257986

.

Thu Sep 27, 2018 11:53 pm

(deleted by user)
Last edited by 257986 on Sun Mar 14, 2021 5:47 pm, edited 4 times in total.

epoch1970
Posts: 6321
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Pi VPN Walkthru for Private Internet Access

Fri Sep 28, 2018 3:57 pm

257986 wrote:
Thu Sep 27, 2018 11:53 pm
Make a copy of your current network configuration

Code: Select all

sudo cp /etc/network/interfaces /etc/network/interfaces.bak
Change your network configuration file

Code: Select all

sudo nano /etc/network/interfaces
Are you sure this works with Raspbian Stretch as-is?
Why not use dhcpcd.conf for such as straightforward config?
Enable the VPN to enable itself at boot

Code: Select all

sudo systemctl enable openvpn@sw
Shouldn't that be "systemctl enable openvpn@ex"?
What about /etc/defaults/openvpn?
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

257986

Fri Sep 28, 2018 9:19 pm

(deleted by user)
Last edited by 257986 on Sun Mar 14, 2021 5:43 pm, edited 1 time in total.

257986

Sat Sep 29, 2018 11:20 pm

{deleted by user)
Last edited by 257986 on Sun Mar 14, 2021 5:43 pm, edited 2 times in total.

257986

Sun Feb 03, 2019 11:51 pm

(deleted by user)
Last edited by 257986 on Sun Mar 14, 2021 5:45 pm, edited 2 times in total.

rpifive
Posts: 1
Joined: Fri Feb 15, 2019 9:19 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Fri Feb 15, 2019 9:22 pm

You have a typo:
crl-verif /etc/openvpn/crl.rsa.2048.pem

should be
crl-verify /etc/openvpn/crl.rsa.2048.pem

Tonya2534
Posts: 1
Joined: Thu Feb 21, 2019 10:20 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Feb 21, 2019 10:51 am

You may be using the wrong words here. See the VPN server is the host itself. If you want traffic to reach the Internet through your Pi, then you need the VPN Client vivavideo

Gudlad
Posts: 1
Joined: Mon Mar 04, 2019 1:47 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Mon Mar 04, 2019 2:22 pm

Hya - not sure if I"m missing something here but the second and third line of this code isn't in the file when I copy it from the zipped folder - only the auth-user-pass. The VPN seems to work without it but I get the feeling they should be in.

auth-user-pass
ca ca.rsa.2048.crt
crl-verif crl.rsa.2048.pem

TO
Code: Select all

auth-user-pass /etc/openvpn/login
crl-verif /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt048.crt

Any advice for a Pi newbie or thoughts on why this would be missing would be greatly appreciated...

Plex7
Posts: 6
Joined: Mon Nov 11, 2019 8:56 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Mon Nov 11, 2019 9:13 am

I have tried and researched extensively how to fix this DNS leak. About 4 servers in the standard test and about 5-6 in the extensive test all connected to my ISP. My only other alternative is to block those IP addresses. But how?

Also, the post before me is true. Tutorial is slightly outdated.

Please help!

Plex7
Posts: 6
Joined: Mon Nov 11, 2019 8:56 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Tue Nov 12, 2019 9:02 am

FIX DNS LEAK!

Open Terminal and edit the resolv.conf file by typing

nano /etc/resolv.conf

go ahead and delete all the other DNS servers there...
then add the server IP of the Private Internet Access DNS Servers

nameserver 209.222.18.222
nameserver 209.222.18.218

Save and exit the file and then reboot.

