Private internet access linux

Manual Connection and Port Forwarding Scripts for Linux

Manual Connection and Port Forwarding Scripts for Linux

Dependencies

In order for the scripts to work, you will need the following packages:

  • curl
  • jq
  • (only for WireGuard) wg-quick and wireguard kernel module
  • (only for OpenVPN) openvpn

The process for retrieving and installing those packages will vary depending upon your operating system, and must be done at your own effort and discretion.

DOWNLOAD THE SCRIPTS

First, retrieve the necessary files. These compressed folders contain the scripts and security certificate required to establish a connection:

Once you have downloaded the compressed folder, decompress it for use.

USING THE SCRIPTS

Each of the bash scripts (shown as “SH File” in the image above) performs a specific task or set of tasks, and when passed the necessary variables on call, can be used independently.

The ‘run_setup.sh’ script operates differently, as it does not receive variable input on call, but instead provides a set of prompts that receive input and process the other scripts in response to the input provided. The easiest way to utilize this provision is with the run_setup.sh script.

To start, open a terminal interface and navigate to the folder containing the downloaded scripts, then run the following command :

You will first be prompted for the sudo (system administrator) password for your system — that is your computer password, unrelated to your PIA account.

You will then be asked for your PIA username, followed by your PIA *password.

*Note: the password input will not show anything you type; input is still received, this is an intentional security provision.

The following inquiries will be somewhat dependent upon your system setup, but you will then be prompted for input as to what kind of connection you want to establish. Note that the option designated with a capital letter will be the default input, which is assumed if no input, or unexpected input, is received.

Once you have finished responding to the prompts of run_setup.sh your system will attempt to establish an OpenVPN or WireGuard connection. Any complications will notify you of what is wrong, such as the input of improper login credentials.

MANAGING CONNECTIONS

OpenVPN connections and Wireguard connections started with this script will run in the background. Both will provide instructions as to how you will disconnect when you are ready:

Читайте также:  Посмотреть какие порты используются linux

For WireGuard connections, disconnecting requires running the terminal command :

For OpenVPN connections, you will be provided with a customized command that includes the process ID associated with the connection. An example of the command to close OpenVPN connections is :

If you are using the Port Forwarding feature, you must leave the script window open. Port forwarding will time out after 15 minutes or less if the script window is closed. The terminal output will provide the forwarded port you have been assigned, as well as when it will time-out.

Note, if you are using Port Forwarding and close the terminal window, your VPN connection will still remain active until you run one of the aforementioned commands to explicitly close the connection.

Источник

Private Internet Access/AUR

This article details the installation and usage of private-internet-access-vpn AUR . For the general information on the service and additional packages, see Private Internet Access.

  • All PIA applications got released as Open Source: https://github.com/pia-foss
  • WireGuard got added to the VPN servers and VPN Apps
  • VPN servers got migrated from Ubuntu 14 LTS to Arch Linux
  • All VPN servers now are encrypted via dm-crypt, following advice from Arch devs
  • All VPN services now run in memory via ramdisk

Installation

The package provides a tool that downloads the OpenVPN configuration files and stores them in /etc/openvpn . However, it updates the file names to better support using them on the command line.

Configuration for the package is stored in /etc/private-internet-access .

After installation

If there are any issues with connectivity and you are running connman , please restart connman-vpn.service .

Usage

Enabling auto-login

Note: This is a limitation of OpenVPN. See PIA’s Support Center: How can I make OpenVPN remember my username and password? [dead link 2021-05-17 ⓘ]

Enabling auto-login allows a user to connect to the VPN service without having to type any passwords on the command line (needed when using networkmanager ). To set this up, you must do the following:

  • Create /etc/private-internet-access/login.conf
  • Add your username and password in the file. Make sure LINE 1 is your username and LINE 2 is your password. Do not add any other text to the file or it will not work (this is a limitation of OpenVPN):
/etc/private-internet-access/login.conf
# chmod 0600 /etc/private-internet-access/login.conf # chown root:root /etc/private-internet-access/login.conf

This secures the access to the file from non-root users. Read more on File permissions and attributes. It is required when activating auto-login.

  • Run pia -a as root.
    • If you have networkmanager installed, it will create the configuration files for networkmanager . Make sure to restartnetworkmanager to see them.
    • If you have connman installed, it will create the configuration files for connman . Start connman-vpn.service if not running already. It will auto load the profiles.
    • Regardless, it will create the OpenVPN .conf files in /etc/openvpn/client .

    Tip: Disable auto-login in configurations by adding openvpn_auto_login = False to /etc/private-internet-access/pia.conf and running pia -a

    Manually connecting to VPN

    # openvpn —config /etc/openvpn/client/

    will be listed in the /etc/openvpn directory or run pia -l .

    Automatically connecting to VPN

    For connman

    • Get a list of all connman services and find the name of the VPN config (for example, Finland) in the second column
    . * Finland_VPN vpn_fi_privateinternetaccess_com_privateinternetaccess_com .
    # connmanctl connect vpn_fi_privateinternetaccess_com_privateinternetaccess_com
    • Edit the relevant settings file, e.g /var/lib/connman/vpn_fi_privateinternetaccess_com_privateinternetaccess_com/settings
    • Change the AutoConnect=false line to AutoConnect=true , save, exit, reboot
    • You can also configure autoconnect in the Details tab of cmstAUR
    • The VPN will keep working even after waking from suspend, unlike vanilla openvpn (see below)

    For openvpn you can look here: OpenVPN#systemd service configuration.

