OpenVPN Vs. PIA Applicaton Setup

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Thu Jan 04, 2018 12:58 pm

I'm running LM17.3 XFCE (64bit) currently, with the PIA VPN program installed. I also have the PIA app on my Android phone from the PlayStore

Everything is working as it should do, however I have been considering moving away from the closed-source PIA programs, and trying the open-source OpenVPN programs instead.

I have looked a bit online in what is involved, but it appears to be command line executed, rather than PIA's nice GUI program. It also appears setting a killswitch is a pain too.

Is there a way to replicate what the official PIA program does, but using OpenVPN and a GUI interface rather than command line operation?

Thanks,
CC
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

User avatar
greerd
Level 5
Level 5
Posts: 978
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: OpenVPN Vs. PIA Applicaton Setup

Post by greerd » Thu Jan 04, 2018 2:02 pm

Hi CondorCluster,

Yes you can use Network Manager to manually setup a vpn tunnel to pia servers, but be aware that when using this method Network Manager does not try to reconnect if the vpn server disconnects for even a short duration. Also if you setup a Network Lock/Kill Switch using the firewall, you will lose internet access during a vpn outage, which you should, but you would have to manually re-initiate the vpn connection before the internet comes back. So not the best solution for a server or a desktop the needs unattended internet access. (although I guess you could write a script to automate this)

If your still game to continue, the first thing to do is

Code: Select all

sudo apt install network-manager-openvpn-gnome
which will pull in some dependencies including network-manager-openvpn.

Then you need to get the .ovpn file from pia for your desired location, I'm at work and don't have access to pia so you'll have to search around the pia forums for the how to.

Also could you post the output of (from a terminal) (including any comments if the file)

Code: Select all

cat /etc/resolv.conf
I'll continue if/when I hear back from you and I'm home from work.

User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Thu Jan 04, 2018 3:12 pm

Hi greerd,

Thanks for the offer to assist, but looking further into what is required, it seems kinda long winded. Especially as everything is working correctly now.

It was more a US company trust/closed-source issue that got me looking to moving to an OpenVPN solution, but underestimated the steps involved!
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

User avatar
greerd
Level 5
Level 5
Posts: 978
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: OpenVPN Vs. PIA Applicaton Setup

Post by greerd » Thu Jan 04, 2018 4:02 pm

Yes the pia app works pretty darn good and there is still the trust issue whether you use the app, openvpn or network-manager-openvpn, they all connect to pia's vpn servers where they are unencrypted before sent out into the wild. Although if you use https (ssl) for your browser connections, you're double encrypted so any vpn server would only be able to see the encrypted https stream and where its going, not the contents.

My understanding is the the pia app uses an older modified version of openvpn anyway so you either trust pia or you don't.

Cheers

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev » Thu Jan 04, 2018 4:21 pm

greerd wrote:Yes the pia app works pretty darn good and there is still the trust issue whether you use the app, openvpn or network-manager-openvpn, they all connect to pia's vpn servers where they are unencrypted before sent out into the wild. Although if you use https (ssl) for your browser connections, you're double encrypted so any vpn server would only be able to see the encrypted https stream and where its going, not the contents.

My understanding is the the pia app uses an older modified version of openvpn anyway so you either trust pia or you don't.

Cheers
Correct and if you go into the directory where the pia and gui resides, you will notice two openvpn files.

modified? likely.

User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Thu Jan 04, 2018 4:37 pm

I think when my annual PIA subscription runs out, I'll move to a non-US VPN like ProtonVPN or NordVPN.

That might be when I would migrate to OpenVPN software, although I think ProtonVPN also has it's own software for Linux/Android.

Maybe in the future the OpenVPN developers will make the client more feature/user friendly like the PIA software.
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev » Thu Jan 04, 2018 5:52 pm

One very good item with PIA is that there seems to be no leaking. ( I check on every new connection )

Others claim to have no leakage but at least 50% of them fail the DNS leak test. ( some often, others not so much )

User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Fri Jan 05, 2018 2:44 am

Is that down to PIA's servers, or their client software?
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Sat Jan 06, 2018 8:18 am

Okay, so I installed OpenVPN on my 17.3 Mint laptop, and OpenVPN for Android on my KitKat phone. Both appear to connect to the PIA servers correctly.

As for a kill switch, I ticked the Persistant Tun option, and Unlimited retries in the OpenVPN Android app. For the linux version, I set up some firewall scripts as mentioned here: https://thetinhat.com/tutorials/misc/li ... ewall.html

Could someone please help me in uninstalling the linux PIA app. I installed it from https://helpdesk.privateinternetaccess. ... p-on-Linux, but there are no instructions on how to uninstall, and my linux knowledge isn't great.

