LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Problem Setting Up PIA VPN (- but nordVPN works fine) (https://www.linuxquestions.org/questions/slackware-14/problem-setting-up-pia-vpn-but-nordvpn-works-fine-4175655397/)

Captain Brillo 06-09-2019 05:44 AM
Problem Setting Up PIA VPN (- but nordVPN works fine)
 
I have no problem configuring NordVPN in Slackware, but I just can't figure it out with PIA.
I get an error message that

"The file “CA Toronto.ovpn” could not be read or does not contain recognized VPN connection information.
Error: the plugin does not support import capability"

These openvpn files from PIA are not the same as nord's openvpn files, and I can't get it to work.

The files are called:
crl.rsa.2048.pem
ca.rsa.2048.crt
CA Toronto.ovpn

Can someone step through how I add this connection?

Nille_kungen 06-09-2019 08:55 AM
Do you use openvpn from terminal or NetworkManager-openvpn?
I know that NetworkManager-openvpn sometimes doesn't work even if everything is set up as it should, i then remove the password and leave it blank and let the connection ask for password and save that password.
I don't know why but that often makes an vpn connetion work in networkmanager.
Have you tested the .ovpn with openvpn command?

Captain Brillo 06-09-2019 12:22 PM
I started over, and downloaded the openvpn files into /etc/openvpn, and did the extraction thing. Had to edit some file names to take out spaces.
This time I tried adding an Openvpn connection, instead of the "saved VPN configuration", which is how the other VPN works.

Now I have a VPN connection, but it times out without connecting.

I'm sure there's a thread(s) on here that talks about this, but I can't find it - any ideas?

BigTig 06-09-2019 12:30 PM
I use PIA and what I do is
1) install NetworkManager-OpenVPN from slackbuilds
2) extract the ovpn files to /etc/NetworkManager/PIA
3) use NetworkManger to add a connection
4) choose "import a saved VPN Configuration"
5) choose a file from "/etc/Networkmanager/PIA"
6) Enter my username/password
7) under "Advanced" I click "Use custom gateway port" and change it to 1198
8) That's it!

I think AlienBOB has a write up on how to do all this on his blog.

Nille_kungen 06-09-2019 06:17 PM
Quote:
Originally Posted by Captain Brillo (Post 6003607)
I started over, and downloaded the openvpn files into /etc/openvpn, and did the extraction thing. Had to edit some file names to take out spaces.
This time I tried adding an Openvpn connection, instead of the "saved VPN configuration", which is how the other VPN works.

Now I have a VPN connection, but it times out without connecting.

I'm sure there's a thread(s) on here that talks about this, but I can't find it - any ideas?
Try the password trick i mentioned in previous post.

Captain Brillo 06-16-2019 03:36 PM
BigTig: the files I got from PIA absolutely DO NOT WORK as a "saved VPN Configuration"

Where did you get the ones you have that work?

PIA is giving me these files:

Quote:
crl.rsa.2048.pem

ca.rsa.2048.crt

CA-Toronto.ovpn
and nothing else.
Also, I can't figure out what I would use to create an Openvpn connection, like the box wants me to.

Got any more ideas?

BigTig 06-16-2019 05:20 PM
I downloaded a zip file called openvpn.zip from PIA (https://www.privateinternetaccess.co...pn/openvpn.zip)

Do you have NetworkManager-openvpn installed from slackbuilds? The easiest thing would be to use nm-applet:
Right click on applet, click edit connections, press the "+" sign, "Import a saved VPN Connection"NetworkManager-openvpn

HTH!

bassmadrigal 06-19-2019 08:18 PM
Once I get home from work, I can document my openvpn usage with PIA. I don't use NetworkManager, but for those that do, BigTig's recommendation of NetworkManager-openvpn would be the easiest route to go.

bassmadrigal 06-19-2019 09:14 PM
My /etc/openvpn/openvpn.conf contains the following:

Code:
client
dev tun
proto udp
remote ca-vancouver.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/openvpn/login.txt
auth-nocache
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
script-security 2
route-noexec
mssfix 1430

up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
The up/down portion are to make it so only a certain user will run on the vpn while everything else runs over the regular internet. I saved the certificates (the .crt and .pem files) provided by PIA in the /etc/openvpn directory and reference them in this conf file. My username/password are stored in a plaintext file (readable only by root) with the username and password each on their own line.

BrianW 06-19-2019 10:38 PM
Been awhile since I used PIA; dropped them after routing issues occurred a year or so ago and my subscription was up. The script (it was never finalized) should set it up completely.

VPN is started with similar format function:
/usr/sbin/openvpn --daemon --config /etc/openvpn/PIA/piavpn.ovpn

Code:
#!/bin/bash# This script will install/configure the necessary OpenVPN configuration
# files for Private Internet Access.

