[Testers Wanted] Simple PIA VPN Gateway

Based on the work by Sam Groveman (GitHub - ShVerni/Raspberry-Pi-VPN-Gateway: Raspberry Pi VPN gateway installer for Private Internet Access) all credit should be given to him.

Please make a backup of your PI first! (I may have had to start from scratch a few times while getting this ready, should be fine now but you can never have too many backups)

This is the script I use when configuring my PI (tested over multiple machines using DietPi 160+).

The goal of this script is to transform your DietPi into a VPN Gateway using PIA (https://www.privateinternetaccess.com/) without the pain of reading many (so very many) websites and doing it all manually.

Will probably not work if you are already running (or plan to run) a VPN server as it’s configured to use tun0 as its VPN interface.

You will need an account with PIA.
You will need to know

  • Your Pi login details.

  • Your PIA login details.

  • Your network gateway address.

  • Your local network address.

  • Choose between 2K (standard) or 4K (strong) encryption

  • Can easily switch between different VPN endpoints

  • VPN is monitored and will be automatically restarted if it goes down

  • killswitch

  • Configure split-VPN (exclude machine:port from VPN)


    The following code will start the install process …

wget -O PIAVPN.zip http://dietpi.com/phpbb/download/file.php?id=1034 && unzip PIAVPN.zip -d PIAVPN && cd PIAVPN && sudo chmod 744 InstallVPN.sh && sed -i $'s/\r$//' InstallVPN.sh && sudo ./InstallVPN.sh

PIAVPN.zip (22.1 KB)

Step 1:
VPN01.png
Step 2: Unless you have changed your DietPi default user you should use the defaults.
VPN02.png
Step 3:
VPN03.png
Step 4: Enter your PIA login details.
VPN04.png
Step 5: Choose between 2K (default) and 4K(strongest) encryption. 2K is fine for general use but if your PI has HW encryption support then there is almost no speed difference between the two (NanoPI NEO2 @2K: 158Mbit/s @4K: 156Mbit/s)
VPN05.png

Step 6: Select a VPN endpoint to use (this can also be changed afterwards using the swap_endpoint.sh script).
VPN06.png
Step 7:
VPN07.png
Step 8: Enter your network details
VPN08.png
Step 9: Enabling the KillSwitch means there will be no internet access if the VPN goes down.
VPN09.png
Step 10: You can allow specific machines to bypass the VPN (perhaps when you have configured your router to point every machine at the PI)
VPN10.png

Step 11: Tidy up?
VPN11.png
Step 12: Fingers crossed it all works.
VPN12.png

I’m giving it a go! Thanks!

It works!

How do I switch servers and so on?

Hi hd888

You can switch servers by executing the swap_endpoint.sh script

If you want to switch between standard (2K) and strong (4K) encryption I’m afraid you’ll need to re-run the install script (takes me about 45 seconds all up).

Use the add_exception.sh script to allow a machine to bypass the VPN (I have not used this yet so it may need some work)

Hey Phillski,

I did some testing and this setup, while working great, leaks DNS unfortunately.

I have posted to creators github (though I dont know how active he is) to work on a solution.
I think it may be as simple as incorporating a up & down of the update-resolv-conf in the config file.

Adding these lines to the end of: /etc/openvpn/PIAvpn.conf

script-security 2 
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Now forwards all DNS traffic through the VPN

I posted the issue on the guys github, hopefully he fixes it for everyone, otherwise if not I may fork it.

To test that it’s leaking run
ping whoami.ultradns.net -c 1
IP address your match your VPN IP: To see your external ip run
curl -s ipinfo.io/ip

If they do not match you’re leaking DNS info. (Mine was definitely not going through VPN)
Add above code to vpn.conf file and restart vpn
Rerun test and all my DNS info is being forwarded through PIA.

More info here:
https://www.privateinternetaccess.com/forum/discussion/23924/easy-quick-dns-and-ipv6-leak-testing-via-command-prompt-line-method-no-browser-or-website-needed

is there any chance of incorporating nordvpn. or others?
cheers good work

Are you using it as a gateway or just a client?
I may still do this but I don’t have a lot of free time… I want to get a feel for what most people use it for.

Thank you for doing this. :slight_smile:
It seems to work good and match what the IP should be.

As for use? Mostly to keep prying eyes out of what I do on the web so they can’t sell my data to third parties (a.k.a. ISP).

Same! I’ve Been breaking myself for two days to get PureVPN working as a client… As for me, I’d like a 24-7 RPi2 Torrentbox, running OpenVPN, Deluge, Sonarr & Radarr. Would love to test this.

Nice!!!

Ty for that.
I’ve had some days ago some problems with vpn and a special function.

have a look at that may you integrate in your solution the “port open function” for transmission and other program.
i have market the TCP Packs with a VPN User so that all communication from this user goes through the tunnel and the rest eg. PLEX and others can come out directly.

https://dietpi.com/forum/t/solved-nordvpn-transmission-plex-seeding-not-work-no-port-forwarding/3038/1

MichaIng
I will see if I can implement mine for testing into DietPi-NordVPN.

have a nice day

Hi,. Just installed on a fresh dietpi on a pi2. Worked fine,except I had to install pihole as a DNS server. Otherwise I had no DNS responses. I assume I did something wrong…but I have no idea what…

Neilj1983
Hmm which upstream DNS server uses Pi-hole then? The same should work for your system as well.

If you use DHCP for your network connection, then your router serves the DNS entry for the system. That should usually work, however in your case obviously not. If you choose static IP, you can set the DNS entry yourself. Usually using the router itself works best, as most serve as DNS resolver themselves and have a DNS cache as well, but if not, then 8.8.8.8 (Google DNS) is a reliable solution, at least to test general system-wise DNS resolving.

time wget --spider https://dietpi.com can be used to test and compare speeds.

I tried this last night & sadly (out of the box) from a fresh install it didn’t work. I did get it working though :+1:.

With a fresh install the device it was installed on was working & getting its public IP from PIA, it just wasn’t able to route any traffic over the VPN.

I just made sure “sysctl -p” was run on startup & everything is working fine now. This I don’t think is a problem with this script as it does the same when setting up PiVPN/OpenVPN.

This does not work for me.
Installed on a Pine64.

Also I set a static IP 192.168.1.5 before installing the script, after a reboot it reports at startup a IP 192.168.1.144 although I have a SSH session via 192.168.1.5 :thinking:
DietPi IP address.JPG

After I Enable IPv6 in the dietpi-config and re-run the script again it now reports the IP address 192.168.1.5 correctly.
So I guess when you Disable the IPv6 the script does not work correctly !?
DietPi IP address OKAY.JPG
DietPi IPv6 on.JPG

Hi, just a quick question will can this purely be used as a VPN Client. I only want my pi to use the vpn.