Connect to Private Internet Access (PIA) VPN with OpenVPN on Ubuntu (2023)

Connect to Private Internet Access (PIA) VPN with OpenVPN on Ubuntu (1)

This post covers using OpenVPN on Ubuntu 16.04 to connect to a Private Internet Access (PIA) VPN server. PIA has configuration files ready to useherewhich we will use as the base for our configuration file. I will go through each option so you understand any potential issues you may be facing. The first thing we have to do is install OpenVPN to be able to run it

sudo apt-get install openvpn

Once we have it installed, we must download the certificate that we will use to connect to the PIA servers. Download the above mentioned zip file to the openvpn directory with cd /etc/openvpn and then download the zip file with

(Video) Installing Private Internet Access [PIA] VPN on Linux

sudo wget

Once we have the ZIP file, we can unzip it into a separate folder to keep the main directory clean. We probably need to install the unzip utility, so run sudo apt-get install unzip. Now we unzip the downloaded file in a new PIA directory

sudo unzip -d PIA

All together we get:

sudo apt-get install openvpncd /etc/openvpnsudo wget apt-get install unzipsudo unzip -d PIA

Since we are creating our own configuration file for OpenVPN, we only need the peer certification file for connecting to VPN servers ca.rsa.2048.crt and the certification revocation list file crl.rsa from the ZIP archive. 2048.pem. The CRL is used to list all the certificate keys that cannot connect to the PIA servers. We can move these files to the main OpenVPN directory

sudo mv /etc/openvpn/PIA/ca.rsa.2048.crt /etc/openvpn/ca.rsa.2048.crtsudo mv /etc/openvpn/PIA/crl.rsa.2048.pem /etc/openvpn/crl.rsa.2048.pem

Now that we have the keys, let's create the configuration file that OpenVPN will use to connect to the PIA servers. We create an empty file with

(Video) How to install Private Internet Access (VPN) on Linux

sudo touch /etc/openvpn/pia.conf.

We also need to create a separate file for the username and password.

sudo touch /etc/openvpn/creds.conf

Before we get to the actual configuration, let's recap the commands:

sudo mv /etc/openvpn/PIA/ca.rsa.2048.crt /etc/openvpn/ca.rsa.2048.crtsudo mv /etc/openvpn/PIA/crl.rsa.2048.pem /etc/openvpn/crl.rsa.2048.pemsudo touch /etc/openvpn/pia.confsudo touch /etc/openvpn/creds.conf

The full setup we will go through is:

Clientdevelopers doremote 1198 udpremote 502 tcpResolution-infinite retrydo not tiepersistent keypersist-tunChiffre aes-128-cbcsha1 authenticationcrl-check /etc/openvpn/crl.rsa.2048.pemca /etc/openvpn/ca.rsa.2048.crtremote-tls-cert-serverauth-user-pass /etc/openvpn/creds.confauto-nocachecomp-lzoverb 1reg-seg 0Disable occupancy

The first option passed to OpenVPN is client, which is a shortcut for using the pull and tls-client options. The pull option is used on a client to allow a server to which many clients connect (or a multi-tenant server) to send routes to the client. This forces all queries to go through the PIA servers. The tls-client option enables TLS (often referred to as SSL) encryption. The next OpenVPN option is dev, which can be set to TUN or TAP. We put TUN here, which allows for lower traffic overhead, but can only be used on IP-based traffic and cannot create Ethernet bridges. TAP, on the other hand, is more compatible with a variety of network protocols because it behaves like a real network adapter (like a virtual adapter). It can also be used to bridge Ethernet adapters, but all of this comes at the cost of more overhead, as it adds data to each data packet sent. 99% of the time you will need TUN unless you are trying to connect to PIA with a variety of devices like printers, network drives, etc. The next option for OpenVPN is Remote, of which we will have two copies, one for UDP, which is less expensive but has no troubleshooting, and an option for TCP to use in your browser. We indicate the host name of the PIA server to which we want to connect, the port used for this type of connection and the network protocol used (UDP or TCP). Using two remote options allows for a fallback option if the first one fails. I used US East as my VPN server, but you have to choose from the listherethat best suits your needs.

(Video) Connect To Private Internet Access with OpenVPN

Clientdevelopers doremote 1198 udpremote 502 tcp

The next option is resolv-retry, which we set to infinity. This means that we want to keep trying to reconnect forever. This can be set to a number, say 5, which OpenVPN will then only try to reconnect with 5 times before failing. The nobind option tells OpenVPN not to use the local IP address and port. This is used with the remote option so that the PIA servers can assign these values ​​dynamically themselves. The next two, persist-key and persist-tun tell OpenVPN not to reopen/reload on OpenVPN reboots. This allows reboots via the SIGUSR1 signal without reloading the keys and the tun connection. SIGUSR1 (and SIGUSR2) are user-defined signals that you can use for your own scripts. These are optional but nice to have when you want to automate reconnection.

