Autoconnect Private Internet Access VPN on Boot Linux

Update Linux repos as always

sudo apt-get update

Install and Configure OpenVPN

Install OpenVPN and unzip

sudo apt-get install openvpn unzip -y

Enter the OpenVPN folder

cd /etc/openvpn

Download the Private Internet Access OpenVPN configuration files (extension .ovpn)

sudo wget --no-check-certificate https://www.privateinternetaccess.com/openvpn/openvpn.zip

Unzip the openvpn configuration files

sudo unzip openvpn.zip

You can list all of the countries you can connect to with this command inside the /etc/openvpn folder

ls -lh *.ovpn

See the long list, you will specify the ovpn file when you connect to Private Internet Access’s VPN servers

-rw-r--r-- 1 root root 238 Nov 25 20:47 AU Melbourne.ovpn
-rw-r--r-- 1 root root 228 Nov 25 20:47 AU Sydney.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Brazil.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 CA North York.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 CA Toronto.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Denmark.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 France.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Germany.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Hong Kong.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 India.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Ireland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Israel.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Italy.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Japan.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Mexico.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Netherlands.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 New Zealand.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Romania.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Russia.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Singapore.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Sweden.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Switzerland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Turkey.ovpn
-rw-r--r-- 1 root root 234 Nov 25 20:47 UK London.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 UK Southampton.ovpn
-rw-r--r-- 1 root root 238 Nov 25 20:47 US California.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US East.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Florida.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Midwest.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 US New York City.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Seattle.ovpn
-rw-r--r-- 1 root root 241 Nov 25 20:47 US Silicon Valley.ovpn
-rw-r--r-- 1 root root 233 Nov 25 20:47 US Texas.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US West.ovpn

Create a login details text file so you can log on to the PIA VPN automatically

sudo nano /etc/openvpn/login.txt

Input your username and password, replace username with your actual username and password with your actual VPN password in this format

username
password

Ctrl+X, Y and Enter to Save and Exit

Change the permission of the login.txt file so it is only owned by root which will solve this error WARNING: file '/etc/openvpn/login.txt' is group or others accessible

sudo chmod 700 /etc/openvpn/login.txt

Fix DNS issues by using the Google DNS servers

echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolv.conf

Make the DNS changes permanent. This sets the resolv.conf file to immutable (i.e. unchangeable)

sudo chattr +i /etc/resolv.conf

Test the PIA VPN is working, here I’m using Sweden but you can choose any country from the list generated before

cd /etc/openvpn
sudo openvpn --config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt

If you see success like below, your VPN public IP address is highlighted in red, let’s verify that’s what we get then start a new SSH session

Wed May 4 08:42:37 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Wed May 4 08:42:37 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Wed May 4 08:42:37 2016 UDPv4 link local: [undef]
Wed May 4 08:42:37 2016 UDPv4 link remote: [AF_INET]185.3.135.34:1194
Wed May 4 08:42:37 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 4 08:42:37 2016 [Private Internet Access] Peer Connection Initiated with [AF_INET]185.3.135.34:1194
Wed May 4 08:42:40 2016 TUN/TAP device tun0 opened
Wed May 4 08:42:40 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 4 08:42:40 2016 /sbin/ip link set dev tun0 up mtu 1500
Wed May 4 08:42:40 2016 /sbin/ip addr add dev tun0 local 10.177.1.6 peer 10.177.1.5
Wed May 4 08:42:40 2016 Initialization Sequence Completed

Start a new SSH session and check the IP address you are getting

wget http://ipinfo.io/ip -qO -

It should match the UDPv4 link remote address shown in the previous command. You should see something different than your regular IP address found on whatsmyip.org or on your wireless router from your ISP.

185.3.135.34

It matches so we’re all good, now it’s time to autoconnect to Private Internet Access on boot.

First you should use Ctrl+C in the SSH session showing the Private Internet Access VPN is connected to disconnect from the VPN.

