PIA Openvpn on Linux

PIA Openvpn on Linux

Posted on by Mark

Autoconnect Private Internet Access VPN on Boot Linux

Update Linux repos as always

sudo apt-get update

Install and Configure OpenVPN

Install OpenVPN and unzip

sudo apt-get install openvpn unzip -y

Enter the OpenVPN folder

cd /etc/openvpn

Download the Private Internet Access OpenVPN configuration files (extension .ovpn)

sudo wget --no-check-certificate https://www.privateinternetaccess.com/openvpn/openvpn.zip

Unzip the openvpn configuration files

sudo unzip openvpn.zip

You can list all of the countries you can connect to with this command inside the /etc/openvpn folder

ls -lh *.ovpn

See the long list, you will specify the ovpn file when you connect to Private Internet Access’s VPN servers

-rw-r--r-- 1 root root 238 Nov 25 20:47 AU Melbourne.ovpn
-rw-r--r-- 1 root root 228 Nov 25 20:47 AU Sydney.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Brazil.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 CA North York.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 CA Toronto.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Denmark.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 France.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Germany.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Hong Kong.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 India.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Ireland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Israel.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Italy.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Japan.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Mexico.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Netherlands.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 New Zealand.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Romania.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Russia.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Singapore.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Sweden.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Switzerland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Turkey.ovpn
-rw-r--r-- 1 root root 234 Nov 25 20:47 UK London.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 UK Southampton.ovpn
-rw-r--r-- 1 root root 238 Nov 25 20:47 US California.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US East.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Florida.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Midwest.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 US New York City.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Seattle.ovpn
-rw-r--r-- 1 root root 241 Nov 25 20:47 US Silicon Valley.ovpn
-rw-r--r-- 1 root root 233 Nov 25 20:47 US Texas.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US West.ovpn

Create a login details text file so you can log on to the PIA VPN automatically

sudo nano /etc/openvpn/login.txt

Input your username and password, replace username with your actual username and password with your actual VPN password in this format

username
password

Ctrl+X, Y and Enter to Save and Exit

Change the permission of the login.txt file so it is only owned by root which will solve this error WARNING: file '/etc/openvpn/login.txt' is group or others accessible

sudo chmod 700 /etc/openvpn/login.txt

Fix DNS issues by using the Google DNS servers

echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolv.conf

Make the DNS changes permanent. This sets the resolv.conf file to immutable (i.e. unchangeable)

sudo chattr +i /etc/resolv.conf

Test the PIA VPN is working, here I’m using Sweden but you can choose any country from the list generated before

cd /etc/openvpn
sudo openvpn --config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt

If you see success like below, your VPN public IP address is highlighted in red, let’s verify that’s what we get then start a new SSH session

Wed May 4 08:42:37 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Wed May 4 08:42:37 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Wed May 4 08:42:37 2016 UDPv4 link local: [undef]
Wed May 4 08:42:37 2016 UDPv4 link remote: [AF_INET]185.3.135.34:1194
Wed May 4 08:42:37 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 4 08:42:37 2016 [Private Internet Access] Peer Connection Initiated with [AF_INET]185.3.135.34:1194
Wed May 4 08:42:40 2016 TUN/TAP device tun0 opened
Wed May 4 08:42:40 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 4 08:42:40 2016 /sbin/ip link set dev tun0 up mtu 1500
Wed May 4 08:42:40 2016 /sbin/ip addr add dev tun0 local 10.177.1.6 peer 10.177.1.5
Wed May 4 08:42:40 2016 Initialization Sequence Completed

Start a new SSH session and check the IP address you are getting

wget http://ipinfo.io/ip -qO -

It should match the UDPv4 link remote address shown in the previous command. You should see something different than your regular IP address found on whatsmyip.org or on your wireless router from your ISP.

185.3.135.34

It matches so we’re all good, now it’s time to autoconnect to Private Internet Access on boot.

First you should use Ctrl+C in the SSH session showing the Private Internet Access VPN is connected to disconnect from the VPN.

Autoconnect PIA VPN on Boot

Create the OpenVPN autoconnect init.d startup script file

sudo nano /etc/init.d/openvpnauto

Paste this OpenVPN autoconnect startup script, if you do not want to use Sweden.ovpn then replace it in the DAEMON_OPTS line

#!/bin/sh
### BEGIN INIT INFO
# Provides:          OpenVPN Autoconnect
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: OpenVPN Autoconnect
# Description:       OpenVPN Autoconnect
### END INIT INFO


# Documentation available at
# http://refspecs.linuxfoundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptfunc.html
# Debian provides some extra functions though
. /lib/lsb/init-functions


DAEMON_NAME="openvpnauto"
DAEMON_USER=root
DAEMON_PATH="/usr/sbin/openvpn"
DAEMON_OPTS="--config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt"
DAEMON_PWD="/etc/openvpn"
DAEMON_DESC=$(get_lsb_header_val $0 "Short-Description")
DAEMON_PID="/var/run/${DAEMON_NAME}.pid"
DAEMON_NICE=0
DAEMON_LOG='/var/log/openvpnauto.log'