Resolution-infinite retrydo not tiepersistent keypersist-tun

The following options are security specific. The Encryption option specifies the encryption algorithm to use. PIA uses aes-128-cbc, but if you want to see a list of supported algorithms, run openvpn --show-ciphers. The auth option defines the message digest algorithm, which is almost always SHA-1. The next two options use the two files we copied. The crl-verify option is used to certify the certificate revocation list. The value of this is where the CRL is located, ie crl-verify /etc/openvpn/crl.rsa.2048.pem. The same applies to the ca option, which specifies the certification used: ca /etc/openvpn/ca.rsa.2048.crt. The remote certificate option is a shortcut option and is equivalent to -remote-cert-ku a0 88 -remote-cert-eku "TLS web client authentication". The remote-cert-ku option requires that a peer certificate be specially signed with a key. This is encoded in hexadecimal (the part ao 88). The remote-cert-eku option requires the same peer certificate to be signed with an extended key. This is encoded in OpenSSL symbolic representation. This ensures proper TLS authentication with the PIA servers.

Chiffre aes-128-cbcsha1 authenticationcrl-check /etc/openvpn/crl.rsa.2048.pemca /etc/openvpn/ca.rsa.2048.crtremote-tls-cert-server

I want to go through the auth-user-pass option on its own, as we'll be using the /etc/openvpn/creds.conf file we created here. This file has two lines, the username and the password. It is important to remember that this text file must be in UNIX format and not DOS. If you're creating and editing the file on Linux, that's fine, but if you're using Windows and SFTP, you should probably convert it to Unix format. If you don't convert it, you may get errors about badly formatted auth file. Open the creds.conf file we created with sudo nano /etc/openvpn/creds.conf. In the file we have two option values: "YOUR_USERNAME" is your PIA username and "YOUR_PASSWORD" is your PIA password. How to convert the creds.conf file to Unix format if you need to run the command

sudo dos2unix /etc/openvpn/creds.conf.YOUR USERNAMEYOUR PASSWORD

Save this file and since it contains your password in clear text, we'll change the permissions to read-only for the root user. We set the owner to root with

(Video) Set up Private Internet Access OpenVPN on Linux

sudo chown root:root /etc/openvpn/creds.conf

and set to read-only

sudo chmod 0400 /etc/openvpn/creds.conf

Be sure to set this AFTER adding your username and password to the creds.conf file. We now need to reference this file in the main OpenVPN configuration file, and we do this by adding the path to your credentials file to the auth-user-pass option. We also added the auth-nocache option to disallow storing username and password in virtual memory. This is an added security precaution for your PIA credentials.

auth-user-pass /etc/openvpn/creds.confauto-nocache

We're done with the authorization page, so now let's add the comp-lzo option, which enables lzo compression. Ubuntu comes with lzo compression, but if you don't have it you can install it with it

sudo apt-get install liblzo2–2

The Verb option sets the amount of logging you want for OpenVPN operations. This can be set from a low value of 0 to a high value of 11. For debugging, set this value in the range of 6-11. 1-4 is normal running, which I like to set to 1 when everything is working. The associated status option determines where the logs go, and I set this to /etc/openvpn/openvpn.log. Normally, the logs for most programs are moved to the /var/logs/ directory if desired. The reneg-sec option tells OpenVPN to renegotiate the data channel key after n seconds. The default is 3600, but we'll set it to 0 since we'll be using the same key when connecting to the PIA servers. Finally, the disabled-occ option tells OpenVPN not to display warnings when there are inconsistent options between peers. PIA servers can update their server-side options, but it may not affect the connection, so we don't want any bugs in this regard. This is an optional field.