Autoconnect PIA VPN on Boot

Create the OpenVPN autoconnect init.d startup script file

sudo nano /etc/init.d/openvpnauto

Paste this OpenVPN autoconnect startup script, if you do not want to use Sweden.ovpn then replace it in the DAEMON_OPTS line

#!/bin/sh
### BEGIN INIT INFO
# Provides:          OpenVPN Autoconnect
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: OpenVPN Autoconnect
# Description:       OpenVPN Autoconnect
### END INIT INFO


# Documentation available at
# http://refspecs.linuxfoundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptfunc.html
# Debian provides some extra functions though
. /lib/lsb/init-functions


DAEMON_NAME="openvpnauto"
DAEMON_USER=root
DAEMON_PATH="/usr/sbin/openvpn"
DAEMON_OPTS="--config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt"
DAEMON_PWD="/etc/openvpn"
DAEMON_DESC=$(get_lsb_header_val $0 "Short-Description")
DAEMON_PID="/var/run/${DAEMON_NAME}.pid"
DAEMON_NICE=0
DAEMON_LOG='/var/log/openvpnauto.log'

[ -r "/etc/default/${DAEMON_NAME}" ] && . "/etc/default/${DAEMON_NAME}"

do_start() {
  local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -eq 0 ]; then
        log_warning_msg "${DAEMON_NAME} is already started"
        result=0
    else
        log_daemon_msg "Starting ${DAEMON_DESC}" "${DAEMON_NAME}"
        touch "${DAEMON_LOG}"
        chown $DAEMON_USER "${DAEMON_LOG}"
        chmod u+rw "${DAEMON_LOG}"
        if [ -z "${DAEMON_USER}" ]; then
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        else
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --chuid "${DAEMON_USER}" \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        fi
        log_end_msg $result
    fi
    return $result
}

do_stop() {
    local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -ne 0 ]; then
        log_warning_msg "${DAEMON_NAME} is not started"
        result=0
    else
        log_daemon_msg "Stopping ${DAEMON_DESC}" "${DAEMON_NAME}"
        killproc -p "${DAEMON_PID}" "${DAEMON_PATH}"
        result=$?
        log_end_msg $result
        rm "${DAEMON_PID}"
    fi
    return $result
}

do_restart() {
    local result
    do_stop
    result=$?
    if [ $result = 0 ]; then
        do_start
        result=$?
    fi
    return $result
}

do_status() {
    local result
    status_of_proc -p "${DAEMON_PID}" "${DAEMON_PATH}" "${DAEMON_NAME}"
    result=$?
    return $result
}

do_usage() {
    echo $"Usage: $0 {start | stop | restart | status}"
    exit 1
}

case "$1" in
start)   do_start;   exit $? ;;
stop)    do_stop;    exit $? ;;
restart) do_restart; exit $? ;;
status)  do_status;  exit $? ;;
*)       do_usage;   exit  1 ;;
esac

Ctrl+X, Y and Enter to Save

Enable the OpenVPN PIA Autoconnect script

sudo chmod +x /etc/init.d/openvpnauto
sudo update-rc.d openvpnauto defaults 98

Now you can connect to PIA’s VPN automatically by running

sudo service openvpnauto start

You can retest your IP to verify it’s not your ISP’s IP address

wget http://ipinfo.io/ip -qO -

If it is not your regular IP shown on whatsmyip.org then you can reboot and test your IP address again

sudo reboot

Test your IP again and compare it to whatsmyip.org’s result

wget http://ipinfo.io/ip -qO -

Now you’ve set up installing and autoconnecting to Private Internet Access VPN on Linux on boot

Microcode Install Instructions:
1) Install Proxmox 8.1
2) Add non-free-firmware to debian repo in sources.list
– Edit the /etc/apt/sources.list file. Add non-free-firmware to the 1st line so it looks like this—
– deb Index of /debian bookworm main contrib non-free-firmware
3) Save Changes
4) #apt clean && apt update
5) #apt install intel-microcode
– The current version Debian has in the repo is 3.2023114.1~deb12u1
6) Reboot, and the microcode patch should apply automatically.
7) You can check what microcode you are running after reboot by
grep ‘stepping\|model\|microcode’ /proc/cpuinfo

Running 2x MS-01’s with this patch, all good so far (all cores active)

sudo lvextend -l +100%FREE -r /dev/mapper/ubuntu--vg-ubuntu--lv

Pretty sure I don’t need an excuse, but it is Xmas, so thought I’d treat myself (again, again, again) but it’s a nice platform to try more docker containers that I haven’t tried before. It’s quiet, and the fan doesn’t even really spin a lot, so it’s quiet. It was easy to put together and now has a 500GB NVMe drive inside it, no SD card, it boots right from the NVMe!

Happy days!

I’m LOVING this setup! All up and running, wired.

Machines:

Proxmox – Plex, Nextcloud, CasaOS, on CasaOS I am running Qbittorrent and metube

Proxmox – CasaOS, just as a dropbox alternative

Ubuntu – third machine down is just for testing Linux distros, messing around, all the good stuff

USB 8TB drive – holds all the media for Plex, Ive got this connected through the Plex VM /etc/fstab to mount on boot/reboot

Mapped all the folders through Windows and it’s fine, Plex is picking up remotely absolutely fine, very happy!

