Autoconnect Private Internet Access VPN on Boot Linux

private internet accessPrivate Internet Access is a VPN company that takes your privacy and anonymity seriously. They do not keep logs and allow multiple payment methods like gift cards and Bitcoin. This tutorial will show you how to autoconnect to Private Internet Access VPN service for increased convenience and safety for your Linux home media server. This guide will work on any Debian-based system like Ubuntu, Raspbian, Minibian, Bananian or Armbian, for those of you that prefer upstart over init.d scripts, drake will be publishing an upstart version in the future.

Updated working init.d June 17, 2016

VPN Service
All Platforms
Number of Connections
Monthly Cost
Annual Cost
Private Internet Access
Yes
5
$6.95
$39.95
($3.33 / month)
Pure VPN
Yes
5
$10.95
$59.95
($4.91 / month)
IPVanish
Yes
5
$10.00
$77.00
($6.41 / month)

Autoconnect Private Internet Access VPN on Boot Linux

Update Linux repos as always

sudo apt-get update

Install and Configure OpenVPN

Install OpenVPN and unzip

sudo apt-get install openvpn unzip -y

Enter the OpenVPN folder

cd /etc/openvpn

Download the Private Internet Access OpenVPN configuration files (extension .ovpn)

sudo wget --no-check-certificate https://www.privateinternetaccess.com/openvpn/openvpn.zip

Unzip the openvpn configuration files

sudo unzip openvpn.zip

You can list all of the countries you can connect to with this command inside the /etc/openvpn folder

ls -lh *.ovpn

See the long list, you will specify the ovpn file when you connect to Private Internet Access's VPN servers

-rw-r--r-- 1 root root 238 Nov 25 20:47 AU Melbourne.ovpn
-rw-r--r-- 1 root root 228 Nov 25 20:47 AU Sydney.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Brazil.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 CA North York.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 CA Toronto.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Denmark.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 France.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Germany.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Hong Kong.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 India.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 Ireland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Israel.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Italy.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Japan.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Mexico.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Netherlands.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 New Zealand.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Romania.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Russia.ovpn
-rw-r--r-- 1 root root 227 Nov 25 20:47 Singapore.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Sweden.ovpn
-rw-r--r-- 1 root root 230 Nov 25 20:47 Switzerland.ovpn
-rw-r--r-- 1 root root 231 Nov 25 20:47 Turkey.ovpn
-rw-r--r-- 1 root root 234 Nov 25 20:47 UK London.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 UK Southampton.ovpn
-rw-r--r-- 1 root root 238 Nov 25 20:47 US California.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US East.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Florida.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Midwest.ovpn
-rw-r--r-- 1 root root 239 Nov 25 20:47 US New York City.ovpn
-rw-r--r-- 1 root root 235 Nov 25 20:47 US Seattle.ovpn
-rw-r--r-- 1 root root 241 Nov 25 20:47 US Silicon Valley.ovpn
-rw-r--r-- 1 root root 233 Nov 25 20:47 US Texas.ovpn
-rw-r--r-- 1 root root 232 Nov 25 20:47 US West.ovpn

Create a login details text file so you can log on to the PIA VPN automatically

sudo nano /etc/openvpn/login.txt

Input your username and password, replace username with your actual username and password with your actual VPN password in this format

username
password

Ctrl+X, Y and Enter to Save and Exit

Change the permission of the login.txt file so it is only owned by root which will solve this error WARNING: file '/etc/openvpn/login.txt' is group or others accessible

sudo chmod 700 /etc/openvpn/login.txt

Fix DNS issues by using the Google DNS servers

echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolv.conf

Make the DNS changes permanent. This sets the resolv.conf file to immutable (i.e. unchangeable)

sudo chattr +i /etc/resolv.conf

Test the PIA VPN is working, here I'm using Sweden but you can choose any country from the list generated before

cd /etc/openvpn
sudo openvpn --config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt

If you see success like below, your VPN public IP address is highlighted in red, let's verify that's what we get then start a new SSH session

Wed May 4 08:42:37 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Wed May 4 08:42:37 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Wed May 4 08:42:37 2016 UDPv4 link local: [undef]
Wed May 4 08:42:37 2016 UDPv4 link remote: [AF_INET]185.3.135.34:1194
Wed May 4 08:42:37 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 4 08:42:37 2016 [Private Internet Access] Peer Connection Initiated with [AF_INET]185.3.135.34:1194
Wed May 4 08:42:40 2016 TUN/TAP device tun0 opened
Wed May 4 08:42:40 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 4 08:42:40 2016 /sbin/ip link set dev tun0 up mtu 1500
Wed May 4 08:42:40 2016 /sbin/ip addr add dev tun0 local 10.177.1.6 peer 10.177.1.5
Wed May 4 08:42:40 2016 Initialization Sequence Completed

Start a new SSH session and check the IP address you are getting

wget http://ipinfo.io/ip -qO -

It should match the UDPv4 link remote address shown in the previous command. You should see something different than your regular IP address found on whatsmyip.org or on your wireless router from your ISP.

