present) as only the domain name should be in this box - for the
Username:type in yourp1234567username - for the
Password:type in the password that goes with yourp-xxxxxusername - then click Advanced...
- set
Custom gateway port:and set it to1198 - click on the Security tab
- set the
Cipher:toAES-128-CBC - set the
HMAC Authentication:toSHA-1 - click OK
- click OK again
DNS Leaks
Concerning DNS Leaks (see python-pia/#13), NetworkManager leaks information due to how /etc/resolv.conf is setup. The script below was posted by @maximbaz to work around the problem. You may need to disable IPv6 if you continue to get leaks.
/etc/NetworkManager/dispatcher.d/pia-vpn
#!/bin/bash
#/etc/NetworkManager/dispatcher.d/pia-vpn
interface="$1"
status=$2
case $status in
vpn-up)
if [[ $interface == "tun0" ]]; then
chattr -i /etc/resolv.conf
echo -e "nameserver 209.222.18.222\nnameserver 209.222.18.218" > /etc/resolv.conf
chattr +i /etc/resolv.conf
fi
;;
vpn-down)
if [[ $interface == "tun0" ]]; then
chattr -i /etc/resolv.conf
fi
;;
esac