Well after getting on the naughty list from my ISP, Charter, via a NBC Universal ‘Notice of Copyright Infringement’ I decided it’s time to start exploring the wonderful world of truly anonymous Torrent downloading with a VPN. My buddy has already taken the plunge and has graciously allowed me to try out my setup with his credentials since his provider allows multiple simultaneous connections.
Before getting started I did make an image of my existing config using Win32DiskImager so I wouldn’t have to start from scratch if anything went wrong.
First I started with the instructions for the VPN provider up until they refer to the GUI (https://www.privateinternetaccess.com/pages/client-support/#ubuntu_openvpn)
Ubuntu Linux 10.10: OpenVPN Setup
-
In Terminal, install openvpn packages with sudo apt-get install network-manager-openvpn.
-
Restart the network manager with sudo restart network-manager -
Run sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
-
Extract the files from the zip with unzip openvpn.zip.
-
Move ca.crt to /etc/openvpn (with sudo)
Then I ran a quick test to see if I could connect with the config for the Netherlands:
pi@raspberrypi:~/openvpn$ sudo openvpn --config ./Netherlands.ovpn
Tue Jun 4 19:30:15 2013 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Apr 28 2012
Enter Auth Username:**********
Enter Auth Password:
Tue Jun 4 19:30:31 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jun 4 19:30:31 2013 LZO compression initialized
Tue Jun 4 19:30:31 2013 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 13 addresses
Tue Jun 4 19:30:31 2013 UDPv4 link local: [undef]
Tue Jun 4 19:30:31 2013 UDPv4 link remote: [AF_INET]109.201.152.226:1194
Tue Jun 4 19:30:31 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 4 19:30:33 2013 [server] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Tue Jun 4 19:30:35 2013 TUN/TAP device tun0 opened
Tue Jun 4 19:30:35 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 4 19:30:35 2013 /sbin/ifconfig tun0 **.***.*.* pointopoint **.***.*.* mtu 1500
Tue Jun 4 19:30:35 2013 Initialization Sequence Completed
Now that I know it works, I just need to save my credentials to an external config file only owned by root. (https://forums.openvpn.net/topic11342.html)
sudo vi /etc/openvpn/login.conf
sudo chmod 400 /etc/openvpn/login.conf
And now make a copy of the .ovpn config file and add the login.conf file onto the existing line with auth-user-pass (not shown)
sudo cp Netherlands.ovpn /etc/openvpn/Netherlands.conf
Run another test to make sure it doesn’t prompt for credentials anymore.
pi@raspberrypi:/etc/openvpn$ sudo openvpn Netherlands.conf
Tue Jun 4 20:38:06 2013 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [ MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Apr 28 2012
Tue Jun 4 20:38:06 2013 WARNING: file '/etc/openvpn/login.conf' is group or others accessible
Tue Jun 4 20:38:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defi ned scripts or executables
Tue Jun 4 20:38:06 2013 LZO compression initialized
Tue Jun 4 20:38:06 2013 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 13 addresses
Tue Jun 4 20:38:06 2013 UDPv4 link local: [undef]
Tue Jun 4 20:38:06 2013 UDPv4 link remote: [AF_INET]***.***.***.***:****
Tue Jun 4 20:38:06 2013 WARNING: this configuration may cache passwords in memory -- use the auth-no cache option to prevent this
Tue Jun 4 20:38:08 2013 [server] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Tue Jun 4 20:38:10 2013 TUN/TAP device tun0 opened
Tue Jun 4 20:38:10 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 4 20:38:10 2013 /sbin/ifconfig tun0 **.***.*.* pointopoint **.***.*.* mtu 1500
Tue Jun 4 20:38:11 2013 Initialization Sequence Completed
Then edit the default openvpn config so it starts this up again at startup: (http://serverfault.com/questions/458591/how-to-auto-start-openvpn-client-on-ubuntu-12-04-cli)
sudo vi /etc/default/openvpn # This is the configuration file for /etc/init.d/openvpn #
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
# The VPN name refers to the VPN configutation file name.
# i.e. "home" would be /etc/openvpn/home.conf
#
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
AUTOSTART="Netherlands"
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
# Optional arguments to openvpn's command line
OPTARGS=""
#
# If you need openvpn running after sendsigs, i.e.
# to let umountnfs work over the vpn, set OMIT_SENDSIGS
# to 1 and include umountnfs as Required-Stop: in openvpn's
# init.d script (remember to run insserv after that)
#
OMIT_SENDSIGS=0
Do a quick reboot
sudo shutdown -r 0
Then to make sure it’s working find my external IP (http://askubuntu.com/questions/145012/how-can-i-find-my-public-ip-using-the-terminal):
wget http://ipecho.net/plain -O - -q ; echo
109.201.152.14
And you can even download a test torrent file which will tell me the same from http://checkmytorrentip.com
Thanks, this really helped! It’s actually simpler this way than using the apparently defunct GUI.
First good guide i have found. But how do you make the login.conf file? cant get that to work. dont know how to do the –enable-password-save configure option thing. Thanks. 🙂
Never mind. 🙂 wrote “username xxxxxxxx” “password xxxxxxXxXx”
This worked almost perfectly for me! Cheers!
Although for some reason dns isnt working though the VPN. I can’t ping google.com but i can ping external ips (including googles). Tried a few of the differant VPN servers, with the same issue for each so it must be something at my end…
Interesting. I wonder if it’s because of what server you’re using for DNS.
I have my Router configured to use OpenDNS servers for my DNS lookups. Since my Pi traffic is encrypted, I don’t know if the Pi is using OpenDNS servers or not.
That might be something worth trying.
The DNS assigned to me from dhcp was not accessible from the VPN server. 8.8.8.8 work a treat though. Cheers.
Quick question > what’s the disconnect command when I need to disconnect from the VPN?
If you have the openvpn service running at startup, then you just need to run: ‘sudo /etc/init.d/openvpn stop’
Hi,
really nice tutorial
What happens if the openvpn-connection drops? Is there any way to ensure that any kind of traffic is blocked until the openvpn-connection is up again?
Thanks for this
I’m not aware of any way. Sorry
Any hints how you do your port forwarding? 🙂
It’s in another post: https://raspinotes.wordpress.com/2014/03/10/port-forwarding-with-vpn/ . However I haven’t gone back to this in a while so hopefully the instructions are still good.
Thanks for this!! I was really struggling with this until I read this post.
Thank you sir.
Setup took a total of 10 minutes (and I’m being generous) after searching for almost 2 hours.