(Video) Set up Private Internet Access VPN on Linux Easily

comp-lzoverb 1Status /etc/openvpn/openvpn.logreg-seg 0Disable occupancy

Once we have all the options configured, we simply run OpenVPN with the --config option and specify the configuration we created. You will see startup information and finally you will see Initialization Sequence Completed and you will be connected to the OpenVPN servers. To be safe, we can open another terminal and type curl and this website will return our public IP address, which should be the PIA server you configured in the remote option.

sudo openvpn — config /etc/openvpn/pia.confcurl

We now want OpenVPN to always connect to the PIA servers when booting in the background. We do this with the init.d configuration. OpenVPN already comes with an init.d script, so we only need to change the configuration files that OpenVPN will use. We only have one conf file /etc/openvpn/pia.conf, so we open the configuration file init.d sudo nano /etc/default/openvpn and create a new line above the #AUTOSTART='all' line with AUTOSTART= ' tweet '. This AUTOSTART variable tells the init.d script to automatically start all conf files for each AUTOSTART you define. It can have more than one AUTOSTART value. We don't need to add the .conf as this is implicit when the script loads our configuration file. The relevant part of the OpenVPN script looks like this:

# Only start these VPNs automatically via the startup script.# Allowed values ​​are "all", "none", or a space-separated list of# VPN names. If empty, "everyone" is assumed.# The VPN name refers to the name of the VPN configuration file.# namely. "home" would be /etc/openvpn/home.conf#AUTOSTART='pia'#AUTOSTART="all"#AUTOSTART="none"#AUTOSTART="home office"

Now you need to run the init.d file and once OpenVPN has started the PIA configuration file, you will see a message: Autostart VPN 'pia'.


How do I connect to PIA with OpenVPN? ›

Upload the OpenVPN configuration file for the router to utilize.
  1. Log in to the router and navigate to VPN > VPN Client : to upload a configuration file.
  2. Click the Add Profile button.
  3. Click the OpenVPN tab.
  4. Input a Description for the connection.
  5. Input your PIA Username.
  6. Input your PIA Password.
  7. Click the Browse button.
Apr 15, 2020

How to connect to VPN using OpenVPN Ubuntu? ›

Open a terminal window on your Ubuntu machine and type in the following command: sudo apt install openvpn . This will install the OpenVPN package on your system. This will open a text editor where you can paste the configuration file (opvn) from your VPN provider.

Does PIA work with OpenVPN? ›

Connecting: When connecting using OpenVPN or PIA we provide you the option to connect over TCP or UDP ports. However, TCP ports are often less restricted than UDP ports, and this can allow for connections on networks like your University or workplace to be more successful (but not guaranteed).

How to setup PIA VPN on Ubuntu? ›

  1. Step 1: Download. If you have not already, download the PIA App installer here. ...
  2. Step 2: Run Installer. ...
  3. Step 3: Terminal. ...
  4. Step 4: Change Directory. ...
  5. Step 5: Run Installer via Command. ...
  6. Step 6: Login. ...
  7. Step 7: Connecting.
May 26, 2022

Does OpenVPN need VPN passthrough? ›

OpenVPN and IKEv2/IPsec don't just offer better and quicker encryption; they also tunnel through the NAT on their own, so your router doesn't need a passthrough at all. All you need for a secure connection is just to connect to a VPN!

How to connect to OpenVPN via terminal? ›

Install the OpenVPN package
  1. Open the terminal window. You can do that by pressing Ctrl+Alt+T keys or navigating to it in your apps menu.
  2. Enter the following command to install all the necessary packages: sudo apt-get install openvpn unzip. You may need to enter your computer password to confirm this process.
Dec 13, 2022

Does Ubuntu have OpenVPN? ›

OpenVPN is a Virtual Private Networking (VPN) solution provided in the Ubuntu Repositories. It is flexible, reliable and secure.

How to configure OpenVPN in Linux? ›

To set up an OpenVPN server, you must:
  1. Create a configuration file.
  2. Set the sysctl value net. ipv4. ...
  3. Set up appropriate ownership for all configuration and authentication files to run the OpenVPN server daemon under a non-root account.
  4. Set OpenVPN to start with the appropriate configuration file.
  5. Configure your firewall.
Aug 28, 2021

How does VPN work with OpenVPN? ›

It routes all of your network traffic through an encrypted tunnel via the VPN. Routing the network traffic disguises your IP address when using the internet, replacing it with the location and an IP address from the VPN server making its location invisible. A VPN connection also secures against external breaches.

Which VPN uses OpenVPN protocol? ›

OpenVPN has been integrated into SoftEther VPN, an open-source multi-protocol VPN server, to allow users to connect to the VPN server from existing OpenVPN clients. OpenVPN is also integrated into Vyos, an open-source routing operating system forked from the Vyatta software router.

What VPN is better than PIA? ›

NordVPN is a far better choice than PIA due to its streaming capabilities and excellent performance. It offers an ultra-fast proprietary NordLynx protocol and unblocks virtually any platform we've tested.

Why is PIA VPN not connecting? ›

If you are unable to connect to PIA on Android, your problem could be caused by one of the following: Battery/storage saving app interfering with PIA connection. App cache issues that need clearing. Buggy app.