[ -r "/etc/default/${DAEMON_NAME}" ] && . "/etc/default/${DAEMON_NAME}"

do_start() {
  local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -eq 0 ]; then
        log_warning_msg "${DAEMON_NAME} is already started"
        result=0
    else
        log_daemon_msg "Starting ${DAEMON_DESC}" "${DAEMON_NAME}"
        touch "${DAEMON_LOG}"
        chown $DAEMON_USER "${DAEMON_LOG}"
        chmod u+rw "${DAEMON_LOG}"
        if [ -z "${DAEMON_USER}" ]; then
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        else
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --chuid "${DAEMON_USER}" \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        fi
        log_end_msg $result
    fi
    return $result
}

do_stop() {
    local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -ne 0 ]; then
        log_warning_msg "${DAEMON_NAME} is not started"
        result=0
    else
        log_daemon_msg "Stopping ${DAEMON_DESC}" "${DAEMON_NAME}"
        killproc -p "${DAEMON_PID}" "${DAEMON_PATH}"
        result=$?
        log_end_msg $result
        rm "${DAEMON_PID}"
    fi
    return $result
}

do_restart() {
    local result
    do_stop
    result=$?
    if [ $result = 0 ]; then
        do_start
        result=$?
    fi
    return $result
}

do_status() {
    local result
    status_of_proc -p "${DAEMON_PID}" "${DAEMON_PATH}" "${DAEMON_NAME}"
    result=$?
    return $result
}

do_usage() {
    echo $"Usage: $0 {start | stop | restart | status}"
    exit 1
}

case "$1" in
start)   do_start;   exit $? ;;
stop)    do_stop;    exit $? ;;
restart) do_restart; exit $? ;;
status)  do_status;  exit $? ;;
*)       do_usage;   exit  1 ;;
esac

Ctrl+X, Y and Enter to Save

Enable the OpenVPN PIA Autoconnect script

sudo chmod +x /etc/init.d/openvpnauto
sudo update-rc.d openvpnauto defaults 98

Now you can connect to PIA’s VPN automatically by running

sudo service openvpnauto start

You can retest your IP to verify it’s not your ISP’s IP address

wget http://ipinfo.io/ip -qO -

If it is not your regular IP shown on whatsmyip.org then you can reboot and test your IP address again

sudo reboot

Test your IP again and compare it to whatsmyip.org’s result

wget http://ipinfo.io/ip -qO -

Now you’ve set up installing and autoconnecting to Private Internet Access VPN on Linux on boot

MS-01 Microcode Patch

MS-01 Microcode Patch

Posted on by Mark

Microcode Install Instructions:
1) Install Proxmox 8.1
2) Add non-free-firmware to debian repo in sources.list
– Edit the /etc/apt/sources.list file. Add non-free-firmware to the 1st line so it looks like this—
– deb Index of /debian bookworm main contrib non-free-firmware
3) Save Changes
4) #apt clean && apt update
5) #apt install intel-microcode
– The current version Debian has in the repo is 3.2023114.1~deb12u1
6) Reboot, and the microcode patch should apply automatically.
7) You can check what microcode you are running after reboot by
grep ‘stepping\|model\|microcode’ /proc/cpuinfo

Running 2x MS-01’s with this patch, all good so far (all cores active)

PiHole & Unbound

PiHole & Unbound

Posted on by Mark

Installation Steps
Install Ubuntu Server 20.04 (https://ubuntu.com/download/server)
Install Pi-Hole – sudo curl -sSL https://install.pi-hole.net | bash
Set the Web Admin Password – pihole -a -p [password]
Install Unbound DNS – sudo apt install unbound
Create Unbound Configuration File – sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
Copy example config – https://docs.pi-hole.net/guides/dns/unbound/
Restart Unbound to apply Configuration – sudo service unbound restart
Disable Forwarding DNS in PiHole
Set Custom DNS in PiHole – 127.0.0.1#5335

Raspberry Pi 5 8GB, Active Cooler, NVMe HAB!

Raspberry Pi 5 8GB, Active Cooler, NVMe HAB!

Posted on by Mark

Pretty sure I don’t need an excuse, but it is Xmas, so thought I’d treat myself (again, again, again) but it’s a nice platform to try more docker containers that I haven’t tried before. It’s quiet, and the fan doesn’t even really spin a lot, so it’s quiet. It was easy to put together and now has a 500GB NVMe drive inside it, no SD card, it boots right from the NVMe!

Happy days!

DeskPi Rackmate T1 Server Rack

DeskPi Rackmate T1 Server Rack

Posted on by Mark

I’m LOVING this setup! All up and running, wired.

Machines:

Proxmox – Plex, Nextcloud, CasaOS, on CasaOS I am running Qbittorrent and metube

Proxmox – CasaOS, just as a dropbox alternative

Ubuntu – third machine down is just for testing Linux distros, messing around, all the good stuff

USB 8TB drive – holds all the media for Plex, Ive got this connected through the Plex VM /etc/fstab to mount on boot/reboot

Mapped all the folders through Windows and it’s fine, Plex is picking up remotely absolutely fine, very happy! :)

Theme: Overlay by Kaira