OpenVPN Vs. PIA Applicaton Setup

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
CondorCluster

OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

I'm running LM17.3 XFCE (64bit) currently, with the PIA VPN program installed. I also have the PIA app on my Android phone from the PlayStore

Everything is working as it should do, however I have been considering moving away from the closed-source PIA programs, and trying the open-source OpenVPN programs instead.

I have looked a bit online in what is involved, but it appears to be command line executed, rather than PIA's nice GUI program. It also appears setting a killswitch is a pain too.

Is there a way to replicate what the official PIA program does, but using OpenVPN and a GUI interface rather than command line operation?

Thanks,
CC
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
greerd
Level 6
Level 6
Posts: 1060
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: OpenVPN Vs. PIA Applicaton Setup

Post by greerd »

Hi CondorCluster,

Yes you can use Network Manager to manually setup a vpn tunnel to pia servers, but be aware that when using this method Network Manager does not try to reconnect if the vpn server disconnects for even a short duration. Also if you setup a Network Lock/Kill Switch using the firewall, you will lose internet access during a vpn outage, which you should, but you would have to manually re-initiate the vpn connection before the internet comes back. So not the best solution for a server or a desktop the needs unattended internet access. (although I guess you could write a script to automate this)

If your still game to continue, the first thing to do is

Code: Select all

sudo apt install network-manager-openvpn-gnome
which will pull in some dependencies including network-manager-openvpn.

Then you need to get the .ovpn file from pia for your desired location, I'm at work and don't have access to pia so you'll have to search around the pia forums for the how to.

Also could you post the output of (from a terminal) (including any comments if the file)

Code: Select all

cat /etc/resolv.conf
I'll continue if/when I hear back from you and I'm home from work.
CondorCluster

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

Hi greerd,

Thanks for the offer to assist, but looking further into what is required, it seems kinda long winded. Especially as everything is working correctly now.

It was more a US company trust/closed-source issue that got me looking to moving to an OpenVPN solution, but underestimated the steps involved!
User avatar
greerd
Level 6
Level 6
Posts: 1060
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: OpenVPN Vs. PIA Applicaton Setup

Post by greerd »

Yes the pia app works pretty darn good and there is still the trust issue whether you use the app, openvpn or network-manager-openvpn, they all connect to pia's vpn servers where they are unencrypted before sent out into the wild. Although if you use https (ssl) for your browser connections, you're double encrypted so any vpn server would only be able to see the encrypted https stream and where its going, not the contents.

My understanding is the the pia app uses an older modified version of openvpn anyway so you either trust pia or you don't.

Cheers
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

greerd wrote:Yes the pia app works pretty darn good and there is still the trust issue whether you use the app, openvpn or network-manager-openvpn, they all connect to pia's vpn servers where they are unencrypted before sent out into the wild. Although if you use https (ssl) for your browser connections, you're double encrypted so any vpn server would only be able to see the encrypted https stream and where its going, not the contents.

My understanding is the the pia app uses an older modified version of openvpn anyway so you either trust pia or you don't.

Cheers
Correct and if you go into the directory where the pia and gui resides, you will notice two openvpn files.

modified? likely.
CondorCluster

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

I think when my annual PIA subscription runs out, I'll move to a non-US VPN like ProtonVPN or NordVPN.

That might be when I would migrate to OpenVPN software, although I think ProtonVPN also has it's own software for Linux/Android.

Maybe in the future the OpenVPN developers will make the client more feature/user friendly like the PIA software.
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

One very good item with PIA is that there seems to be no leaking. ( I check on every new connection )

Others claim to have no leakage but at least 50% of them fail the DNS leak test. ( some often, others not so much )
CondorCluster

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

Is that down to PIA's servers, or their client software?
CondorCluster

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

Okay, so I installed OpenVPN on my 17.3 Mint laptop, and OpenVPN for Android on my KitKat phone. Both appear to connect to the PIA servers correctly.

As for a kill switch, I ticked the Persistant Tun option, and Unlimited retries in the OpenVPN Android app. For the linux version, I set up some firewall scripts as mentioned here: https://thetinhat.com/tutorials/misc/li ... ewall.html

Could someone please help me in uninstalling the linux PIA app. I installed it from https://helpdesk.privateinternetaccess. ... p-on-Linux, but there are no instructions on how to uninstall, and my linux knowledge isn't great.

