xyzio

Private Internet Access OpenVPN on Ubuntu at Linode or Digital Ocean

with one comment

Update 9/14: These instructions no longer seem to work at Linode.  Please leave a message in the comments if you see a mistake in my directions.

I’ve written about using Apache to proxy connections over SSH in order to hide sensitive information in public places. For an extra fee you can gain additional anonymity on the internet via companies like Private Internet Access which provides multiple VPN gateways for around $40/year without the risk of hacking or mis-configuration that comes with doing your own setup.  You also get the ability to use VPNs in multiple countries and US locations thus further obfuscating information.

Private Internet Access has instructions on how to set up a VPN on Ubuntu using Network Manager.  However I’m using a server install at Digital Ocean and I don’t feel like installing the desktop just to use Network Manager.  In addition there is setup required to allow you to access the VPS while still routing outgoing data through the VPN.  This should also work at Linode. Here is how to do it:

1) Install open-vpn : apt-get install network-manager-openvpn

2) Download a copy of Private Internet Access’ config files or if their site is down, here.  Unzip the files in a new directory.  The zip file contains everything you need to access their VPN servers without dealing with Ubuntu’s Network Manager.

3) Now you configure your VPS so that any traffic that comes to the VPS is responded to by the VPS.  Otherwise once you start your VPN any attempt to connect to the VPS will be answered through the VPN which is not what the connecting software expects.

Type this at the prompt:
ip rule add from x.x.x.x table 128
ip route add table 128 to y.y.y.y/y dev ethX
ip route add table 128 default via z.z.z.z

Where x.x.x.x is your public IP y.y.y.y/y is the subnet of your public IP address ethX is your public Ethernet interface z.z.z.z is the default gateway To get the x, y, and z use ip route: ip route show. The last three lines of the output will look something like this:

93.115.84.202 via 127.0.0.1 dev eth0
128.0.0.0/1 via 10.155.1.5 dev tun0
127.0.0.0/24 dev eth0 proto kernel scope link src 127.0.0.1

Match the color coded output to the ip commands above.  You need to type these in every time you restart your VPN so it helps to save them in a shell script.

4) Optional: Create a password file.  You can create a password file to supply OpenVPN with your login info If you are lazy and don’t feel like entering a password every time you connect to Private Internet Access.  To do this, make a file that contains your username on the first line, password on the 2nd line, and nothing else.

5) Start OpenVPN using one of the config files from step 2.  Each config file is set up to connect to one of the VPN servers run by Private Internet Access.  You can specify your password file from step 4 using the auth-user-pass argument.  Here is what I use to connect to their Romania server:

openvpn –config Romania.ovpn –auth-user-pass password_file

Finally, check your IP using their ‘Where’s My IP‘ page.

Questions or comments?  Feel free to leave a message using the comments box below.

Sources:
http://openvpn.net/index.php/open-source/documentation/howto.html#client
http://www.cyberciti.biz/faq/how-to-find-out-default-gateway-in-ubuntu/
https://forum.linode.com/viewtopic.php?t=8737
https://www.privateinternetaccess.com/pages/client-support/#ubuntu_openvpn

Advertisements

Written by M Kapoor

June 27, 2013 at 7:25 pm

One Response

Subscribe to comments with RSS.

  1. […] VM on my laptop, they do not work on my non-GUI DigitalOcean VPS. I was able to figure out an alternate way to perform the setup however it took a lot of digging. It would be nice if PIA incorporated instructions for […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: