I tried kleshas' suggestion and went back to the dev version that works.
I got the conf files from the website like kleshas mentioned, but I had to change each extension on each and add an underscore so it was continuous: e.g.
US California.ovpn I changed to US_California.conf, etc.
Here is my alias for this one:
alias california='sudo openvpn --config /etc/openvpn/US_California.conf'
I rebooted and tried it and it got these errors:
$ california
[sudo] password for cavsfan:
Options error: --ca fails with 'ca.rsa.2048.crt': No such file or directory
Options error: --crl-verify fails with 'crl.rsa.2048.pem': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Here is my /etc/openvpn/pia.conf:
[pia]
openvpn_auto_login = True
[configure]
apps = cm
hosts = AU Melbourne, AU Sydney, CA North York, CA Toronto, Denmark, Finland, France, Germany, Hong Kong, India, Ireland, Israel, Italy, Japan, Mexico, Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, Turkey, UK London, UK Southampton, US East, US Florida, US Silicon Valley, US Midwest, US Texas, US California, US New York City, US West, US Seattle,
port = UDP/1198
And here is my /etc/openvpn/US_California.conf:
client
dev tun
proto udp
remote us-california.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
It errored on crl.rsa.2048.pem and ca.rsa.2048.crt even though they are both in the folder:
/etc/openvpn/crl.rsa.2048.pem
/etc/openvpn/ca.rsa.2048.crt
Perhaps I should have done something else? pia -a did not work on all of the places.
Let me know if you need anything else and if I should do anything else.
Search Criteria
Package Details: private-internet-access-vpn 3.4-4
Package Actions
| Git Clone URL: | https://aur.archlinux.org/private-internet-access-vpn.git (read-only, click to copy) |
|---|---|
| Package Base: | private-internet-access-vpn |
| Description: | Installs VPN profiles for Private Internet Access Service |
| Upstream URL: | https://www.privateinternetaccess.com/ |
| Keywords: | connman networkmanager openvpn python vpn |
| Licenses: | GPL |
| Conflicts: | xawtv |
| Submitter: | flamusdiu |
| Maintainer: | Auerhuhn |
| Last Packager: | Auerhuhn |
| Votes: | 87 |
| Popularity: | 0.33 |
| First Submitted: | 2014-08-14 01:22 (UTC) |
| Last Updated: | 2024-12-22 18:56 (UTC) |
Dependencies (10)
- openvpn (openvpn-gitAUR, openvpn-mbedtlsAUR)
- python (python37AUR, python311AUR, python310AUR)
- python-docopt
- python-setuptools
- git (git-gitAUR, git-glAUR) (make)
- python-build (make)
- python-installer (make)
- python-wheel (make)
- connman (connman-gitAUR, connman-systemd-resolvedAUR) (optional) – Enables PIA for Connman
- networkmanager (networkmanager-gitAUR, networkmanager-iwdAUR) (optional) – Enables PIA for Network Manager (needs a openvpn plugin)
Required by (0)
Sources (9)
Cavsfan commented on 2016-09-28 17:07 (UTC)
flamusdiu commented on 2016-09-28 15:12 (UTC) (edited on 2016-09-28 15:17 (UTC) by flamusdiu)
@Cavsfan: I tried 2.9 but that didn't work. It was giving me the same error. Can you post your OpenVPN config and alias, please?
Cavsfan commented on 2016-09-28 14:08 (UTC)
I initially installed private-internet-access-vpn version 2.9-2 and it worked fine using my aliases to connect through terminal and then leave that running while using it. It used port 80 by default.
It wasn't until yesterday that I upgraded private-internet-access-vpn (2.9-2 -> 3.0-2) and that's when it would no longer work.
flamusdiu commented on 2016-09-28 13:16 (UTC)
Looks like 2.9 and 2.8.2 also have the same issue =(
flamusdiu commented on 2016-09-28 12:58 (UTC)
Looks like there is something different in the OpenVPN binaries on both the Window and Android clients that allow it to work over the other ports. It doesn't seem to handshake the same way. In Windows, I couldn't even see the handshake in Wireshark. So frustrating.
flamusdiu commented on 2016-09-28 10:37 (UTC)
The only one that I would probably use is 8080 because some ISP actually speed that up. 8080 is used by some proxies and for some odd reason they do that. Other then that you probably wouldn't. My issue is why the heck does it work on my Phone with the different points but not using OpenVPN directly?
OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed => Points to a mismatched certification on that port.
I'll have to keep digging.
kleshas commented on 2016-09-28 06:29 (UTC)
Can you speak to why one would want to choose TCP/502 over UDP/1198 beyond the possible port blocking by an ISP?
flamusdiu commented on 2016-09-28 05:36 (UTC)
Well, so far only the following ports seem to work for me:
default = TCP/502, UDP/1198
strong encryption configs => TCP/501, UDP/1197
flamusdiu commented on 2016-09-28 05:12 (UTC)
For some reason the Android version allows connections over port 80, but apparently something missing for it to work here. I'll keep looking to find a solution.
flamusdiu commented on 2016-09-28 04:49 (UTC) (edited on 2016-09-28 04:50 (UTC) by flamusdiu)
Odd, let me check the ports, they should work. PIA uses different ports depending on what you need. Port 1198 is just the default. Ports 80, 8080, 443, and a few others work as well. However, strong encryption only uses 1197.
Pinned Comments
Auerhuhn commented on 2023-10-27 08:23 (UTC) (edited on 2023-10-27 08:23 (UTC) by Auerhuhn)
Note that this package provides only VPN profiles but not the vendor’s software.
The package version refers to the
python-piatool by @flamusdiu, which may lag behind the vendor’s own VPN software version.Please do not flag this package out-of-date unless @flamusdiu releases a new stable
python-piaversion.Thank you!