Private Internet Access with OpenVPN: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
Created page with "Install OpenVPN <pre> apt -y install openvpn </pre> Download PIA Config Files <pre> wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip </pre>..." |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Install OpenVPN | = Install OpenVPN = | ||
<pre> | <pre> | ||
| Line 5: | Line 5: | ||
</pre> | </pre> | ||
Download PIA Config Files | |||
= Download PIA Config Files = | |||
<pre> | <pre> | ||
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip | wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip | ||
</pre> | </pre> | ||
Extract Config Files | == Extract Config Files == | ||
<pre> | <pre> | ||
unzip /tmp/openvpn.zip -d /opt/openvpn | unzip /tmp/openvpn.zip -d /opt/openvpn | ||
cp /opt/openvpn/ | cp /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf | ||
cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/ | cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/ | ||
</pre> | </pre> | ||
Create Login File | == Create Login File == | ||
<pre> | <pre> | ||
vi /etc/openvpn/login | vi /etc/openvpn/login.conf | ||
</pre> | </pre> | ||
| Line 26: | Line 27: | ||
p123456 | p123456 | ||
asw34fds34 | asw34fds34 | ||
</pre> | |||
Secure login file | |||
<pre> | |||
chmod 600 /etc/openvpn/login.conf | |||
</pre> | </pre> | ||
Update the config file to use your username and password rather than prompting. | Update the config file to use your username and password rather than prompting. | ||
<pre> | <pre> | ||
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login/' /etc/openvpn/sydney.conf | sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf | ||
</pre> | </pre> | ||
== Run == | |||
Does the service run | Does the service run | ||
<pre> | <pre> | ||
| Line 38: | Line 45: | ||
</pre> | </pre> | ||
= Verify = | |||
Open another session and verify IP address | Open another session and verify IP address | ||
<pre> | <pre> | ||
| Line 44: | Line 51: | ||
</pre> | </pre> | ||
= Service Control = | |||
If all good enable services on startup. | If all good enable services on startup. By default all VPN config files will start. If only using a single VPN then ignore these section. | ||
<pre> | <pre> | ||
systemctl disable openvpn | |||
systemctl enable openvpn@sydney | systemctl enable openvpn@sydney | ||
</pre> | </pre> | ||
= IPv6 = | |||
If you have a public IPv6 address disable IPv6 | If you have a public IPv6 address disable IPv6 | ||
<pre> | <pre> | ||
| Line 59: | Line 67: | ||
EOF | EOF | ||
</pre> | </pre> | ||
= Tightened Security = | |||
With the configurfaiton file in this case sydney.conf | |||
== IPv6 == | |||
<pre> | |||
pull-filter ignore "route-ipv6" | |||
pull-filter ignore "ifconfig-ipv6" | |||
</pre> | |||
== Caching == | |||
<pre> | |||
auth-nocache | |||
</pre> | |||
= NAT = | |||
If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes. | |||
To allow the device to NAT traffic over the VPN. | |||
<pre> | |||
iptables -A POSTROUTING -o tun0 -s 192.168.1.0/24 -t nat -j MASQUERADE | |||
</pre> | |||
Show Tables | |||
<pre> | |||
iptables -t nat -nvL | |||
</pre> | |||
Delete Tables | |||
<pre> | |||
iptables -t nat -F | |||
</pre> | |||
You may also be interested in [[SOCKS Proxy]] | |||
[[Category : Debian]] | [[Category : Debian]] | ||
Latest revision as of 03:32, 11 June 2024
Install OpenVPN
apt -y install openvpn
Download PIA Config Files
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip
Extract Config Files
unzip /tmp/openvpn.zip -d /opt/openvpn cp /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/
Create Login File
vi /etc/openvpn/login.conf
Add your username and password to this file. Line one is your username and line two is the password
p123456 asw34fds34
Secure login file
chmod 600 /etc/openvpn/login.conf
Update the config file to use your username and password rather than prompting.
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf
Run
Does the service run
openvpn --config /etc/openvpn/sydney.conf
Verify
Open another session and verify IP address
curl ifconfig.co
Service Control
If all good enable services on startup. By default all VPN config files will start. If only using a single VPN then ignore these section.
systemctl disable openvpn systemctl enable openvpn@sydney
IPv6
If you have a public IPv6 address disable IPv6
cat >> /etc/sysctl.conf << EOF #Disable public IPv6 address net.ipv6.conf.all.disable_ipv6 = 1 EOF
Tightened Security
With the configurfaiton file in this case sydney.conf
IPv6
pull-filter ignore "route-ipv6" pull-filter ignore "ifconfig-ipv6"
Caching
auth-nocache
NAT
If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.
To allow the device to NAT traffic over the VPN.
iptables -A POSTROUTING -o tun0 -s 192.168.1.0/24 -t nat -j MASQUERADE
Show Tables
iptables -t nat -nvL
Delete Tables
iptables -t nat -F
You may also be interested in SOCKS Proxy
