Private Internet Access with OpenVPN
Install OpenVPN
apt -y install openvpn
Download PIA Config Files
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip -O /tmp/openvpn.zip
Extract Config Files
unzip /tmp/openvpn.zip -d /opt/openvpn cp /opt/openvpn/au_sydney.ovpn /etc/openvpn/sydney.conf cp /opt/openvpn/ca.rsa.2048.crt /opt/openvpn/crl.rsa.2048.pem /etc/openvpn/
Create Login File
vi /etc/openvpn/login.conf
Add your username and password to this file. Line one is your username and line two is the password
p123456 asw34fds34
Secure login file
chmod 600 /etc/openvpn/login.conf
Update the config file to use your username and password rather than prompting.
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/login.conf/' /etc/openvpn/sydney.conf
Run
Does the service run
openvpn --config /etc/openvpn/sydney.conf
Verify
Open another session and verify IP address
curl ifconfig.co
Service Control
If all good enable services on startup. By default all VPN config files will start. If only using a single VPN then ignore these section.
systemctl disable openvpn systemctl enable openvpn@sydney
IPv6
If you have a public IPv6 address disable IPv6
cat >> /etc/sysctl.conf << EOF #Disable public IPv6 address net.ipv6.conf.all.disable_ipv6 = 1 EOF
Tightened Security
With the configurfaiton file in this case sydney.conf
IPv6
pull-filter ignore "route-ipv6" pull-filter ignore "ifconfig-ipv6"
Caching
auth-nocache
NAT
If you want to set this device as a router so the other devices on your network can now use the VPN tunnel change the gateway on all your devces to look at this device and make the following changes.
To allow the device to NAT traffic over the VPN.
iptables -A POSTROUTING -o tun0 -s 192.168.1.0/24 -t nat -j MASQUERADE
Show Tables
iptables -t nat -nvL
Delete Tables
iptables -t nat -F
You may also be interested in SOCKS Proxy
