Skip to main content

Use Private Internet Access (PIA) in DigitalOcean

tags: PrivateInternetAccess, Digital Ocean, VPS, VPN

This runs the PIA VPN using OpenVPN all from the command line.

sudo apt-get install openvpn network-manager-openvpn
Not sure if you need network-manager-openvpn.

sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
Extract. Move ca.crt and crl.pem to /etc/openvpn

Move "Hong Kong.ovpn" to "/etc/openvpn/Hong Kong.config" for example.

Modified the following lines.

auth-user-pass /etc/openvpn/login.conf
route-up /etc/openvpn/route-up.sh

These are the contents of these files.

# cat /etc/openvpn/login.conf
username
password

Replace with your username and password.

# cat route-up.sh 
#!/bin/bash

ip route flush table 100
ip route flush cache
ip rule add from x.x.x.x table 100
ip route add table 100 to y.y.y.y/y dev ethX
ip route add table 100 default via z.z.z.z

Replace x.x.x.x with your public IP address, y.y.y.y/y with your subnet. Compute using http://jodies.de/ipcalc. Hint: Input public IP and netmask, you should get your Network/Subnet.

Permissions of the previous files.

-r-------- 1 root root   20 Jan 11 04:27 login.conf
-rw-r--r-- 1 root root  284 Jan 11 14:51 Hong Kong.conf

You can then run the VPN.

/etc/openvpn# openvpn "Hong Kong.conf"
Sun Jan 11 14:52:20 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Sun Jan 11 14:52:20 2015 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
Sun Jan 11 14:52:20 2015 UDPv4 link local: [undef]
Sun Jan 11 14:52:20 2015 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:20 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 11 14:52:21 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:24 2015 TUN/TAP device tun0 opened
Sun Jan 11 14:52:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 11 14:52:24 2015 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 11 14:52:24 2015 /sbin/ip addr add dev tun0 local y.y.y.y peer z.z.z.z
Sun Jan 11 14:52:24 2015 WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
Sun Jan 11 14:52:24 2015 WARNING: Failed running command (--route-up): external program fork failed
Sun Jan 11 14:52:24 2015 Initialization Sequence Completed

Check out this page how to auto-start.

To be able to port forward.

curl -d "user=USERNAME&pass=PASSWORD&client_id=UNIQUE_CLIENT_ID&local_ip=INTERNAL_IP_FROM_PIA" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment

Replace USERNAME, PASSWORD, UNIQUE_CLIENT_ID, and INTERNAL_IP_FROM_PIA.

UNIQUE_CLIENT_ID you can get using (commands OS X only):

$ head -n 100 /dev/urandom | md5 > ~/.pia_client_id
$ cat ~/.pia_client_id

Internal IP is of the form 10.x.x.x.

curl should reply with something like.

{"port":49845}

You can test using.

wget http://ipecho.net/plain -O - -q ; echo
109.201.152.14

Hints taken from:

https://www.privateinternetaccess.com/forum/discussion/180/port-forwarding-without-the-application-advanced-users

http://serverfault.com/questions/515272/openvpn-bypass-on-some-ports

https://forum.linode.com/viewtopic.php?p=50114&sid=b440414422596bb7dbc96cf7c9ee511f#p50114

http://raspinotes.wordpress.com/2013/06/04/setup-vpn-with-privateinternetaccess-com/comment-page-1/



Comments

Popular posts from this blog

Globe's HOOQ.TV an (unethical) scam!!

After being terribly disappointed with the subscription stage and after also after a very disappointing test drive (at least Netflix tries to be do-no-evil), I am now very disappointed with the un-subscription of HOOQ.tv with Globe.


Globe sends me a message:


Hi! We'd like to remind you that your free HOOQ will end in 7 days on 10/27/2015. Upon expiry, your subscription will auto-renew to the paid version for P149 per month. If you don't want the paid version, text HOOQ STOP to 8888. before the expiry date. Thank you!


I send the HOOQ STOP to 888 and received:


Sorry, you have entered an invalid keyword. Please make sure your keyword is correct with no extra characters and spaces. For more info on promos, dial *143#, FREE from your Globe/TM mobile phone.


I called Globe Support (211).


Here's the scam:


- GoSurf 999 comes with the HOOQ Free Plan


- After the Free HOOQ Plan (which you did not use because it sucks) expires, it will auto-renew without your consent (!!! UNETHICAL !!!…

aircrack-ng (rt2x00 Mac80211 Linux wireless stack) in Ubuntu Trusty 14.04 (14.0.4.1) LTS

Ubuntu is actually installed in a Virtualbox virtual machine on Mac OS X Yosemite 10.10 (10.10.2). Before proceeding read the important intro below from http://www.aircrack-ng.org/doku.php?id=cracking_wpa#introduction
Install aircrack-ng suite.

$ sudo apt-get install aircrack-ng
It should install and provide the following.
# dpkg -s aircrack-ng Package: aircrack-ng Status: install ok installed Priority: optional Section: net Installed-Size: 2167 Maintainer: Ubuntu Developers Architecture: amd64 Version: 1:1.1-6 Depends: libc6 (>= 2.15), libgcrypt11 (>= 1.4.5), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4), wireless-tools, iw Recommends: wget Description: wireless WEP/WPA cracking utilities  aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a  40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets  have been gathered. Also it can attack WPA1/2 networks with some advanced  methods or simply by brute force.  .  It implements the standard FMS attack alon…