Open Terminal 1. Check for Updates sudo apt-get update 2. Upgrade any installed software sudo apt-get upgrade -y 3. Install OpenVPN sudo apt-get install openvpn -y 4. Download the Unzip software package sudo apt-get install unzip -y 5. Download the OpenVPN files from PIA as “openvpn.zip” wget https://www.privateinternetaccess.com/openvpn/openvpn.zip 6. Unzip the package to the appropriate folder used by OpenVPN; “/etc/openvpn” sudo unzip openvpn.zip -d /etc/openvpn/ 7. Reboot the entire system. sudo reboot 8. Open File Manager in Root Mode. Go to Start -> Run Type gksudo In Run dialog, Type: pcmanfm 9. Go to "/etc/openvpn" folder 10. Remove spaces from all OPVN file names. 11. Create an empty file in the "/etc/openvpn" folder called "login.conf". 12. Edit the File and enter your username and password in the first and second line, eg. p12434567 P@ssw0rd1234 Then save and close. 13. Secure login file: sudo chmod 400 login.conf 14. Open EVERY OPVN file and modify the following lines: a. add "/etc/openvpn/" in front of ca path b. add "/etc/openvpn/" in front of crl-verify path c. add " /etc/openvpn/login.conf" after auth-user-pass This is an example file contents, eg. Sydney: === client dev tun proto udp remote aus.privateinternetaccess.com 1198 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass /etc/openvpn/login.conf comp-lzo verb 1 reneg-sec 0 crl-verify /etc/openvpn/crl.rsa.2048.pem ca /etc/openvpn/ca.rsa.2048.crt disable-occ === 15. Test VPN: a. Connect VPN sudo openvpn --config /etc/openvpn/AUSydney.ovpn --auth-nocache If it worked, you will see, "Initialization Sequence Completed". To confirm, you can browse to the PIA website and it will show that you are using their VPN. b. Stop VPN CTRL + C 16. Configure Auto-Start on boot a. Edit the file "/etc/default/openvpn": sudo nano /etc/default/openvpn b. Find the following lines and add the name of your VPN WITHOUT .opvn extension. eg. AUSydney #AUTOSTART="all" #AUTOSTART="none" #AUTOSTART="home office" AUTOSTART="autovpn" c. Make it so passwords are not cached in memory... Find the line starting OPTARGS and modify as follows: OPTARGS="--auth-nocache" Note: This is what made AutoStart work: c1. Create Copy of AUSydney.opvn as autovpn.conf c2. Add auth-nocache at the end of the autovpn.conf file. c3. Issue: sudo systemctl enable openvpn@autovpn.service c4. Check: sudo systemctl status openvpn@autovpn.service d. Reboot sudo reboot 17. Test external IP: wget http://ipecho.net/plain -O - -q ; echo Note: Check it is Running: ps -ef | grep openvpn | grep -v grep Note: Kill it sudo pkill openvpn
Below is the original method I had documented…
sudo apt-get update sudo apt-get upgrade sudo apt-get install network-manger-openvpn sudo apt-get install openvpn Run sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip Extract the files from the zip with unzip openvpn.zip Now try and connect to the VPN of your choice ending in ovpn. sudo openvpn --config ./Netherlands.ovpn It’ll ask you for your user and password. Enter these and hopefully you get 'Initialization Sequence Completed’. If not, go over the process before. On the Raspberry Pi you need to press ‘CTRL -c’ to cancel the sequence and take control again. After this you need to change the config to keep your User and Password in it. sudo nano /etc/openvpn/login.conf here you need 2 lines USERNAME- add your credentials PASSWORD- add your credentials e.g p4589098 SrtyuJkh now sudo chmod 400 /etc/openvpn/login.conf And now make a copy of the .ovpn config file and add the login.conf file onto the existing line with auth-user-pass. The * depicts the .opvn file of your choice. sudo cp *.ovpn /etc/openvpn/*.conf so: sudo nano /etc/openvpn/*.conf At the line auth-user-pass add login.conf so it looks exactly like auth-user-pass /etc/openvpn/login.conf Now the important part. Move both the ca.crtfile and the crl.pem file into /etc/openvpn folder. Run another test to make sure your username and password are automatically accepted by running: sudo openvpn *.conf You should get the 'Initialization Sequence Completed’ again and no interaction. Please CTRL -c’ out of it. To make it work on start up we need to change the startup file for openvpn. sudo nano /etc/default/openvpn Look down the file for these lines: Add the name of your VPN WITHOUT .opvn extension. For me its Netherlands #AUTOSTART="all" #AUTOSTART="none" #AUTOSTART="home office” AUTOSTART=“Netherlands” Now reboot your Pi: sudo reboot Then to make sure it’s working find my external IP wget http://ipecho.net/plain -O - -q ; echo
Another user explained later that you don’t have to edit the files…
I am surprised nobody mentioned flags for the openvpn command. It will augment or override what is in the configuration file. It is a lot easier than trying to alter all of the PIA config files. I am able to put all my configs in any directory I want and select any PIA server without altering any config files. I was able to get everything working without the GUI, without changing configs, and without an resolv.conf issues. Here are the configuration steps I took to get it working without using the GUI. If I get time I may write out detailed steps, but for now here is the quick version 1. Create a directory in your home dir. I used ~/vpn (/home/pi/vpn) but you can put it anywhere you like. 2. Extract all of the .ovpn files into that directory 3. Copy or move ca.crt and crl.pem into the directory if you already installed them in /etc/openvpn 4. Create the user.txt in the same directory. It should only have two lines. The first is your PIA username, the second is your PIA password 5. Change user.txt to read only for your user id (chmod 400 user.txt) 6. Make sure openvpn is not already running. You can do this with ps -ef | grep openvpn | grep -v grep If it is running, you need to stop it first. sudo pkill openvpn Several issues listed in this thread happened to me when I forgot to kill openvpn and started a second instance. 7. In the directory you created in step 1, you should see the .opvn files, ca.crt, crl.pem and user.txt In this example, all my files are in /home/pi/vpn . To start the client issue the following command. If you are using a .ovpn file with a space in the name, make sure you put the \ in front of the space as I did below. sudo openvpn --cd /home/pi/vpn --config US\ East.ovpn --auth-user-pass user.txt --keepalive 10 60 --auth-nocache --daemon Hopefully it works for you. I did not have to modify any of the .ovpn files. For almost everything in the config file, there is also a command line switch. Good luck. If there is any interest, I'll post more detailed instructions, but I hope this may help a few of you.