Does private Internet access work on Linux? ›

Private Internet Access is one of the very few VPNs that offers a complete graphical client on Linux The graphical user interface (GUI) is similar to the one onour Windows VPN and macOS VPN apps, so you'll have an easy time switching between devices.

What VPN protocol does PIA use? ›

PIA uses WireGuard® and OpenVPN — two of the most popular open-source VPN protocols — as well as IPsec on iOS to offer our customers high levels of transparency and security.

Does PIA have a DNS server? ›

We offer Smart DNS for various devices, including Gaming Consoles and TV boxes. With plenty of locations to choose from across multiple continents, you can get started setting up your Smart DNS by logging into the Client Control Panel within our website and selecting the Smart DNS tab.

How do I use dedicated IP PIA VPN? ›

First, purchase a Private Internet Access VPN subscription (select your plan here). Then, select the Dedicated IP add-on when completing your order at checkout. Once you've activated your PIA account, you can redeem and validate your unique token directly on PIA's dashboard.

How do I enable VPN on Linux? ›

How to set up a VPN on Linux with Network Manager
  1. Download our OpenVPN configuration files.
  2. Update your system and the Network manager.
  3. Import OpenVPN configuration files in the VPN settings.
  4. Connect to the VPN server, which settings you've just imported.
Sep 27, 2022

Is OpenVPN untraceable? ›

No. Although a VPN is an essential cybersecurity tool that will make you more private online, it will never make you 100% anonymous.

Does OpenVPN hide your IP address? ›

No, OpenVPN Cloud does not change, hide, or sell public IP addresses or provide access to the internet by default. Instead, OpenVPN Cloud provides a secure connection between the devices that are connected to OpenVPN Cloud.

Is OpenVPN and OpenVPN connect the same? ›

The OpenVPN GUI, aka. OpenVPN Community Client, is an open source OpenVPN client for Windows. The OpenVPN Connect client, aka. OpenVPN Desktop Client or OpenVPN-AS Client, is a proprietary client distributed with OpenVPN Access Server.

How to connect VPN in Ubuntu terminal? ›

Go step-by-step through following instructions to set up OpenVPN on Ubuntu from command line.
  1. Click on the Menu button and type Terminal in order to open the terminal.
  2. In the terminal, type: sudo apt-get -y install openvpn unzip.
  3. Create a folder and access it from the terminal: mkdir CactusVPN && cd CactusVPN.

Where is the OpenVPN config file Ubuntu? ›

OpenVPN config files are usually located in /etc/openvpn and usually named *. conf . server.

What ports do I forward for OpenVPN? ›

What ports need to be open for OpenVPN? By default the OpenVPN Access Server comes configured with OpenVPN daemons that listen on port 1194 UDP, and OpenVPN daemons that listen on port 443 TCP. While the best connection for an OpenVPN tunnel is via the UDP port, we implement TCP 443 as a fallback method.

What is the best VPN to use with Ubuntu? ›

5 Best VPNs for Ubuntu in 2023
  • NordVPN: Another command-line app for Ubuntu at a budget-friendly price. ...
  • ExpressVPN: Our top recommendation for Ubuntu. ...
  • Surfshark: Well-suited to unblocking content from abroad. ...
  • Atlas VPN: Strong unblocker of content. ...
  • Private Internet Access: Easy-to-use GUI app.
Jan 25, 2023

How do I OpenVPN in Linux terminal? ›

Follow the steps below to configure OpenVPN on Linux devices via CLI :
  1. Login as a root user. ...
  2. Type your root password and press Enter.
  3. Now it is necessary to install the OpenVPN package on your Linux system. ...
  4. Enter the following command to change a directory for FastVPN config files:

Where is OpenVPN password in Ubuntu? ›

1 Answer
  1. In a terminal type seahorse .
  2. Click on the pad lock icon (A window is now shown with the title Enter password to unlock your login keyring)
  3. In the password field type your password.
  4. Click Unlock.
  5. Go to the menu View and select View any.
  6. In the list of passwords click on the entry VPN password secret for ...
Mar 29, 2019

How to use OpenVPN client on Linux? ›

GUI Tools for Connecting to OpenVPN
  1. Open up the network manager applet by clicking on the network icon in the notification area (aka System Tray.)
  2. Click on the Manage Connections button.
  3. Select the VPN tab.
  4. Click the Add button to open up the VPN type drop-down.
  5. Select OpenVPN from the list.
Jun 20, 2011

What is the URL for OpenVPN? ›

https://123.456.78.90/ The IP address is the external IP address of your server. A custom hostname can be set up using the Admin Web UI and a DNS 'A' record.

