Private Internet Access VPN
PIA is a subscription based service provided from PIA. See its How It Works page for more information.
Contents
Requirements
PIA supports nearly any operating system and solution any user would need. This guide automatically sets up the configurations for PIA which works for most Arch Linux users.
Installation
Install the private-internet-access-vpnAUR or private-internet-access-vpn-devAURpackage.
The package provides a tool that downloads the OPENVPN CONFIGURATION FILES (DEFAULT) and stores them in /etc/openvpn
. However, it updates the file names to better support using them on the command line.
Configuration for the package is stored in /etc/private-internet-access
After Installation
If there are any issues with connectivity and you are running connman, please restart connman-vpn.service
.
Usage
Enabling auto-login
Enabling auto-login allows a user to connect to the VPN service without having type any passwords on the command line (needed when using networkmanager). To set this up, you must do the following:
- Create
/etc/private-internet-access/login.conf
- Add your username and password in the file. Make sure LINE 1 is your username and LINE 2 is your password. Do not add any other text to the file or it will not work (this is a limitation of OpenVPN):
/etc/private-internet-access/login.conf
USERNAME PASSWORD
- Change permissions of the file to 0600 and owner to root:root:
# chmod 0600 /etc/private-internet-access/login.conf # chown root:root /etc/private-internet-access/login.confThis secures the access to the file from non-root users. Read more on File permissions and attributes. It is required when activating auto-login.
- Run
pia -a
as root.- If you have networkmanager installed, it will create the configuration files for networkmanager. Make sure to restart networkmanager to see them.
- If you have connman installed, it will create the configuration files for connman. Start
connman-vpn.service
if not running already. It will auto load the profiles. - Regardless, it will create the OpenVPN
.conf
files in/etc/openvpn
.
Manually Connecting to VPN
Run openvpn --config /etc/openvpn/{config_file_name}
as root. {config_file_name}
will be listed in the /etc/openvpn directory or run pia -l
.
Automatically connect to VPN
- For connman:
-
enable the
connman-vpn.service
. - Run
pia -a
as root.
- For openvpn you can look here: OpenVPN#systemd service configuration.
Advanced Options
- Create
/etc/private-internet-access/pia.conf
- For the
[pia]
section:
option | option values | description |
---|---|---|
openvpn_auto_login | True,False | Default: True; Configures if OpenVPN configuration files should have auto-login enabled. See #Enabling auto-login |
strong_encryption | True,False | Default: False; Configures strong encryption. Uses port 1197, cipher aes-256-cbc, auth sha256. Custom configurations for port, cipher, and auth are ignored when enabling this option. |
- For the
[configure]
section:
option | option values | description |
---|---|---|
apps | cm, nm | Default: all; This configures which applications are configured. The application will configure all applications installed; however, if a user only needed configurations for Conman, then setting this to 'cm' would generate only those configurations even if they had NetworkManager installed. OpenVPN configurations are always generated. cm = Conman; nm = NetworkManager |
port | 501, 502, 1197, 1198 | Default: 1198; This configures which port and protocol the VPN uses. 501,502=TCP; 1197,1198=UDP |
cipher | aes-128-cbc, aes-256-cbc, bf-cbc, None | Default: aes-128-cbc; This configures the data encryption cipher. |
auth | sha1, sha256, None | Default: sha1; This configures the data authentication. |
Example Configuration
The configuration enables auto-login, configures only Connman and OpenVPN, uses port 8080 over UDP, and configures only US East, US West, Japan, UK London, and UK Southampton VPN endpoints. OpenVPN is always configured.
/etc/private-internet-access-vpn/pia.conf
[pia] openvpn_auto_login = True [configure] apps = cm port = UDP/8080 hosts = US East, US West, Japan, UK London, UK Southampton