Thanks,
CC

Edit, ignore. I found the guide on their forums https://helpdesk.privateinternetaccess. ... -on-Linux-
radiobeard

Re: OpenVPN Vs. PIA Applicaton Setup

Post by radiobeard »

Apologies if I'm in the wrong subject area. I was looking into VPNs and tried to set something up with open VPN using Info I got from a ubuntu forum page and it didn't work. Well Firefox wouldn't connect to that site this morning so I could find a remedy this problem so I tried site I've been to a dozen times or others for that matter with no luck so I tried my opera browser and same problem. Went to transfer a file to my cloud service as well and no luck. So how do I go about fixing my mess? BTW, I appreciate all the help everyone provides and LUUUUV Linux Mint. :D
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 »

Hi "radiobeard",

It would be better to start your own post with more specific information, your system's information, and which VPN provider(s), what you have already tried, etc...

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 »

Hi "CondorCluster",

I just read your post and the good replies to it. Here are my thoughts on this as well.

Great choice in choosing PIA (Private Internet Access) as your VPN provider. PIA also uses the openVPN protocols when accessing their VPN servers with or without using their Linux application.

I do not understand why you would not want to use the PIA application, if it has been working so well. Most people only use a few VPN provider's servers, and it is really easy to setup (import) a VPN server in Linux Mint using the Network Manager GUI in system tray panel, especially in Linux Mint 18.x. But, having an automated "Kill Switch" option is really nice for those who only want internet access through the VPN and it's provided by the PIA app, whereas in Linux Mint without using their app, you would have to configure that manually.

"PIA" has a great record of maintaining privacy, so whether you live in the USA where PIA is headquartered or not should not really matter, regardless of some security recommendations that VPN users should always choose a VPN provider that is not in the country they reside in, or even better a world-wide neutral country like Switzerland (ie: "protonVPN" another great VPN provider).

I would recommend that you update the "openVPN" packages to v2.4 or higher using the information in the link below.

Is it possible to install the latest openvpn on 17.3 without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
How to Establish An OpenVPN Connection in Ubuntu
https://timwolverson.wordpress.com/2016 ... inux-mint/

How to Establish An OpenVPN Connection in Ubuntu 14.04 (Linux Mint 17.x)
- note in Linux Mint 18.x, the certificate and key files are automatically generated, yeah!
http://ubuntuhandbook.org/index.php/201 ... untu-1404/
FYI:
killswitch-for-openvpn
https://github.com/renapoliveira/killswitch-for-openvpn


Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
CondorCluster

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster »

Hi phd21,

The official PIA client worked fine, I just wanted to move away from proprietary software to open source. Plus it means in the future if I change VPN providers, I can just change the settings.

I do however lose certain features like MACE and killswitch by using openvpn, however it feels a bit more integrated and less resource hungry than the PIA client

The firewall scripts from the tinhat link above appear to work, is the script you linked just a more advanced one that tries to reconnect or something?

Overall I'm happy with the VPN setup I've got at the moment, speeds are good, and everything looks like it works as it should. Did the dns leak on one of the check websites, showed the PIA server.

Cheers,
CC
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 »

Hi "CondorCluster",
CondorCluster wrote:I do however lose certain features like MACE and killswitch by using openvpn, however it feels a bit more integrated and less resource hungry than the PIA client
FYI: You are still using "openVPN" protocol and client whether or not you are using the PIA client app. Now, you are just using openVPN directly through the Network Manager (NM) without using the PIA client app.
CondorCluster wrote:The firewall scripts from the tinhat link above appear to work, is the script you linked just a more advanced one that tries to reconnect or something?
While researching your post, I came across that other VPN script. Both VPN scripts look like they would work well. I have not tried either one. At this present time, I am not overly concerned that all Internet activity goes through the VPN and if the VPN disconnects that all Internet apps stop until the VPN connection is re-connected. I do use (and want to use) a VPN connection for security and my system tray's Network Manager icon shows me when I am connected to a VPN or not. So if for whatever reason my VPN connection disconnects, I just manually click to reconnect to a VPN server. Some applications that I would only want to go through the VPN network connection have their own settings for which network adapter to use which would be "tun0" when connected to a vpn, and they will not access the Internet when the VPN network adapter "tun0" is not available.
CondorCluster wrote:Overall I'm happy with the VPN setup I've got at the moment, speeds are good, and everything looks like it works as it should. Did the dns leak on one of the check websites, showed the PIA server.
The DNS leaks can be a problem, but fortunately, there are various solutions from simple to not so simple. I always change the local ISP's DNS servers anyway which is simple and works.