How do I access OpenVPN Access Server? ›

To access the Client Web UI, use either the IP address or hostname of your Access Server. For example: https://123.456.78.90/

How do I use OpenVPN tunnel? ›

OpenVPN Configuration
  1. Switch from your standard user account to the root user: sudo su - root.
  2. Set OpenVPN to push a gateway configuration, so all clients send internet traffic through it. cat >> /etc/openvpn/server.conf << END # Clients are to use this server as a network gateway. ...
  3. Push DNS resolvers to client devices.
Jan 6, 2023

Why can't I login my PIA VPN? ›

Disconnect the VPN and change the connection type to “TCP“. Change remote port to Auto then click Save and reconnect. If the issue persists, Change the remote port to 443, then Save and reconnect.

How do I add a device to OpenVPN? ›

Steps: Create a device for a user
  1. Access Users and expand the user that you want to edit.
  2. Click plus to add a device.
  3. Enter the device name and description and save your changes.
  4. Click to download the OpenVPN profile and select the VPN region that the user belongs to.
  5. Send the downloaded .

How to connect to OpenVPN in Linux? ›

Follow the steps below to configure OpenVPN on Linux devices via CLI :
  1. Login as a root user. ...
  2. Type your root password and press Enter.
  3. Now it is necessary to install the OpenVPN package on your Linux system. ...
  4. Enter the following command to change a directory for FastVPN config files:

What is the IP address of OpenVPN server? ›

By default, users connecting to your Access Server are assigned IP addresses dynamically, managed by OpenVPN Access Server. This is similar to an internal DHCP system and the default subnet for any new server is set to 172.27. 224.0/20.

How do I setup a site to site VPN with OpenVPN? ›

Go to the Admin UI and go to VPN Settings. In the item titled Should VPN clients have access to private subnets set the selection to Yes, using routing (advanced) and in the large text field just below it specify the subnet of the network where your OpenVPN Access Server is located.

What is the difference between VPN and OpenVPN? ›

OpenVPN is more dependable on the unstable network connections. VPN encryption is 128 bit. VPN encryption is 160-bit and 256-bit. PPTP is not used across the globe.

What is the login code for PIA VPN? ›

Logging with PIA Credentials

Username – a “P” followed by seven digits (ex. p1234567) Password – Which will be randomly generated.

How do I log into private Internet access? ›

How to Use Private Internet Access (PIA): Download + Setup
  1. Step 1: Sign Up for Private Internet Access. ...
  2. Step 2: Download the Software. ...
  3. Step 3: Install the Program Onto Your Device. ...
  4. Step 4: Open the Software and Log Into Your Account. ...
  5. Step 5: Start Browsing Securely with Private Internet Access.
Sep 15, 2021

How do I log into PIA VPN on my computer? ›

Download the Windows VPN app from our website. Run the installer and launch PIA. Then, sign in with your account information, and click connect to start surfing more anonymously. That's it!

How to install OpenVPN client on Ubuntu? ›

Installation for Debian and Ubuntu
  1. Open the Terminal by pressing ctrl + alt + T.
  2. Type the following command into the Terminal: sudo apt install apt-transport-https . ...
  3. Type the following command into the Terminal: sudo apt-key add openvpn-repo-pkg-key. ...
  4. Type the following command into the Terminal: sudo apt update.

Where is the OpenVPN connect config file? ›

OpenVPN keeps configuration files in C:\Program Files\OpenVPN\config. Open this folder with Windows Explorer.


1. Private Internet Access with OpenVPN
(Spatry's Cup of Linux)
2. Set up Private Internet Access OpenVPN on Linux Mint KDE
3. How To Use PIA VPN 2023 🎯 Full Setup Tutorial Guide & Installation Demo
4. Set up Private Internet Access OpenVPN on Debian 7 or Mint 17
6. Install PIA on Linux Server no GUI


Top Articles
Latest Posts
Article information

Author: Kelle Weber

Last Updated: 06/13/2023

Views: 5782

Rating: 4.2 / 5 (53 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Kelle Weber

Birthday: 2000-08-05

Address: 6796 Juan Square, Markfort, MN 58988

Phone: +8215934114615

Job: Hospitality Director

Hobby: tabletop games, Foreign language learning, Leather crafting, Horseback riding, Swimming, Knapping, Handball

Introduction: My name is Kelle Weber, I am a magnificent, enchanting, fair, joyous, light, determined, joyous person who loves writing and wants to share my knowledge and understanding with you.