I have already written about getting Private Internet Access running on Linux Mint back in 2016. Main reason is that with Linux Mint 18, not all DNS changes are properly propagated.
As OpenVPN client is installed by default these days, we only need to download PIA's OpenVPN configuration files. More careful ones will notice these files are slightly different than recommended default. These have VPN server IP instead of DNS name. While this might cause long term issues if that IP ever changes, it does help a lot with firewall setup as we won't need to poke a hole for DNS over our eth0 adapter.
From downloaded archive select .ovpn file with desired destination (usually going with one closest to you gives the best results) and also get both .crt and .pem file. Copy them all to your desktop and we'll use them later for setup. Yes, you can use any other directory too - this is just one I prefer.
With this done we can go into configuring VPN from Terminal window (replacing username
and password
with actual values):
# sudo mv ~/Desktop/*.crt /etc/openvpn/
# sudo mv ~/Desktop/*.pem /etc/openvpn/
# sudo mv ~/Desktop/*.ovpn /etc/openvpn/client.conf
# sudo sed -i "s*ca *ca /etc/openvpn/*" /etc/openvpn/client.conf
# sudo sed -i "s*crl-verify *crl-verify /etc/openvpn/*" /etc/openvpn/client.conf
# sudo echo "auth-user-pass /etc/openvpn/client.login" >> /etc/openvpn/client.conf
# sudo echo "mssfix 1400" >> /etc/openvpn/client.conf
# sudo echo "dhcp-option DNS 209.222.18.218" >> /etc/openvpn/client.conf
# sudo echo "dhcp-option DNS 209.222.18.222" >> /etc/openvpn/client.conf
# sudo echo "script-security 2" >> /etc/openvpn/client.conf
# sudo echo "up /etc/openvpn/update-resolv-conf" >> /etc/openvpn/client.conf
# sudo echo "down /etc/openvpn/update-resolv-conf" >> /etc/openvpn/client.conf
# unset HISTFILE
# echo 'username' | sudo tee -a /etc/openvpn/client.login
# echo 'password' | sudo tee -a /etc/openvpn/client.login
# sudo chmod 500 /etc/openvpn/client.login
Now we can test our VPN connection:
# sudo openvpn --config /etc/openvpn/client.conf
Assuming that this last step ended with Initialization Sequence Completed
, we just need to verify whether this connection is actually used and I've found whatismyipaddress.com quite helpful here. Just check if IP detected there is different then IP you usually get without VPN.
Stop the test connection using Ctrl+C
so we can configure automatic startup and test it.
# echo "AUTOSTART=all" | sudo tee -a /etc/default/openvpn
# sudo reboot
Once computer has booted and you are satisfied with VPN configuration, you can think about firewall and disabling default interface when VPN is not active. This means allowing traffic only on tun0 interface (VPN) and allowing only port 1198.
# sudo ufw reset
# sudo ufw default deny incoming
# sudo ufw default deny outgoing
# sudo ufw allow out on tun0
# sudo ufw allow out on `route | grep '^default' | grep -v "tun0$" | grep -o '[^ ]*$'` proto udp to `cat /etc/openvpn/client.conf | grep "^remote " | grep -o ' [^ ]* '` port 1198
# sudo ufw enable
Assuming all went well, VPN should be happily running.
thank you for your post : it seems to be exactly what I need
However I can only get as far as line 3 when I get the message
mv: target ‘/etc/openvpn/client.conf’ is not a directory
Possibly this is due to my lack of command line skill
Could you please post a more detailed set of instructions for newbies like me?
That means you have more than 1 file with extension .ovpn. Just delete all those other .ovpn files you don’t intend to use of use
mv
command with a specific file.