Glad to hear that you have everything working for you now.

Cheers ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
czeekaj

Re: OpenVPN Vs. PIA Applicaton Setup

Post by czeekaj »

greerd wrote:Hi CondorCluster,

Yes you can use Network Manager to manually setup a vpn tunnel to pia servers, but be aware that when using this method Network Manager does not try to reconnect if the vpn server disconnects for even a short duration. Also if you setup a Network Lock/Kill Switch using the firewall, you will lose internet access during a vpn outage, which you should, but you would have to manually re-initiate the vpn connection before the internet comes back. So not the best solution for a server or a desktop the needs unattended internet access. (although I guess you could write a script to automate this)
Hey, I am using PIA on mint but now It's giving me trouble like you mentioned. Every 2-20 minutes it will disconnect, than I need to turn my Vpn off and on again to get internet for only a few minutes.. Is odd I can run on other distro's or even windows with a killswitch on and it will stay connected, except windows will disconnect when it's locked or I disable with my firewall. I am unsure how to go about remedy this issue with PIA Vpn Tunnel on Mint. I got the PIA manager from the Software collection for mint. It sets up fine and automatic but it does not stay connected.
I changed my ISP's dns to OpenDNS it doesn't leak to the ISP only my IP address when VPN is off.. So I prefer to use a Vpn to, as OpenDNS seems kinda transparent I might change the DNS to PIAs. If I can get the VPN holding steady on mint or maybe that's why it keeps going down? Although it's okay on my laptop and windows with other OS. It seems like the Gnome network manager is letting connection go like mentioned above by greerd
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

Have you tried another DNS?

Never had PIA drop on me over the years and I tested both methods over different computers.

I never tried or used PIA on auto DNS, allows fixed.
czeekaj

Re: OpenVPN Vs. PIA Applicaton Setup

Post by czeekaj »

I been using Opendns for the whole home network. Is there a way to set just the machines DNS to PIAs ? or would I have to configure it in the router, and route all the traffic through them? Right now OpenDns is really fast they have servers quite close. However, when I do Dnsleak test I will see opendns's servers leaking. I dunno I new to Mint and was having a rough time with the Vpn and networking thus far settings kept changing back, and several times PIA would disconnect as well sometime. Funny tho on my laptop I connect to one of their slowest servers and it doesn't drop me. While using Open vpn PIA and OpenDNS but thier servers are really close in that case same city lol
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

There is a lot of ways to stop DNS leaks, here's a few.

viewtopic.php?f=90&t=260970
User avatar
majpooper
Level 8
Level 8
Posts: 2084
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: OpenVPN Vs. PIA Applicaton Setup

Post by majpooper »

I suppose I do not understand dns leak because there is confusing information and statements that dnscrypt does/does not prevent dns leaks. My impression was that dns leak = your ISP DNS servers unencrypted even if you are using a VPN.

I want to use OpenDNS while preventing dns leaks so I configured Private Tunnel (my VPN - very good BTW) with dnscrypt. This is my results from dnsleak.com
1) when I shut down my dnscrypt and my VPN I see my ISP DNS servers = dns leak ??????
2) when I use my VPN only I see my VPN DNS servers = no dns leak ??????
3) when I use dnscrypt with my VPN I see OpenDNS servers (the DNS servers of my choice) = no dns leak ????
User avatar
Pippin
Level 4
Level 4
Posts: 441
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: OpenVPN Vs. PIA Applicaton Setup

Post by Pippin »

DNS leak is when other applications on the client are not doing DNS requests over the VPN.
It has not so much to do with encrypting DNS requests.

For instance, since Windows 8 and up Microsoft introduced parallel DNS which means DNS requests made by applications are done over all interfaces, the quickest reply would be used.
That broke the --dhcp-option DNS for OpenVPN who then mitigated with --block-outside-dns, basically adding "Windows firewall magic" to prevent DNS going over all interfaces.

1. Yes
2. Correct
3. Correct
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Locked

Return to “Networking”