OpenVPN Vs. PIA Applicaton Setup

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
User avatar
majpooper
Level 8
Level 8
Posts: 2076
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: OpenVPN Vs. PIA Applicaton Setup

Post by majpooper »

Oh . . . . and when I shut down my VPN and use dnscrypt only - I use OpenDNS servers = no dns leak ???????
User avatar
Pippin
Level 4
Level 4
Posts: 441
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: OpenVPN Vs. PIA Applicaton Setup

Post by Pippin »

When VPN is shutdown then we do not speak about DNS leakage.
From what you write it`s working as intended.

DNS leakage is spoken about only in relation with VPN/when VPN is active.
So, if applications or even only one application, on the host (running VPN client) are/is not doing DNS requests over the VPN tunnel, it`s called DNS leak.

I hope this pic can shed some light on this:
ovpn-flow08.png
Imagine DNS request going directly out eth0 instead of being routed through tun0...they would go straight to WAN exposing the request to for example ISP.
Of course VPN provider sees the request except when using dnscrypt/dns-over-tls or something alike but then the dnscrypt/dns-over-tls server sees it.
In the end it`s all a matter of trust.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

The way I see it, you either trust your Vpn supplier or DNScrypt supplier.

There is VPN providers that people would likely not use as well as DNScrypt providers.

Cisco is one of the big DNScrypt players that a lot of folks trust as myself, but they record everything as Google does as well.

The no name DNS providers say they don't record anything but are there one month and gone the next.

VPN providers like PIA are trusted by many as a lot of others as well. Do they recored everything? ( likely, I don't care what they say )

For the DNScrpt and VPN servers that are here one month and gone the next, wonder what they do with your info? :shock:
corcaigher

Re: OpenVPN Vs. PIA Applicaton Setup

Post by corcaigher »

I made the poor decision of enabling VPN kill switch only to have it permanently disable internet when PIA is not running and connected. Can anyone help me remove this service? I disabled the switch setting in the PIA client, but nothing has changed; if PIA client is not running, there is no internet connection.

In addition, a senior technician at PIA has advised me that Linux Mint users are not supposed to be using their client. He sent instructions to install and enable openVPN settings, but those instructions did not work.

Running on 64bit Rosa, kde Platform Version 4.14.2
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

corcaigher wrote:I made the poor decision of enabling VPN kill switch only to have it permanently disable internet when PIA is not running and connected. Can anyone help me remove this service? I disabled the switch setting in the PIA client, but nothing has changed; if PIA client is not running, there is no internet connection.

In addition, a senior technician at PIA has advised me that Linux Mint users are not supposed to be using their client. He sent instructions to install and enable openVPN settings, but those instructions did not work.

Running on 64bit Rosa, kde Platform Version 4.14.2
If you are trying to use Openvpn to connect, you need to change to lines in their .opvn file.

The text below is the "CA Montreal.opvn" file modified.

Code: Select all

client
dev tun
proto udp
remote ca.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
auth SHA1
tls-client
remote-cert-tls server
auth-user-pass pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-oc
Note: lines 9 and 10 have been changed from
cipher aes-128-cbc to cipher AES-128-CBC
auth sha1 to auth SHA1

You can make the changes to your opvn files your self or copy and paste the above.
corcaigher

Re: OpenVPN Vs. PIA Applicaton Setup

Post by corcaigher »

I have no access to the internet when the PIA client is disabled or removed. In order to even read any responses posted to my request for assistance, the PIA client must be installed, active and running. The PIA client is constantly disconnecting my computer from their vpn servers leaving me with no internet access. When the client is disconnected I am reconnected to my network-manager default access point but without access to the internet. Something happened to my system when I turned the kill switch in the PIA client to the on position. That was when this happened. Turning off the kill switch had no effect. Whatever changes the PIA client made have remained a permanent setting to my network setup. I am not using a firewall. Somewhere there are settings which need to be corrected or removed before I can even consider installing openVPN.
sammiev

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sammiev »

corcaigher wrote:I have no access to the internet when the PIA client is disabled or removed. In order to even read any responses posted to my request for assistance, the PIA client must be installed, active and running. The PIA client is constantly disconnecting my computer from their vpn servers leaving me with no internet access. When the client is disconnected I am reconnected to my network-manager default access point but without access to the internet. Something happened to my system when I turned the kill switch in the PIA client to the on position. That was when this happened. Turning off the kill switch had no effect. Whatever changes the PIA client made have remained a permanent setting to my network setup. I am not using a firewall. Somewhere there are settings which need to be corrected or removed before I can even consider installing openVPN.
I setup my test laptop much the same as you did and closed the lid. When lid was open I had no Internet connection no matter what was done. ( like you )
Rebooted computer and everything was back to normal.
Tried for hours to see if I could get myself into the same boat as you without any luck. :(
Hopefully someone else can add to this thread.
corcaigher

Re: OpenVPN Vs. PIA Applicaton Setup

Post by corcaigher »

I did a complete shutdown and restart. Still must have the PIA client running for internet access. PIA tech support is not responding at all.
corcaigher

Re: OpenVPN Vs. PIA Applicaton Setup [Solved]

Post by corcaigher »

Here is the solution from PIA which worked for my situation. In a terminal I was instructed to enter the following:

apt-get remove --purge resolvconf && apt-get install resolvconf

apt-get update --fix-missing


...obviously, these commands need to be run with root privileges, so be sure to type sudo before each command then supply the administrator password. I had some security keys which were out of date, but the steps to correct this are presented to you in the terminal session. Simply follow the instructions and make the appropriate entries. After correcting the security keys and completing the PIA commands I rebooted my PC and internet access was once again available without the PIA client running.

I was also informed that the next update to the PIA client will address this problem and Linux Mint will once again be supported along with Ubuntu.
sreeslinux

Re: OpenVPN Vs. PIA Applicaton Setup

Post by sreeslinux »

I use PIA on Ubuntu running Kodi. I managed to get scripts to start and stop the PIA app. I then run the scripts via two Kodi add-ons. They are very crude but do the job.

1. Start VPN
#!/bin/bash
killall pia_nw;
/opt/pia/run.sh;
kodi-send --action="Notification(Private Internet Access, Connecting...)"

2. Stop VPN
#!/bin/bash
sudo ifconfig tun0 down;
killall pia_nw
kodi-send --action="Notification(Private Internet Access, Disconnected)"

I added
"username" ALL=(ALL) NOPASSWD: /sbin/ifconfig tun0 down
to the sudoers file using the command sudo visudo
this is required so that Kodi can execute the command without needing to input the password
Locked

Return to “Networking”