You will need to grant access to pi to edit the file. Prior to this, input this: sudo chown -R pi /etc/resolv.conf

Do the changes above and grant access back to root otherwise "sudo" won't work anymore with

pkexec chown root:root /etc/sudoers /etc/sudoers.d -R

Cob
Posts: 28
Joined: Tue Mar 05, 2013 2:03 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Tue Nov 12, 2019 5:10 pm

That change does not persist after the reboot.

will5023
Posts: 2
Joined: Thu Feb 06, 2020 9:26 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Feb 06, 2020 9:40 pm

When I run this part:
Each of the configuration files goes to a particular region/area. For this example, France is being used. Change the filename accordingly.
Code: Select all

sudo cp openvpn/France.ovpn /etc/openvpn/ex.conf
I get the following
cp: target '/etc/openvpn/ex.conf' is not a directory
Can you advise? I'm pretty new to Raspberry Pi/Linux.

iknowreal
Posts: 1
Joined: Fri Mar 20, 2020 11:31 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Fri Mar 20, 2020 11:34 pm

A Few questions the first is how do I use a VPN location that has spaces for example New York?
Also I have the same exact problem the previous poster had.

"cp: target '/etc/openvpn/ex.conf' is not a directory"

Please advise.

ggervais5
Posts: 2
Joined: Sun Apr 12, 2020 5:18 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Sun Apr 12, 2020 5:33 pm

I followed these instructions for my Raspberry PI 4, which I typically run headless and connect to via VNC. To complete the iptables commands, I had to connect it to a monitor and keyboard/mouse - it kept killing my VNC connection. With a monitor and keyboard/mouse, I was able to complete the rest of the setup. However, I can no longer connect to the PI via VNC nor SSH. I tried adding ports 22 and 5900 as INPUT in iptables, but still no access. When directly connected to the PI, I am able to browse the web over VPN just fine.

What am I missing?

Prior to setting up for PIA, I had set up a static IP using dhcpcd.conf with these lines:

interface eth0
static ip_address=192.168.1.15/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

So, I did not add the lines suggested in /etc/network/interfaces.

ggervais5
Posts: 2
Joined: Sun Apr 12, 2020 5:18 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Sun Apr 12, 2020 7:36 pm

I figured it out. The iptables settings were not being made persistent. It is all working now.

ramsdale
Posts: 1
Joined: Fri Apr 10, 2020 9:42 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Sat Apr 18, 2020 8:23 am

I have followed the guide and it works fine. I have one problem though. After a while I get disconnected from the VPN, does this happen to anybody else?

paqman
Posts: 28
Joined: Fri Sep 02, 2016 3:55 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Mon Apr 20, 2020 10:18 pm

So this works for me pretty flawlessly. dnsleaktest shows good, everything working. But I'm not sure how to add iptables rules back in to allow me to ssh in remotely? Also going to be running it headless and need to be able to ssh in. How do I allow port 22 in with iptables?

Edit: My bad, I didn't look at the rules closely when I pasted them in. My local network is 192.168.1.x. Now I just need to figure out how to delete all these rules lol.

bobmcguffin
Posts: 9
Joined: Thu Aug 20, 2020 3:33 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Aug 20, 2020 3:44 am

I might try this tutorial out as a last resort, but I have a question that I think you guys might be able to answer.

I want to install the Private Internet Access App on my Raspberry Pi, directly from the website, they have a download link for Linux in 64bit. When I try to run it, the mousepad will appear with 2 error messages before I can install it:

The Document Was Not UTF-8 Valid
Invalid Byte Sequence In Conversion Input

Does anyone know if there's an easy fix to this? This came as a huge surprise to me because I have the Raspberry Pi 4 model B and I've done sudo apt-get update and sudo apt-get upgrade and I'm running Raspbian with Debian. As far as I know this model of Pi can run 64bit apps for sure. I meet all the requirements to install PIA on my Raspberry PI, I've successfully paid for it and the "torrent box" tutorial I'm watching from techwiztime specifically suggests to be using PIA as your VPN.

I'm so confused, if you guys would know something about this I could use the help.
Thanks

fixxer5150
Posts: 1
Joined: Thu Oct 29, 2020 3:59 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Oct 29, 2020 4:29 am

UPDATE 28 OCT 2020:
257986 wrote:
Thu Sep 27, 2018 11:53 pm

Install OpenVPN.

