Private Internet Access with OpenVPN: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
Install OpenVPN
= Install OpenVPN =


<pre>
<pre>
Line 6: Line 6:




Download PIA Config Files
= Download PIA Config Files =
<pre>
<pre>
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip
</pre>
</pre>


Extract Config Files
== Extract Config Files ==
<pre>
<pre>
unzip /tmp/openvpn.zip -d /opt/openvpn
unzip /tmp/openvpn.zip -d /opt/openvpn
cp /opt/openvpn/AU\ Sydney.ovpn /etc/openvpn/sydney.conf
cp /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf
cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/
cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/
</pre>
</pre>


Create Login File
== Create Login File ==
<pre>
<pre>
vi /etc/openvpn/login
vi /etc/openvpn/login.conf
</pre>
</pre>


Line 31: Line 31:
Secure login file
Secure login file
<pre>
<pre>
chmod 600 /etc/openvpn/login
chmod 600 /etc/openvpn/login.conf
</pre>
</pre>


Update the config file to use your username and password rather than prompting.
Update the config file to use your username and password rather than prompting.
<pre>
<pre>
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login/' /etc/openvpn/sydney.conf
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf
</pre>
</pre>


== Run ==
Does the service run
Does the service run
<pre>
<pre>
Line 44: Line 45:
</pre>
</pre>


 
= Verify =
Open another session and verify IP address
Open another session and verify IP address
<pre>
<pre>
Line 50: Line 51:
</pre>
</pre>


 
= Service Control =
If all good enable services on startup. By default all VPN config files will start.  If only using a single VPN then ignore these section.
If all good enable services on startup. By default all VPN config files will start.  If only using a single VPN then ignore these section.
<pre>
<pre>
Line 57: Line 58:
</pre>
</pre>


 
= IPv6 =
If you have a public IPv6 address disable IPv6
If you have a public IPv6 address disable IPv6
<pre>
<pre>
Line 67: Line 68:
</pre>
</pre>


= Tightened Security =
With the configurfaiton file in this case sydney.conf
== IPv6 ==
<pre>
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
</pre>
== Caching ==
<pre>
auth-nocache
</pre>


= NAT =
If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.
If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.



Latest revision as of 03:32, 11 June 2024

Install OpenVPN

apt -y install openvpn


Download PIA Config Files

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip

Extract Config Files

unzip /tmp/openvpn.zip -d /opt/openvpn
cp  /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf
cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/

Create Login File

vi /etc/openvpn/login.conf

Add your username and password to this file. Line one is your username and line two is the password

p123456
asw34fds34

Secure login file

chmod 600 /etc/openvpn/login.conf

Update the config file to use your username and password rather than prompting.

sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf

Run

Does the service run

openvpn --config /etc/openvpn/sydney.conf

Verify

Open another session and verify IP address

curl ifconfig.co

Service Control

If all good enable services on startup. By default all VPN config files will start. If only using a single VPN then ignore these section.

systemctl disable openvpn
systemctl enable openvpn@sydney

IPv6

If you have a public IPv6 address disable IPv6

cat >> /etc/sysctl.conf << EOF

#Disable public IPv6 address
net.ipv6.conf.all.disable_ipv6 = 1
EOF

Tightened Security

With the configurfaiton file in this case sydney.conf

IPv6

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

Caching

auth-nocache

NAT

If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.

To allow the device to NAT traffic over the VPN.

iptables -A POSTROUTING -o tun0 -s 192.168.1.0/24 -t nat -j MASQUERADE

Show Tables

iptables -t nat -nvL

Delete Tables

iptables -t nat -F


You may also be interested in SOCKS Proxy