Skip to main content

Use Private Internet Access (PIA) in DigitalOcean

tags: PrivateInternetAccess, Digital Ocean, VPS, VPN

This runs the PIA VPN using OpenVPN all from the command line.

sudo apt-get install openvpn network-manager-openvpn
Not sure if you need network-manager-openvpn.

sudo wget
Extract. Move ca.crt and crl.pem to /etc/openvpn

Move "Hong Kong.ovpn" to "/etc/openvpn/Hong Kong.config" for example.

Modified the following lines.

auth-user-pass /etc/openvpn/login.conf
route-up /etc/openvpn/

These are the contents of these files.

# cat /etc/openvpn/login.conf

Replace with your username and password.

# cat 

ip route flush table 100
ip route flush cache
ip rule add from x.x.x.x table 100
ip route add table 100 to y.y.y.y/y dev ethX
ip route add table 100 default via z.z.z.z

Replace x.x.x.x with your public IP address, y.y.y.y/y with your subnet. Compute using Hint: Input public IP and netmask, you should get your Network/Subnet.

Permissions of the previous files.

-r-------- 1 root root   20 Jan 11 04:27 login.conf
-rw-r--r-- 1 root root  284 Jan 11 14:51 Hong Kong.conf

You can then run the VPN.

/etc/openvpn# openvpn "Hong Kong.conf"
Sun Jan 11 14:52:20 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Sun Jan 11 14:52:20 2015 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
Sun Jan 11 14:52:20 2015 UDPv4 link local: [undef]
Sun Jan 11 14:52:20 2015 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:20 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 11 14:52:21 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:24 2015 TUN/TAP device tun0 opened
Sun Jan 11 14:52:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 11 14:52:24 2015 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 11 14:52:24 2015 /sbin/ip addr add dev tun0 local y.y.y.y peer z.z.z.z
Sun Jan 11 14:52:24 2015 WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
Sun Jan 11 14:52:24 2015 WARNING: Failed running command (--route-up): external program fork failed
Sun Jan 11 14:52:24 2015 Initialization Sequence Completed

Check out this page how to auto-start.

To be able to port forward.

curl -d "user=USERNAME&pass=PASSWORD&client_id=UNIQUE_CLIENT_ID&local_ip=INTERNAL_IP_FROM_PIA"


UNIQUE_CLIENT_ID you can get using (commands OS X only):

$ head -n 100 /dev/urandom | md5 > ~/.pia_client_id
$ cat ~/.pia_client_id

Internal IP is of the form 10.x.x.x.

curl should reply with something like.


You can test using.

wget -O - -q ; echo

Hints taken from:


Popular posts from this blog

Globe's HOOQ.TV an (unethical) scam!!

After being terribly disappointed with the subscription stage and after also after a very disappointing test drive (at least Netflix tries to be do-no-evil), I am now very disappointed with the un-subscription of with Globe.

Globe sends me a message:

Hi! We'd like to remind you that your free HOOQ will end in 7 days on 10/27/2015. Upon expiry, your subscription will auto-renew to the paid version for P149 per month. If you don't want the paid version, text HOOQ STOP to 8888. before the expiry date. Thank you!

I send the HOOQ STOP to 888 and received:

Sorry, you have entered an invalid keyword. Please make sure your keyword is correct with no extra characters and spaces. For more info on promos, dial *143#, FREE from your Globe/TM mobile phone.

I called Globe Support (211).

Here's the scam:

- GoSurf 999 comes with the HOOQ Free Plan

- After the Free HOOQ Plan (which you did not use because it sucks) expires, it will auto-renew without your consent (!!! UNETHICAL !!!…

ld: unrecognized option '--hash-style=both'

gcc -Wl,,-export-dynamic obj_linux-native/socketdev_listener.o \
contiki-linux-native.a -o testv6.linux-native
/usr/local/bin/ld: unrecognized option '--hash-style=both'
/usr/local/bin/ld: use the --help option for usage information
collect2: ld returned 1 exit status

If you look closely, the error is something related to the local gcc not using the host's linker (ld).

$ which gcc

$ which ld

For some reason, I messed my compiler path. To synchronized gcc to use the host's dynamic linker (i.e. /usr/bin/ld), set the environment variable COMPILER_PATH to /usr/bin.

$ export COMPILER_PATH=/usr/bin

$ gcc -print-prog-name=ld