185.3.135.34

It matches so we're all good, now it's time to autoconnect to Private Internet Access on boot.

First you should use Ctrl+C in the SSH session showing the Private Internet Access VPN is connected to disconnect from the VPN.

Autoconnect PIA VPN on Boot

Create the OpenVPN autoconnect init.d startup script file

sudo nano /etc/init.d/openvpnauto

Paste this OpenVPN autoconnect startup script, if you do not want to use Sweden.ovpn then replace it in the DAEMON_OPTS line

#!/bin/sh
### BEGIN INIT INFO
# Provides:          OpenVPN Autoconnect
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: OpenVPN Autoconnect
# Description:       OpenVPN Autoconnect
### END INIT INFO


# Documentation available at
# http://refspecs.linuxfoundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptfunc.html
# Debian provides some extra functions though
. /lib/lsb/init-functions


DAEMON_NAME="openvpnauto"
DAEMON_USER=root
DAEMON_PATH="/usr/sbin/openvpn"
DAEMON_OPTS="--config /etc/openvpn/Sweden.ovpn --auth-user-pass /etc/openvpn/login.txt"
DAEMON_PWD="/etc/openvpn"
DAEMON_DESC=$(get_lsb_header_val $0 "Short-Description")
DAEMON_PID="/var/run/${DAEMON_NAME}.pid"
DAEMON_NICE=0
DAEMON_LOG='/var/log/openvpnauto.log'

[ -r "/etc/default/${DAEMON_NAME}" ] && . "/etc/default/${DAEMON_NAME}"

do_start() {
  local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -eq 0 ]; then
        log_warning_msg "${DAEMON_NAME} is already started"
        result=0
    else
        log_daemon_msg "Starting ${DAEMON_DESC}" "${DAEMON_NAME}"
        touch "${DAEMON_LOG}"
        chown $DAEMON_USER "${DAEMON_LOG}"
        chmod u+rw "${DAEMON_LOG}"
        if [ -z "${DAEMON_USER}" ]; then
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        else
            start-stop-daemon --start --quiet --oknodo --background \
                --nicelevel $DAEMON_NICE \
                --chdir "${DAEMON_PWD}" \
                --pidfile "${DAEMON_PID}" --make-pidfile \
                --chuid "${DAEMON_USER}" \
                --exec "${DAEMON_PATH}" -- $DAEMON_OPTS
            result=$?
        fi
        log_end_msg $result
    fi
    return $result
}

do_stop() {
    local result

    pidofproc -p "${DAEMON_PID}" "${DAEMON_PATH}" > /dev/null
    if [ $? -ne 0 ]; then
        log_warning_msg "${DAEMON_NAME} is not started"
        result=0
    else
        log_daemon_msg "Stopping ${DAEMON_DESC}" "${DAEMON_NAME}"
        killproc -p "${DAEMON_PID}" "${DAEMON_PATH}"
        result=$?
        log_end_msg $result
        rm "${DAEMON_PID}"
    fi
    return $result
}

do_restart() {
    local result
    do_stop
    result=$?
    if [ $result = 0 ]; then
        do_start
        result=$?
    fi
    return $result
}

do_status() {
    local result
    status_of_proc -p "${DAEMON_PID}" "${DAEMON_PATH}" "${DAEMON_NAME}"
    result=$?
    return $result
}

do_usage() {
    echo $"Usage: $0 {start | stop | restart | status}"
    exit 1
}

case "$1" in
start)   do_start;   exit $? ;;
stop)    do_stop;    exit $? ;;
restart) do_restart; exit $? ;;
status)  do_status;  exit $? ;;
*)       do_usage;   exit  1 ;;
esac

Ctrl+X, Y and Enter to Save

Enable the OpenVPN PIA Autoconnect script

sudo chmod +x /etc/init.d/openvpnauto
sudo update-rc.d openvpnauto defaults 98

Now you can connect to PIA's VPN automatically by running

sudo service openvpnauto start

You can retest your IP to verify it's not your ISP's IP address

wget http://ipinfo.io/ip -qO -

If it is not your regular IP shown on whatsmyip.org then you can reboot and test your IP address again

sudo reboot

Test your IP again and compare it to whatsmyip.org's result

wget http://ipinfo.io/ip -qO -

Now you've set up installing and autoconnecting to Private Internet Access VPN on Linux on boot