Code: Select all

sudo apt-get install openvpn -y

Get the VPN configuration files for the VPN. I use PIA

Code: Select all

sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
This has changed since the PIA has went to "NextGen". US locations no longer work and this is going to be world-wide soon. Albania.ovpn (and probaby some others) still works on with the old config files but not for long.
The new wget is

Code: Select all

wget https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip
They are denying access to the US locations and mine failed a few days ago.
Found the announcment for "NextGen" in their announcements pages.

I had no need for most of the above process for checking the IP and setup and used much simpler checks before/after.

I also validated my deluge port was tunneling through the VPN appropriately with torrent tracking. Google one and find the one you like that does not want private info. You basically seed it in your torrent manager and check the IP it advertises and then delete it when you are done.

I also found it much easier to create a two-line document in the same directory called "pass.txt" with the only two entries:

(insert your username here)
(insert your password here)

and appending to the bottom of the .ovpn I use:

Code: Select all

auth-user-pass pass.txt
Then used Chron-e to setup the autostart. Chron has been much more reliable for me on debian using the Pi4B and latest Raspberry OS.

Hope this helps someone.

-fixxer5150

paqman
Posts: 28
Joined: Fri Sep 02, 2016 3:55 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Oct 29, 2020 4:16 pm

So I set this up last April, and it has been working flawlessly since then. Then all of the sudden this week I noticed it wasn't working. When I logged onto my pi to check it out, I noticed that I was not able to ping out to google or get my IP address. I shut down the iptables rules, and then I was able to ping out again. Openvpn seemed to be running, but I am still showing my local IP address. So I stopped openvpn, and started it on the console so I could read the output. About once a minute, it is giving me these errors:

Thu Oct 29 09:48:25 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct 29 09:48:25 2020 TLS Error: TLS handshake failed
Thu Oct 29 09:48:25 2020 SIGUSR1[soft,tls-error] received, process restarting
Thu Oct 29 09:48:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1198
Thu Oct 29 09:48:55 2020 UDP link local: (not bound)
Thu Oct 29 09:48:55 2020 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1198

The IP address it shows (that I x'd out), is not my local IP, so it looks like that is the IP address it is trying to assign me (from the PIA denver region). However when I curl icanhazip.com, it takes quite a while before coming back with my regular IP, not the PIA one.

Any idea why this is happening? I haven't made any changes to it, or to my network. This just started happening on it's own.

Zeno013
Posts: 1
Joined: Thu Oct 29, 2020 4:39 pm

Re: Pi VPN Walkthru for PIA Private Internet Access

Thu Oct 29, 2020 5:00 pm

have you tired openvpn-nextgen that fixxer5150 posted?

I had the same problem it died this morning after working for months. I upgraded to openvpn-nextgen then back up. I think this walk through needs to be updated now.

paqman
Posts: 28
Joined: Fri Sep 02, 2016 3:55 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Tue Nov 03, 2020 3:30 pm

Zeno013 wrote:have you tired openvpn-nextgen that fixxer5150 posted?

I had the same problem it died this morning after working for months. I upgraded to openvpn-nextgen then back up. I think this walk through needs to be updated now.
I had not! I had searched the comments for errors similar to mine, but didn't just plain read through them lol. Thank you that fixed my issue.

Plex7
Posts: 6
Joined: Mon Nov 11, 2019 8:56 am

Re: Pi VPN Walkthru for PIA Private Internet Access

Sun Mar 07, 2021 4:45 pm

I got it back working. Just needed to update the OVPN file, they're on their website. Remember to add /etc/openvpn/login for your credentials! Otherwise autoboot won't work.

I am having issues with their DNS servers though. Their customer support says they work..but won't work on my end. Slow connection, "resolving host" loading a page.

Return to “General discussion”