# OpenVPN configuration directory
dVPN="/etc/openvpn"

# The directory where we'll download and store all the PIA configs
dPIA="$dVPN/PIA"

# The directory where the unedited *.ovpn configuration files from PIA are stored
dOVPN="$dPIA/servers"

# The final configuration & keys file full path & name
cOVPN="$dPIA/piavpn.ovpn"
cKEYS="$dPIA/login.info"

root_check() {
  # Continue with the script only if we are root.
  if [[ $EUID != 0 ]]; then
    echo "[ ABORT ]: This script will only run as root."
    echo ""
    exit 1
  fi
  return 0
}

pia_install() {
  # Install the necessary files and configure our first server for PIA
  echo "Installing the necessary OpenVPN configuration files for PIA."
  echo ""

  # Make sure we don't have an existing directory with data
  if [ -d $dPIA ]; then
    if [ "$(ls -A $dPIA)" ]; then
      echo "[ ABORT ]: '$dPIA' directory already exists!"
      echo "[ ABORT ]: This script requires an empty directory."
      echo ""
      exit 1
    fi
  else
    echo "Creating '$dPIA' directory."
    echo ""
    /usr/bin/mkdir -p $dPIA
  fi

  # Download the PIA OpenVPN configuration files and extract them.
  echo "Downloading the PIA OpenVPN configuration files."
  echo ""
  /usr/bin/wget -P $dPIA https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip

  # Extract the contents of the zip file
  echo "Extracting the *.ovpn files to '$dOVPN'"
  echo ""
  /usr/bin/mkdir $dOVPN
  /usr/bin/unzip "$dPIA/openvpn-strong.zip" -d $dOVPN

  # Move the certificates to the parent directory
  /usr/bin/mv $dOVPN/ca.rsa.4096.crt $dPIA
  /usr/bin/mv $dOVPN/crl.rsa.4096.pem $dPIA

  return 0
}

pia_configure() {
  # Configure the PIA server file
  # First make sure it looks like we have what we need
  if [ ! -d $dPIA ]; then
    echo "[ ABORT ]: PIA config directory not found, run with 'install' option!"
    echo ""
    exit 1
  else
    if [ ! "$(ls -A $dPIA)" ]; then
      echo "[ ABORT ]: PIA config directory empty, run with 'install' option!"
      echo ""
      exit 1
    fi
    if [ ! -e $dPIA/ca.rsa.4096.crt ]; then
      echo "[ ABORT ]: PIA config directory empty, run with 'install' option!"
      echo ""
      exit 1
    fi
  fi
  echo "Configuring the OpenVPN system for PIA."
  echo ""

  # Delete any config file if we have one available
  if [ -e $cOVPN ]; then
    /usr/bin/rm $cOVPN
  fi


  # Require a valid server configuration file to be selected
  while true; do
    /usr/bin/clear
    /usr/bin/ls $dOVPN
    IFS= read -r -p "Please enter the server you wish to use: " SERVER

    # Check the server is a valid entry
    if [ -e "$dOVPN/$SERVER" ]; then
      /usr/bin/cp "$dOVPN/$SERVER" $cOVPN
      break
    fi
  done

  # Clear the screen and start fresh again
  /usr/bin/clear

  if [ ! -e $cOVPN ]; then
    echo "[ ABORT ]: Something is wrong we have no config file!"
    echo ""
    exit 1
  fi

  # Manage the key file
  if [ -e $cKEYS ]; then
    # If we have a key file, ask if it should be updated.
    IFS= read -r -p "Do you want to update your key file? Y/[N]  " CHOICE
    if [ $CHOICE == "Y" ]; then
      pia_keys
    fi
  else
    # No key file, create one
    pia_keys
  fi

  # Add the login.info to the config file
  /usr/bin/sed -i "s|auth-user-pass|auth-user-pass $cKEYS|g" $cOVPN

# Update the certificates location to full path
  /usr/bin/sed -i "s|crl-verify crl.rsa.4096.pem|crl-verify $dPIA/crl.rsa.4096.pem|g" $cOVPN
  /usr/bin/sed -i "s|ca ca.rsa.4096.crt|ca $dPIA/ca.rsa.4096.crt|g" $cOVPN

  # Finished, clear the screen
  /usr/bin/clear
  echo "Finished..."
}

pia_keys() {
  # Delete any old file
  /usr/bin/rm $cKEYS

  # Create the key file from user input
  /usr/bin/clear
  IFS= read -r -p "Enter your PIA username: " UNAME
  IFS= read -r -p "Enter your PIA password: " PWORD
  echo $UNAME > $cKEYS
  echo $PWORD >> $cKEYS

  # Set the permissions to lock the file down
  /usr/bin/chmod 400 $cKEYS

  return 0
}


main() {
  case "$1" in
  'install')
    pia_install
    ;;
  'configure')
    pia_configure
    ;;
  *)
    echo "usage $0 install|configure"
  esac
}

root_check "$@"
main "$@"


All times are GMT -5. The time now is 08:11 AM.