Skip to main content

Use Private Internet Access (PIA) in DigitalOcean

tags: PrivateInternetAccess, Digital Ocean, VPS, VPN

This runs the PIA VPN using OpenVPN all from the command line.

sudo apt-get install openvpn network-manager-openvpn
Not sure if you need network-manager-openvpn.

sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
Extract. Move ca.crt and crl.pem to /etc/openvpn

Move "Hong Kong.ovpn" to "/etc/openvpn/Hong Kong.config" for example.

Modified the following lines.

auth-user-pass /etc/openvpn/login.conf
route-up /etc/openvpn/route-up.sh

These are the contents of these files.

# cat /etc/openvpn/login.conf
username
password

Replace with your username and password.

# cat route-up.sh 
#!/bin/bash

ip route flush table 100
ip route flush cache
ip rule add from x.x.x.x table 100
ip route add table 100 to y.y.y.y/y dev ethX
ip route add table 100 default via z.z.z.z

Replace x.x.x.x with your public IP address, y.y.y.y/y with your subnet. Compute using http://jodies.de/ipcalc. Hint: Input public IP and netmask, you should get your Network/Subnet.

Permissions of the previous files.

-r-------- 1 root root   20 Jan 11 04:27 login.conf
-rw-r--r-- 1 root root  284 Jan 11 14:51 Hong Kong.conf

You can then run the VPN.

/etc/openvpn# openvpn "Hong Kong.conf"
Sun Jan 11 14:52:20 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Sun Jan 11 14:52:20 2015 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
Sun Jan 11 14:52:20 2015 UDPv4 link local: [undef]
Sun Jan 11 14:52:20 2015 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:20 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 11 14:52:21 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sun Jan 11 14:52:24 2015 TUN/TAP device tun0 opened
Sun Jan 11 14:52:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 11 14:52:24 2015 /sbin/ip link set dev tun0 up mtu 1500
Sun Jan 11 14:52:24 2015 /sbin/ip addr add dev tun0 local y.y.y.y peer z.z.z.z
Sun Jan 11 14:52:24 2015 WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
Sun Jan 11 14:52:24 2015 WARNING: Failed running command (--route-up): external program fork failed
Sun Jan 11 14:52:24 2015 Initialization Sequence Completed

Check out this page how to auto-start.

To be able to port forward.

curl -d "user=USERNAME&pass=PASSWORD&client_id=UNIQUE_CLIENT_ID&local_ip=INTERNAL_IP_FROM_PIA" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment

Replace USERNAME, PASSWORD, UNIQUE_CLIENT_ID, and INTERNAL_IP_FROM_PIA.

UNIQUE_CLIENT_ID you can get using (commands OS X only):

$ head -n 100 /dev/urandom | md5 > ~/.pia_client_id
$ cat ~/.pia_client_id

Internal IP is of the form 10.x.x.x.

curl should reply with something like.

{"port":49845}

You can test using.

wget http://ipecho.net/plain -O - -q ; echo
109.201.152.14

Hints taken from:

https://www.privateinternetaccess.com/forum/discussion/180/port-forwarding-without-the-application-advanced-users

http://serverfault.com/questions/515272/openvpn-bypass-on-some-ports

https://forum.linode.com/viewtopic.php?p=50114&sid=b440414422596bb7dbc96cf7c9ee511f#p50114

http://raspinotes.wordpress.com/2013/06/04/setup-vpn-with-privateinternetaccess-com/comment-page-1/



Labels:

Comments

Post a Comment

Popular posts from this blog

ld: unrecognized option '--hash-style=both'

gcc -Wl,-Map=contiki.map,-export-dynamic testv6.co obj_linux-native/socketdev_listener.o \ contiki-linux-native.a -o testv6.linux-native /usr/local/bin/ld: unrecognized option '--hash-style=both' /usr/local/bin/ld: use the --help option for usage information collect2: ld returned 1 exit status If you look closely, the error is something related to the local gcc not using the host's linker (ld). $ which gcc /usr/bin/gcc $ which ld /usr/local/bin/ld For some reason, I messed my compiler path. To synchronized gcc to use the host's dynamic linker (i.e. /usr/bin/ld ), set the environment variable COMPILER_PATH to /usr/bin . $ export COMPILER_PATH=/usr/bin $ echo $COMPILER_PATH /usr/bin $ gcc -print-prog-name=ld /usr/bin/ld
9 comments
Read more

Ubuntu on Intel D945GCLF (with Intel Atom)

The rig: D945GCLF board Intel Atom @ 1.6GHZ w/HT It looks like it's a linux kernel bug: http://www.gossamer-threads.com/lists/linux/kernel/982159 The ethernet controller is: Realtek Semiconductor Co., Ltd. RTL8101E PCI Express Fast Ethernet controller (rev ff) does not seem to work in any of the Ubuntu versions. Fix: recompile the kernel with patch You can download my patched packages here (currently uploading, let me know if something is missing): http://mirakulo.com/pub/linux-image-2.6.24-21-patched/ NOTE: I got the .udeb packages because of this warning: dpkg-gencontrol: warning: deb package with udeb specific field Kernel-Version or you can do the following steps if you don't trust me: apt-get source linux-source-2.6.24 apt-get build-dep linux-source-2.6.24 aptitude install install devscripts build-essential fakeroot cd linux-2.6.24/ Get this patch: http://bugzilla.kernel.org/attachment.cgi?id=17604&action=view patch -p 1 debuild -us -uc -b Install the kernel that...
Post a Comment
Read more

Ebay scammer

+639056538210 09056538210 Gene Paminiano Claiming to be his wife: Ramona Carmen Paminiano City States savings account# 011-22-001124-3 TIP: Do not push with the transaction without hearing the seller/buyer's voice on the phone. Record the conversation for publicity purposes.
10 comments
Read more