Dear Linux, I want to love you. I do. I want to have your babies, I want those babies to understand that you’re great. But you’re not, and it hurts.

I’ve dumped Windows (again) and I’m making a concerted effort to make Linux work no matter what. I did the usual of going through all the latest versions of all the ‘better’ distros, I settled on Linux Mint with GNOME installed and it’s fine.

Common Linux bugbears for me tend to be:

Package manager wise, I prefer APT, SMB for my NAS just isnt pretty. You have to go into files, down to the location at the bottom of the window and type in your network address. In Mint, thankfully, it automatically picks up my NAS and I dont have to do this. For me, those two things are a big win.

Gaming is in two flavours, either via Steam and piracy.

In Steam, I have a Steam Deck also so I am now more used to it, but some games require you to play ‘hit and miss’ with proton versions to try and get working. FFXV is a perfect example, anything newer than v6 causes artifacts under Mint and it’s a pain. I just want it to ‘work’.

Piracy under Linux, again I think thanks to the Steam Deck, has come a long way thanks to WINE, Lutris and the Heroic Games Launcher. I’ve NEVER managed to get this working properly. I’ve always gone back to Windows because something’s come out that I want to play but dont want to buy it without giving it a go. Whatever your views are on piracy, I dont care. Sorry. You do you, Ill do me. So the new Elden Ring DLC came out and I thought I’d use that as my yardstick to get working, after an afternoon of headscratching I now think Ive got the whole thing sorted out in my autistic brain. I’m using HGL and it runs the game great – I dont like Elden Ring, but I wasnt about to fork over a 50 just to try it.

Similarly to piracy, I love using Photoshop. I understand there’s ways to get this working with the above launchers, it’s going to be my next adventure into tinkering, but I cant say Im looking forward to it. I hate dual booting, I just end up with having two seperate installations that I need to keep switching between and it’s extremely inconvenient.

I appreciate that not all of the above are the fault of Linux, or the Mint team etc, it’s just my use case. I realise that the core of Windows, what it SHOULD be, is what’s spoiled me all these years. I just cant be bothered with the mega corporation bullshit anymore. Microsoft has been really screwing the pooch over the past couple of months and it’s now less than trivial how much I hate what Windows has become.

So yeah, I’m trying to be friends with Linux but it’s hard. It’s like that friend that you love hanging out with, but then they get drunk and abusive and you just cant be around them anymore. I want to love Linux, and I’m going to keep trying.

Tidied up a little, now with Virgin Media 1GB package that’s just amazing.

From the bottom up:

On the right is the backup server, dont ask me for names and shit I’m drunk and cant remember. I am loving the Unifi blue patch cables though.

This is literally amazing. Loving the automation, because I cant Prox for shit.

https://tteck.github.io/Proxmox/

The older I get, the less I want to have to interact with things. I mean, people, work, friends, lovers, computers, and operating systems. Basically, all the things.

I’ve been trying to find an operating system to use ‘most of the time’ other than windows. I really want to use Linux, but damn man, it’s a pain.

I’d love to use an immutable OS. It just sounds so cool, and easy. BlendOS is immutable and gives you the choice of all the other base systems in one. Great. Alma gives you the option of all of the above, and a double-boot partition so that if an update doesnt work okay, then it reverts. Even better.

The problem is that these OS’s dont seem to be able to get the fundamentals right. I mean, I love Gnome, right? There’s other people out there who do too, I’m sure. But there’s always an issue: i.e. samba doesnt work right, graphics drivers dont work right, samba doesnt work right… and over and over and over. I appreciate that I’m probably a ‘power user’ as much as I hate the term, but I think after 40 years of *nix that they should have the basic shit down. Alas, it doesnt seem to be the case.

Linux just isnt ready for mainstream. Its awful, Debian, Manjaro, Ubuntu, they just arent ready for the mainstream at all. Dear lord people get the linux shit sorted out. All I want is parity with Windows – I want to be able to put in a USB stick, and deal with it, I want to be able to map a network share, and deal with it, I want to get able to ‘game’ (quotes even if through steam which is the best case scenario without getting experimental) and not have to deal with shit.

Sigh. Its all just shit.

As such Im now back to PopOS which at least seems to have SMB down from the first try, better than Ubuntu (which it’s based on) at least… and yeah, you’re going to wax lyrical about ways that it would work (if anyone actually viewed this site) but as a whole I have to say the ease of use for the common everyday folk is rubbish. This is not news, I understand that, but this is the illustration of my frustration.

Blep.