How to install PIA VPN on UT (Working!)
-
Great tutorial! Thanks for writing it up.
I have one question though:
@craig said in How to install PIA VPN on UT (Working!):
In a previous UT update, libertine is required to install other programs. Can't use “sudo apt-get install”. So you must install them through Libertine in your System Settings, or with the terminal:
sudo adb shell libertine-container-manager create -i vpnprogs libertine-container-manager install-package -p uuid-runtime curl network-manager-openvpn-gnome python2.7
I don't understand the reason for this step. A Libertine container is created, and certain packages are installed in it. But then the container is never referenced in any following step. It would therefore seem to me that this step could be omitted.
Am I missing something?
-
If you install Python etc. in a Libertine container, it cant be accessed from the host system. I guess thats why when I try to use the script, it fails to install the dependencies.
-
@craig In my One Plus One with UT , the OpenVPN with PIA is working natively with the UT System Configuration VPN, no need of Libertine.
If anybody is interested in the configuration, as soon as I have time I can post it. -
@arubislander @rasbeer I was pretty sure I forgot something.
My copy of pia-nm.sh is old and doctored. Look for this line:
servers=$(python2.7 <<EOF
and change it to:
servers=$(libertine-launch -i vpnprogs python2.7 <<EOF
Where "vpnprogs" is the name of your container. Also, remove these lines:
if ! dpkg -l python2.7 | grep -q '^ii'; then installpkg+=(python2.7) fi
Search through the script for any program you installed via Libertine and prefix it's execution with:
libertine-launch -i vpnprogs
@wgarcia Yeah, we're jealous. Years ago I ran the pia-nm.sh script as-is. After a certain UT upgrade I couldn't install programs from the terminal any more and had to use Libertine.
-
Here's another nice customization I made. Search for this in the pia-nm.sh script:
password-flags=1
change it to:
password-flags=0
Search for:
[ipv4] method=auto
and just below it, add this:
[vpn-secrets] password=$PASSWORD
Near the top of the script define your PIA password like so:
PASSWORD=XXXXXX
Where XXXXXX is your PIA password. Now, when you activate a VPN connection, it wont prompt you for your PIA password. You can connect faster.
-
When running the script, you may get a message that the script was not able to write to /etc/openvpn. If so, do this before you execute the script:
sudo -i sudo mount -o remount,rw / sudo chmod 777 /etc/openvpn exit
After you run the script, set permission back:
sudo chmod 755 /etc/openvpn
-
Hi Craig:
Will this procedure work for an Aquaris M10 FHD?
Thanks,
Daryl -
@daryl I'm not 100% sure if PIA's VPN script will work with that Aquarius hardware. I have installed and ran it on three: Nexus 4, Nexus 5 and Pixel3a. Here's the current incarnation of the script as I use it and instructions for how to install it.
https://www.dropbox.com/s/7g0xfiam53ytf61/pia-nm-install.txt
https://www.dropbox.com/s/dd4oj7dd2o05vv9/pia-nm.shPlease post your results and let the community know if it works with your hardware, too.
-
@craig Thanks craig. Your work is remarkable! Way over my head. I'll have a look at it anyway and see what I learn!
-
@wgarcia Hi wgarcia Yes, I'd very much like to learn the VPN configuration you described! Thanks!
-
@daryl I haven't used my PIA VPN in my Ubuntu Touch current device (Volla Phone) for a while, but I checked and it still works for one of the PIA servers. I cannot make it work for a couple other servers I tried, despite the configuration is exactly the same. I will tell you the one that works and the configuration I use, just in case it is useful for you.
I have a hidden folder in my device home folder (/home/phablet) called ".privateinternetacces" and I have decompressed there the "zip" file found in this link:
https://www.privateinternetaccess.com/openvpn/openvpn.zip
As far as I can tell, I'm not using the configuration files found there, I'm just using the following file for a certificate needed in the VPN settings configuration of my UT device:
ca.rsa.2048.crtHere is the configuration (Settings -> VPN -> add VPN), in the language of my phone, but you can easily figure out the equivalent settings in yours:
To enter the PIA user and password you first have to choose "Type of autentication -> Password". In the screenshot it shows "Certifcate (TLS)" because it changes to that after saving the configuration.
For the CA Certificate you have to browse to the above mentioned hidden folder and choose the "ca.rsa.2048.crt" file.
The last line ("Encryption") is configured as "Default". There is an extra line "Data Compression" that is checked in my configuration.
As I said, with this configuration, I'm able to connect to the PIA VPN server "de-frankfurt.privacy.network", and it works fine, but not to a couple other servers that used to work for me. I'm still investigating why I can only connect to this server.
-
@wgarcia About six years ago I installed Private Internet Access's OpenVPN script on my Ubuntu Touch device. Over time I noticed certain VPN connections stopped working. PIA had retired or changed some IP addresses for certain VPN locations.
I ran a search today and found about 4 pages on PIA's website regarding OpenVPN. Some of the pages have links to support files that no longer work.
https://helpdesk.privateinternetaccess.com/kb/openvpnThis page appears to be the most recent:
https://helpdesk.privateinternetaccess.com/kb/articles/linux-setting-up-manual-openvpn-connection-through-the-terminalThe old PIA OpenVPN script from about six years ago had a certain URL in it that allowed it to fetch the latest VPN server IP addresses from the PIA website. A few years ago, PIA began retiring those old servers and released a new Wireguard script. Inside that script, the URL where the new server IP addresses are to be fetched is now different.
This may help explain why some PIA VPN server locations don't work.
-
@craig Thanks!, indeed, I haven't used PIA VPN too much in my UT device the last couple of years, I use it mostly in my computers and TV set. As I said, I didn't check too much, but "de-frankfurt.privacy.network" is still working for me in my UT device.
-
@craig I tried now with 5 of the servers shown in the configuration files of the updated link you provide, and all work perfectly.
-
@wgarcia Hi wgarcia: thanks for this post... that I've found finally... 23 days later. I am very grateful for your work and will study it closely, try it out, and report to the group what works. I can say that the openvpn thing with PIA works on all of my raspberry pis. Not sure if thats relevant, but I thought I'd just offer it. Here on the forum just to establish that it works for something.
-
@Craig I tried the methods you recommend that are at https://helpdesk.privateinternetaccess.com/kb/articles/linux-setting-up-manual-openvpn-connection-through-the-terminal
... I ran into a problem: my phablet is a read-only file system and even if I use sudo I can't get anything downloaded or unzipped in /etc/openvpn
Can you suggest a solution, please?
Thanks, Darly
-
@Daryl You could install the UT Tweak Tool from the Open Store. Open it up, select 'System' from the top left menu, select 'Make Image Writeable' and then select the option you want on the next screen. To avoid problems don't foeget to make the system read only when you have finished. Also be aware that you may have to make the same changes after each update.
-
-
@Ian HI Ian:
I installed UT Tweek tool. There was no "System" on the left.Me so sad. This would have been a great solution.
Daryl
-
@Ian Oh. I found it after clicking on the hamburger. I'll try it out and let you know how it goes.