Thanks,
CC

Edit, ignore. I found the guide on their forums https://helpdesk.privateinternetaccess. ... -on-Linux-
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

radiobeard
Level 1
Level 1
Posts: 2
Joined: Wed May 10, 2017 3:13 pm

Re: OpenVPN Vs. PIA Applicaton Setup

Post by radiobeard » Mon Jan 08, 2018 1:59 pm

Apologies if I'm in the wrong subject area. I was looking into VPNs and tried to set something up with open VPN using Info I got from a ubuntu forum page and it didn't work. Well Firefox wouldn't connect to that site this morning so I could find a remedy this problem so I tried site I've been to a dozen times or others for that matter with no luck so I tried my opera browser and same problem. Went to transfer a file to my cloud service as well and no luck. So how do I go about fixing my mess? BTW, I appreciate all the help everyone provides and LUUUUV Linux Mint. :D

User avatar
phd21
Level 16
Level 16
Posts: 6758
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 » Mon Jan 08, 2018 2:28 pm

Hi "radiobeard",

It would be better to start your own post with more specific information, your system's information, and which VPN provider(s), what you have already tried, etc...

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
phd21
Level 16
Level 16
Posts: 6758
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 » Mon Jan 08, 2018 2:46 pm

Hi "CondorCluster",

I just read your post and the good replies to it. Here are my thoughts on this as well.

Great choice in choosing PIA (Private Internet Access) as your VPN provider. PIA also uses the openVPN protocols when accessing their VPN servers with or without using their Linux application.

I do not understand why you would not want to use the PIA application, if it has been working so well. Most people only use a few VPN provider's servers, and it is really easy to setup (import) a VPN server in Linux Mint using the Network Manager GUI in system tray panel, especially in Linux Mint 18.x. But, having an automated "Kill Switch" option is really nice for those who only want internet access through the VPN and it's provided by the PIA app, whereas in Linux Mint without using their app, you would have to configure that manually.

"PIA" has a great record of maintaining privacy, so whether you live in the USA where PIA is headquartered or not should not really matter, regardless of some security recommendations that VPN users should always choose a VPN provider that is not in the country they reside in, or even better a world-wide neutral country like Switzerland (ie: "protonVPN" another great VPN provider).

I would recommend that you update the "openVPN" packages to v2.4 or higher using the information in the link below.

Is it possible to install the latest openvpn on 17.3 without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
How to Establish An OpenVPN Connection in Ubuntu
https://timwolverson.wordpress.com/2016 ... inux-mint/

How to Establish An OpenVPN Connection in Ubuntu 14.04 (Linux Mint 17.x)
- note in Linux Mint 18.x, the certificate and key files are automatically generated, yeah!
http://ubuntuhandbook.org/index.php/201 ... untu-1404/
FYI:
killswitch-for-openvpn
https://github.com/renapoliveira/killswitch-for-openvpn


Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
CondorCluster
Level 2
Level 2
Posts: 95
Joined: Thu Feb 28, 2013 5:36 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by CondorCluster » Tue Jan 09, 2018 2:53 am

Hi phd21,

The official PIA client worked fine, I just wanted to move away from proprietary software to open source. Plus it means in the future if I change VPN providers, I can just change the settings.

I do however lose certain features like MACE and killswitch by using openvpn, however it feels a bit more integrated and less resource hungry than the PIA client

The firewall scripts from the tinhat link above appear to work, is the script you linked just a more advanced one that tries to reconnect or something?

Overall I'm happy with the VPN setup I've got at the moment, speeds are good, and everything looks like it works as it should. Did the dns leak on one of the check websites, showed the PIA server.

Cheers,
CC
Linux Mint 17.3 XFCE 64bit
Lenovo Thinkpad T420

User avatar
phd21
Level 16
Level 16
Posts: 6758
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN Vs. PIA Applicaton Setup

Post by phd21 » Tue Jan 09, 2018 11:55 am

Hi "CondorCluster",
CondorCluster wrote:I do however lose certain features like MACE and killswitch by using openvpn, however it feels a bit more integrated and less resource hungry than the PIA client
FYI: You are still using "openVPN" protocol and client whether or not you are using the PIA client app. Now, you are just using openVPN directly through the Network Manager (NM) without using the PIA client app.
CondorCluster wrote:The firewall scripts from the tinhat link above appear to work, is the script you linked just a more advanced one that tries to reconnect or something?
While researching your post, I came across that other VPN script. Both VPN scripts look like they would work well. I have not tried either one. At this present time, I am not overly concerned that all Internet activity goes through the VPN and if the VPN disconnects that all Internet apps stop until the VPN connection is re-connected. I do use (and want to use) a VPN connection for security and my system tray's Network Manager icon shows me when I am connected to a VPN or not. So if for whatever reason my VPN connection disconnects, I just manually click to reconnect to a VPN server. Some applications that I would only want to go through the VPN network connection have their own settings for which network adapter to use which would be "tun0" when connected to a vpn, and they will not access the Internet when the VPN network adapter "tun0" is not available.
CondorCluster wrote:Overall I'm happy with the VPN setup I've got at the moment, speeds are good, and everything looks like it works as it should. Did the dns leak on one of the check websites, showed the PIA server.
The DNS leaks can be a problem, but fortunately, there are various solutions from simple to not so simple. I always change the local ISP's DNS servers anyway which is simple and works.