    Advanced options

    Warning: Protocols and port combinations no longer work as of Version 3.1. See Github Issue #17 or PIA’s Support — Which encryption/auth settings should I use for ports on your gateways?

    • Create /etc/private-internet-access/pia.conf
    • For the [pia] section:
    • For the [configure] section:

    Example configuration

    The configuration enables auto-login, configures only Connman and OpenVPN, uses port 8080 over UDP, and configures only US East, US West, Japan, UK London, and UK Southampton VPN endpoints. OpenVPN is always configured.

    /etc/private-internet-access/pia.conf
    [pia] openvpn_auto_login = True [configure] apps = cm port = 8080 hosts = US East, US West, Japan, UK London, UK Southampton

    Troubleshooting

    Using NetworkManager’s applet

    In order to use the network-manager-applet to connect:

    1. Right click the NetworkManager icon in the system tray
    2. and click Configure Network Connections.
    3. then click Add
    4. choose Import VPN.
    5. browse to /etc/openvpn/client/CA_Toronto.conf or whichever configuration you would like to use
    6. then click Open
    7. Remove only the :1198 from the Gateway: (if present) as only the domain name should be in this box
    8. for the Username: type in your p1234567 username
    9. for the Password: type in the password that goes with your p-xxxxx username
    10. then click Advanced.
    11. set Custom gateway port: and set it to 1198
    12. click on the Security tab
    13. set the Cipher: to AES-128-CBC
    14. set the HMAC Authentication: to SHA-1
    15. click OK
    16. click OK again

    DNS Leaks

    Concerning DNS Leaks (see python-pia/#13), NetworkManager leaks information due to how /etc/resolv.conf is setup. The script below was posted by @maximbaz to work around the problem. You may need to disable IPv6 if you continue to get leaks.

    /etc/NetworkManager/dispatcher.d/pia-vpn
    #!/bin/bash #/etc/NetworkManager/dispatcher.d/pia-vpn interface="$1" status=$2 case $status in vpn-up) if [[ $interface == "tun0" ]]; then chattr -i /etc/resolv.conf echo -e "nameserver 209.222.18.222\nnameserver 209.222.18.218" > /etc/resolv.conf chattr +i /etc/resolv.conf fi ;; vpn-down) if [[ $interface == "tun0" ]]; then chattr -i /etc/resolv.conf fi ;; esac

    See also

    Источник

    How to Use a VPN to Improve Security on Linux

    linux

    Linux – the technically superior operating system. It is open source, powerful, and gives you a lot of space to tinker around. Linux is preferred for many reasons and security is one of them. If you’re using Linux because of its security offerings, it makes sense to install a VPN on it to help keep it safe from hackers and snoopers.

    A VPN will encrypt your traffic as it leaves the system so if anyone is sitting in the middle, trying to listen to your conversations, they’ll get garbled data that is of no use to them.

    There are many ways in which you can install a VPN on your Linux system. Let’s see some of them.

    Using a Linux VPN app

    Not many VPN providers offer a client application for Linux users. Private Internet Access is among the few companies that have a VPN app for Linux devices.

    Here’s how you can install the app.

    1. Visit the Linux app page to get the latest software.
    2. Download the installer.
    3. Open the terminal
    4. Go to the directory in which the installer has been downloaded. Use the cd command for this. For example, cd Downloads
    5. Uncompress the VPN installer. Use the tar command. For example, tar –xzf pia-v82-installer-linux.tar.gz
    6. Run the installer. Use the command ./pia-v82-installer-linux.sh
    7. Your software is installed. Use the credentials that you have received from PIA on email.

    This is it. You can connect to the VPN and keep your activities secure from hackers, your ISP, and the government.

    Configuring a Linux VPN

    If you are not using PIA, you’ll have to configure the VPN manually. For Ubuntu, you might need an added Network Manager package for your particular VPN. But in most cases, Network Connections on the status bar will work for you.

    1. Click on Network Connections and a drop-down menu will open up.
    2. Click on VPN Connections.
    3. Select “Add a VPN Connection”

    But if this process doesn’t work for you, you can go to Settings and click on Network. Click on the Plus sign and add a network connection. Click on VPN.

    By default, you will most likely see PPTP. Here you can enter the username, password, and gateway provided by your VPN Company.

    However, if you don’t want to use PPTP, you’ll need to install additional packages for the particular protocol.

    These settings have to be done just once. When the VPN is installed, you’ll just have to connect to it without any further configuration.

    If you’re using Mint, the steps are pretty much the same as those for Ubuntu. Here are the steps for VPN configuration on Mint.

    1. Visit System Settings. Click on Network.
    2. The Mint Network Settings windows will be similar to that of Ubuntu.
    3. Click on the plus sign. This will let you add a network.
    4. Select VPN to add a VPN type.

    Since different VPNs have different processes, your VPN provider will let you know the exact process you need to follow for configuration.

    If your provider offers a custom app, that’s the easiest way. But if they don’t, you can ask them for the specific instructions to configure the VPN on your Linux system.

    Источник

Оцените статью
Adblock
detector