https://github.com/jlund/streisand
I'm attempting to modify these two:
https://www.privateinternetaccess.com/f ... n-with-pia
https://blog.ipredator.se/howto/openwrt ... enwrt.html
I've successfully done the first of them for a PIA connection - the first url is my write up.
Created this config (Have not even changed the iPredator name - just file contents replaced):
Code: Select all
cat >> /etc/config/openvpn << EOF
config openvpn 'IPredator'
option enabled '1'
option client '1'
option remote '111.111.111.11 111'
option dev 'tun1337'
option proto 'tcp'
list auth 'SHA256'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option cert '/etc/openvpn/IPredator.se.client.crt'
option key '/etc/openvpn/IPredator.se.client.key'
option ca '/etc/openvpn/IPredator.se.ca.crt'
option ns_cert_type 'server'
list tls_auth '/etc/openvpn/IPredator.se.ta.key'
option cipher 'AES-256-CBC'
option comp_lzo '1'
option key-direction '1'
option route '111.111.111.11 255.255.255.255 net_gateway'
option tls_client '1'
option verb '3'
EOFCode: Select all
root@OpenWrt:/etc# logread -f
Jun 11 10:18:05 OpenWrt authpriv.info dropbear[2701]: Child connection from 192. 168.2.189:55518
Jun 11 10:18:10 OpenWrt daemon.info dnsmasq-dhcp[1127]: DHCPINFORM(br-lan) 192.1 68.2.189 00:1b:21:16:77:c7
Jun 11 10:18:10 OpenWrt daemon.info dnsmasq-dhcp[1127]: DHCPACK(br-lan) 192.168. 2.189 00:1b:21:16:77:c7 QUADXPPC
Jun 11 10:18:12 OpenWrt authpriv.notice dropbear[2701]: Password auth succeeded for 'root' from 192.168.2.189:55518
Jun 11 10:19:11 OpenWrt daemon.info dnsmasq-dhcp[1127]: DHCPINFORM(br-lan) 192.1 68.2.189 00:1b:21:16:77:c7
Jun 11 10:19:11 OpenWrt daemon.info dnsmasq-dhcp[1127]: DHCPACK(br-lan) 192.168. 2.189 00:1b:21:16:77:c7 QUADXPPC
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
Jun 11 10:19:27 OpenWrt daemon.warn openvpn(IPredator)[4249]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jun 11 10:19:27 OpenWrt daemon.warn openvpn(IPredator)[4249]: WARNING: file '/etc/openvpn/IPredator.se.client.key' is group or others accessible
Jun 11 10:19:27 OpenWrt daemon.warn openvpn(IPredator)[4249]: WARNING: file '/etc/openvpn/IPredator.se.ta.key' is group or others accessible
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Control Channel Authentication: using '/etc/openvpn/IPredator.se.ta.key' as a OpenVPN static key file
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: LZO compression initialized
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Control Channel MTU parms [ L:1572 D:180 EF:80 EB:0 ET:0 EL:0 ]
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:135 ET:0 EL:0 AF:3/1 ]
Jun 11 10:19:27 OpenWrt daemon.notice openvpn(IPredator)[4249]: Attempting to establish TCP connection with 111.111.111.11:111 [nonblock]
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: TCP connection established with 111.111.111.11:111
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: TCPv4_CLIENT link local: [undef]
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: TCPv4_CLIENT link remote: 111.111.111.11:111
Jun 11 10:19:28 OpenWrt daemon.err openvpn(IPredator)[4249]: Connection reset, restarting [0]
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: TCP/UDP: Closing socket
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: SIGUSR1[soft,connection-reset] received, process restarting
Jun 11 10:19:28 OpenWrt daemon.notice openvpn(IPredator)[4249]: Restart pause, 5 second(s)
Jun 11 10:19:33 OpenWrt daemon.warn openvpn(IPredator)[4249]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jun 11 10:19:33 OpenWrt daemon.notice openvpn(IPredator)[4249]: Re-using SSL/TLS context
Jun 11 10:19:33 OpenWrt daemon.notice openvpn(IPredator)[4249]: LZO compression initialized
Jun 11 10:19:33 OpenWrt daemon.notice openvpn(IPredator)[4249]: Control Channel MTU parms [ L:1572 D:180 EF:80 EB:0 ET:0 EL:0 ]What am I missing? Can anyone point me in the right direction here?
This is their standard OVPN:
Code: Select all
client
remote 111.111.111.11 111
dev tun
proto tcp
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
key-direction 1
verb 3
route 111.111.111.11 255.255.255.255 net_gateway
<ca>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
***
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
***
-----END OpenVPN Static key V1-----
</tls-auth>
FYI, this works with PIA:Linux (Ubuntu)
It's preferable to configure Ubuntu using the OpenVPN plugin for NetworkManager. This gives you a nice little interface for connecting, and it properly handles the necessary DNS changes when you connect/disconnect. Unfortunately, the plugin does not support .ovpn profiles, so the list of steps is a little more involved.
First, download all of the .crt and .key files from one of these directories:
client-1
client-2
client-3
client-4
client-5
Install the OpenVPN plugin for NetworkManager.
sudo apt-get install network-manager-openvpn
Open your System Settings.
Click the Network icon.
Click the + button in the lower-left of the window.
Select VPN from the Interface drop-down and click Create.
Select OpenVPN and click Create.
Enter streisand for the Connection name.
Enter 111.111.111.11 for the Gateway.
Make sure Certificates (TLS) is selected for the Type.
Select client.crt from the client-files directory of your choice for the User Certificate.
Select ca.crt from the same client-files directory for the CA Certificate.
Select client.key from the same client-files directory for the Private Key.
Click the Advanced button.
Go to the General tab.
Check Use custom gateway port and enter 636 as its value.
Port 443 is available as an alternative if you are on a network that only allows access to the two standard HTTP ports.
Check Use LZO data compression.
Check Use a TCP connection.
Go to the Security tab.
Select AES-256-CBC as the Cipher.
Select SHA256 as the HMAC Authentication.
Go to the TLS Authentication tab.
Check Verify peer (server) certificate usage signature.
Check Use additional TLS authentication.
Select the ta.key from the client-files directory for the Key File.
Select 1 as the Key Direction.
Click OK.
Click Save...
Select the VPN in the left-hand menu, and flip the switch to ON. You can also enable/disable the VPN by clicking on the WiFi/Network icon in the menu bar, scrolling to VPN Connections, and clicking on its name.
Success! You can verify that your traffic is being routed properly by looking up your IP address on Google. It should say Your public IP address is 111.111.111.11.
Code: Select all
cat >> /etc/config/openvpn << EOF
config openvpn 'IPredator'
option enabled '1'
option client '1'
option dev 'tun1337'
option proto 'udp'
list auth_user_pass '/etc/openvpn/IPredator.auth'
option resolv_retry 'infinite'
option float '1'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option ca '/etc/openvpn/IPredator.se.ca.crt'
option remote_cert_tls 'server'
option reneg_sec '0'
option remote 'us-west.privateinternetaccess.com 1194'
option tls_client '1'
option verb '3'
option comp_lzo '1'
EOF