Glad to hear that you have everything working for you now.

Cheers ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

czeekaj
Level 1
Level 1
Posts: 20
Joined: Thu Jan 11, 2018 6:48 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by czeekaj » Mon Jan 15, 2018 12:43 am

greerd wrote:Hi CondorCluster,

Yes you can use Network Manager to manually setup a vpn tunnel to pia servers, but be aware that when using this method Network Manager does not try to reconnect if the vpn server disconnects for even a short duration. Also if you setup a Network Lock/Kill Switch using the firewall, you will lose internet access during a vpn outage, which you should, but you would have to manually re-initiate the vpn connection before the internet comes back. So not the best solution for a server or a desktop the needs unattended internet access. (although I guess you could write a script to automate this)
Hey, I am using PIA on mint but now It's giving me trouble like you mentioned. Every 2-20 minutes it will disconnect, than I need to turn my Vpn off and on again to get internet for only a few minutes.. Is odd I can run on other distro's or even windows with a killswitch on and it will stay connected, except windows will disconnect when it's locked or I disable with my firewall. I am unsure how to go about remedy this issue with PIA Vpn Tunnel on Mint. I got the PIA manager from the Software collection for mint. It sets up fine and automatic but it does not stay connected.
I changed my ISP's dns to OpenDNS it doesn't leak to the ISP only my IP address when VPN is off.. So I prefer to use a Vpn to, as OpenDNS seems kinda transparent I might change the DNS to PIAs. If I can get the VPN holding steady on mint or maybe that's why it keeps going down? Although it's okay on my laptop and windows with other OS. It seems like the Gnome network manager is letting connection go like mentioned above by greerd

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev » Mon Jan 15, 2018 1:21 am

Have you tried another DNS?

Never had PIA drop on me over the years and I tested both methods over different computers.

I never tried or used PIA on auto DNS, allows fixed.

czeekaj
Level 1
Level 1
Posts: 20
Joined: Thu Jan 11, 2018 6:48 am

Re: OpenVPN Vs. PIA Applicaton Setup

Post by czeekaj » Mon Jan 15, 2018 2:47 am

I been using Opendns for the whole home network. Is there a way to set just the machines DNS to PIAs ? or would I have to configure it in the router, and route all the traffic through them? Right now OpenDns is really fast they have servers quite close. However, when I do Dnsleak test I will see opendns's servers leaking. I dunno I new to Mint and was having a rough time with the Vpn and networking thus far settings kept changing back, and several times PIA would disconnect as well sometime. Funny tho on my laptop I connect to one of their slowest servers and it doesn't drop me. While using Open vpn PIA and OpenDNS but thier servers are really close in that case same city lol

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev » Mon Jan 15, 2018 8:04 am

There is a lot of ways to stop DNS leaks, here's a few.

viewtopic.php?f=90&t=260970

User avatar
majpooper
Level 5
Level 5
Posts: 605
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: OpenVPN Vs. PIA Applicaton Setup

Post by majpooper » Mon Jan 15, 2018 2:18 pm

I suppose I do not understand dns leak because there is confusing information and statements that dnscrypt does/does not prevent dns leaks. My impression was that dns leak = your ISP DNS servers unencrypted even if you are using a VPN.

I want to use OpenDNS while preventing dns leaks so I configured Private Tunnel (my VPN - very good BTW) with dnscrypt. This is my results from dnsleak.com
1) when I shut down my dnscrypt and my VPN I see my ISP DNS servers = dns leak ??????
2) when I use my VPN only I see my VPN DNS servers = no dns leak ??????
3) when I use dnscrypt with my VPN I see OpenDNS servers (the DNS servers of my choice) = no dns leak ????

Pippin
Level 3
Level 3
Posts: 144
Joined: Wed Dec 13, 2017 11:14 am
Location: NL/DE/TH

Re: OpenVPN Vs. PIA Applicaton Setup

Post by Pippin » Mon Jan 15, 2018 2:35 pm

DNS leak is when other applications on the client are not doing DNS requests over the VPN.
It has not so much to do with encrypting DNS requests.

For instance, since Windows 8 and up Microsoft introduced parallel DNS which means DNS requests made by applications are done over all interfaces, the quickest reply would be used.
That broke the --dhcp-option DNS for OpenVPN who then mitigated with --block-outside-dns, basically adding "Windows firewall magic" to prevent DNS going over all interfaces.

1. Yes
2. Correct
3. Correct
"One good thing about music, when it hits you feel no pain.”
B.M.

Post Reply

Return to “Other networking topics”