Private Internet Access with OpenVPN: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
No edit summary
 
Line 68: Line 68:
</pre>
</pre>


= Enhanced Security =
= Tightened Security =
With the configurfaiton file in this case sydney.conf
With the configurfaiton file in this case sydney.conf


Line 77: Line 77:
</pre>
</pre>


== caching ==
== Caching ==
 
<pre>
<pre>
auth-nocache
auth-nocache

Latest revision as of 03:32, 11 June 2024

Install OpenVPN

apt -y install openvpn


Download PIA Config Files

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip

Extract Config Files

unzip /tmp/openvpn.zip -d /opt/openvpn
cp  /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf
cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/

Create Login File

vi /etc/openvpn/login.conf

Add your username and password to this file. Line one is your username and line two is the password

p123456
asw34fds34

Secure login file

chmod 600 /etc/openvpn/login.conf

Update the config file to use your username and password rather than prompting.

sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf

Run

Does the service run

openvpn --config /etc/openvpn/sydney.conf

Verify

Open another session and verify IP address

curl ifconfig.co

Service Control

If all good enable services on startup. By default all VPN config files will start. If only using a single VPN then ignore these section.

systemctl disable openvpn
systemctl enable openvpn@sydney

IPv6

If you have a public IPv6 address disable IPv6

cat >> /etc/sysctl.conf << EOF

#Disable public IPv6 address
net.ipv6.conf.all.disable_ipv6 = 1
EOF

Tightened Security

With the configurfaiton file in this case sydney.conf

IPv6

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

Caching

auth-nocache

NAT

If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.

To allow the device to NAT traffic over the VPN.

iptables -A POSTROUTING -o tun0 -s 192.168.1.0/24 -t nat -j MASQUERADE

Show Tables

iptables -t nat -nvL

Delete Tables

iptables -t nat -F


You may also be interested in SOCKS Proxy