Well after getting on the naughty list from my ISP, Charter, via a NBC Universal ‘Notice of Copyright Infringement’ I decided it’s time to start exploring the wonderful world of truly anonymous Torrent downloading with a VPN.  My buddy has already taken the plunge and has graciously allowed me to try out my setup with his credentials since his provider allows multiple simultaneous connections.  

Before getting started I did make an image of my existing config using Win32DiskImager so I wouldn’t have to start from scratch if anything went wrong.  

First I started with the instructions for the VPN provider up until they refer to the GUI (https://www.privateinternetaccess.com/pages/client-support/#ubuntu_openvpn)

Ubuntu Linux 10.10: OpenVPN Setup
  1. In Terminal, install openvpn packages with sudo apt-get install network-manager-openvpn.
  2. Restart the network manager with sudo restart network-manager
  3. Run sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
  4. Extract the files from the zip with unzip openvpn.zip.
  5. Move ca.crt to /etc/openvpn (with sudo)

Then I ran a quick test to see if I could connect with the config for the Netherlands:

pi@raspberrypi:~/openvpn$ sudo openvpn --config ./Netherlands.ovpn
Tue Jun 4 19:30:15 2013 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Apr 28 2012
Enter Auth Username:**********
Enter Auth Password:
Tue Jun 4 19:30:31 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jun 4 19:30:31 2013 LZO compression initialized
Tue Jun 4 19:30:31 2013 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 13 addresses
Tue Jun 4 19:30:31 2013 UDPv4 link local: [undef]
Tue Jun 4 19:30:31 2013 UDPv4 link remote: [AF_INET]109.201.152.226:1194
Tue Jun 4 19:30:31 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 4 19:30:33 2013 [server] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Tue Jun 4 19:30:35 2013 TUN/TAP device tun0 opened
Tue Jun 4 19:30:35 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 4 19:30:35 2013 /sbin/ifconfig tun0 **.***.*.* pointopoint **.***.*.* mtu 1500
Tue Jun 4 19:30:35 2013 Initialization Sequence Completed

Now that I know it works, I just need to save my credentials to an external config file only owned by root.  (https://forums.openvpn.net/topic11342.html)

sudo vi /etc/openvpn/login.conf
sudo chmod 400 /etc/openvpn/login.conf

And now make a copy of the .ovpn config file and add the login.conf file onto the existing line with auth-user-pass (not shown)

sudo cp Netherlands.ovpn /etc/openvpn/Netherlands.conf

Run another test to make sure it doesn’t prompt for credentials anymore.

pi@raspberrypi:/etc/openvpn$ sudo openvpn Netherlands.conf
Tue Jun 4 20:38:06 2013 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [ MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Apr 28 2012
Tue Jun 4 20:38:06 2013 WARNING: file '/etc/openvpn/login.conf' is group or others accessible
Tue Jun 4 20:38:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defi ned scripts or executables
Tue Jun 4 20:38:06 2013 LZO compression initialized
Tue Jun 4 20:38:06 2013 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 13 addresses
Tue Jun 4 20:38:06 2013 UDPv4 link local: [undef]
Tue Jun 4 20:38:06 2013 UDPv4 link remote: [AF_INET]***.***.***.***:****
Tue Jun 4 20:38:06 2013 WARNING: this configuration may cache passwords in memory -- use the auth-no cache option to prevent this
Tue Jun 4 20:38:08 2013 [server] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Tue Jun 4 20:38:10 2013 TUN/TAP device tun0 opened
Tue Jun 4 20:38:10 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 4 20:38:10 2013 /sbin/ifconfig tun0 **.***.*.* pointopoint **.***.*.* mtu 1500
Tue Jun 4 20:38:11 2013 Initialization Sequence Completed

Then edit the default openvpn config so it starts this up again at startup: (http://serverfault.com/questions/458591/how-to-auto-start-openvpn-client-on-ubuntu-12-04-cli)

sudo vi /etc/default/openvpn
# This is the configuration file for /etc/init.d/openvpn
#
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
# The VPN name refers to the VPN configutation file name.
# i.e. "home" would be /etc/openvpn/home.conf
#
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
AUTOSTART="Netherlands"
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
# Optional arguments to openvpn's command line
OPTARGS=""
#
# If you need openvpn running after sendsigs, i.e.
# to let umountnfs work over the vpn, set OMIT_SENDSIGS
# to 1 and include umountnfs as Required-Stop: in openvpn's
# init.d script (remember to run insserv after that)
#
OMIT_SENDSIGS=0

Do a quick reboot 

sudo shutdown -r 0

Then to make sure it’s working find my external IP (http://askubuntu.com/questions/145012/how-can-i-find-my-public-ip-using-the-terminal):

wget http://ipecho.net/plain -O - -q ; echo
109.201.152.14

And you can even download a test torrent file which will tell me the same from http://checkmytorrentip.com

Advertisements