How to install PIA VPN on UT (Working!)
-
If you have been using Private Internet Access (PIA) as your VPN service on with Ubuntu Touch with their OpenVPN scripts, you may have noticed they started phasing their old servers out last year and only one was available this year until about the end of February.
https://www.privateinternetaccess.com/pages/client-support/ubuntu-openvpnAfter days of troubleshooting I figured out how to get it to work again and would like to share it with the UT community.
PIA has this shinny new application for your Ubuntu desktop. And it works fine. They also offer new VPN scripts designed for linux:
https://www.privateinternetaccess.com/helpdesk/kb/articles/manual-connection-and-port-forwarding-scripts
But the new scripts don't work on UT. One reason is the version of curl available on UT is older. Another reason is write permission problems as their newer scripts don't anticipate ARM architecture. Another reason is how we have to prefix all calls of Libertine installed programs in their script with libertine, which is a pain.Here's how to install and get PIA VPN service working on your UT phone. Specifically, I'm using Nexus 4.
-
Follow their old instructions (loosely) using their older pia-nm.sh script.
https://www.privateinternetaccess.com/pages/client-support/ubuntu-openvpn -
In a previous UT update, libertine is required to install other programs. Can't use “sudo apt-get install”. So you must install them through Libertine in your System Settings, or with the terminal:
sudo adb shell libertine-container-manager create -i vpnprogs libertine-container-manager install-package -p uuid-runtime curl network-manager-openvpn-gnome python2.7- Run the pia-nm.sh script.
sudo bash pia-nm.shIt will install the VPN files at: /etc/NetworkManager/system-connections
- Next, we need to change the IP addresses in the system-connection files. The newer scripts have this URL embedded with the new server IP addresses: https://serverlist.piaservers.net/vpninfo/servers/v4
Locate a server at the above URL, for example, after “California”. You will find:
{"ovpnudp": [{"ip": "143.244.50.86",This is their IP address for a UDP connection.
- Last, edit your VPN system connection files like so:
cd /etc/NetworkManager/system-connections sudo nano 'PIA - US California (client update needed)'Change this line:
remote=us-california.privateinternetaccess.com
to:
remote=143.244.50.86
Repeat for a couple other connections if you like.
Delete any unused VPN files from system-connections that you wont be using.- Reboot your phone, and you should see the VPN connections listed and they should work. I'm sure I forgot something. If you have a question, let me know.
-
-
For all those who use PIA (not me), it's nice to share this tutorial.
A request is on the OTA-17 program could make things easier for all VPN VPN - ability to import an ovpn file
A VPN indicator in the indicator bar is also totally indispensable for UT. Hopefully this can also be installed.
-
Great tutorial! Thanks for writing it up.
I have one question though:
@craig said in How to install PIA VPN on UT (Working!):
In a previous UT update, libertine is required to install other programs. Can't use “sudo apt-get install”. So you must install them through Libertine in your System Settings, or with the terminal:
sudo adb shell libertine-container-manager create -i vpnprogs libertine-container-manager install-package -p uuid-runtime curl network-manager-openvpn-gnome python2.7I don't understand the reason for this step. A Libertine container is created, and certain packages are installed in it. But then the container is never referenced in any following step. It would therefore seem to me that this step could be omitted.
Am I missing something?
🇦🇼 🇳🇱 🇺🇸 🇪🇸
Happily running Ubuntu Touch
Google Pixel 3a (20.04 DEV)
JingPad (20.04 DEV)
Meizu Pro 5 (16.04 DEV) -
If you install Python etc. in a Libertine container, it cant be accessed from the host system. I guess thats why when I try to use the script, it fails to install the dependencies.
-
@craig In my One Plus One with UT , the OpenVPN with PIA is working natively with the UT System Configuration VPN, no need of Libertine.
If anybody is interested in the configuration, as soon as I have time I can post it. -
@arubislander @rasbeer I was pretty sure I forgot something.
My copy of pia-nm.sh is old and doctored. Look for this line:
servers=$(python2.7 <<EOFand change it to:
servers=$(libertine-launch -i vpnprogs python2.7 <<EOFWhere "vpnprogs" is the name of your container. Also, remove these lines:
if ! dpkg -l python2.7 | grep -q '^ii'; then installpkg+=(python2.7) fiSearch through the script for any program you installed via Libertine and prefix it's execution with:
libertine-launch -i vpnprogs@wgarcia Yeah, we're jealous. Years ago I ran the pia-nm.sh script as-is. After a certain UT upgrade I couldn't install programs from the terminal any more and had to use Libertine.
-
Here's another nice customization I made. Search for this in the pia-nm.sh script:
password-flags=1change it to:
password-flags=0Search for:
[ipv4] method=autoand just below it, add this:
[vpn-secrets] password=$PASSWORDNear the top of the script define your PIA password like so:
PASSWORD=XXXXXXWhere XXXXXX is your PIA password. Now, when you activate a VPN connection, it wont prompt you for your PIA password. You can connect faster.
-
When running the script, you may get a message that the script was not able to write to /etc/openvpn. If so, do this before you execute the script:
sudo -i sudo mount -o remount,rw / sudo chmod 777 /etc/openvpn exitAfter you run the script, set permission back:
sudo chmod 755 /etc/openvpn -
Hi Craig:
Will this procedure work for an Aquaris M10 FHD?
Thanks,
Daryl -
@daryl I'm not 100% sure if PIA's VPN script will work with that Aquarius hardware. I have installed and ran it on three: Nexus 4, Nexus 5 and Pixel3a. Here's the current incarnation of the script as I use it and instructions for how to install it.
https://www.dropbox.com/s/7g0xfiam53ytf61/pia-nm-install.txt
https://www.dropbox.com/s/dd4oj7dd2o05vv9/pia-nm.shPlease post your results and let the community know if it works with your hardware, too.
-
@craig Thanks craig. Your work is remarkable! Way over my head. I'll have a look at it anyway and see what I learn!
-
@wgarcia Hi wgarcia Yes, I'd very much like to learn the VPN configuration you described! Thanks!
-
@daryl I haven't used my PIA VPN in my Ubuntu Touch current device (Volla Phone) for a while, but I checked and it still works for one of the PIA servers. I cannot make it work for a couple other servers I tried, despite the configuration is exactly the same. I will tell you the one that works and the configuration I use, just in case it is useful for you.
I have a hidden folder in my device home folder (/home/phablet) called ".privateinternetacces" and I have decompressed there the "zip" file found in this link:
https://www.privateinternetaccess.com/openvpn/openvpn.zip
As far as I can tell, I'm not using the configuration files found there, I'm just using the following file for a certificate needed in the VPN settings configuration of my UT device:
ca.rsa.2048.crtHere is the configuration (Settings -> VPN -> add VPN), in the language of my phone, but you can easily figure out the equivalent settings in yours:
To enter the PIA user and password you first have to choose "Type of autentication -> Password". In the screenshot it shows "Certifcate (TLS)" because it changes to that after saving the configuration.
For the CA Certificate you have to browse to the above mentioned hidden folder and choose the "ca.rsa.2048.crt" file.
The last line ("Encryption") is configured as "Default". There is an extra line "Data Compression" that is checked in my configuration.
As I said, with this configuration, I'm able to connect to the PIA VPN server "de-frankfurt.privacy.network", and it works fine, but not to a couple other servers that used to work for me. I'm still investigating why I can only connect to this server.
-
@wgarcia About six years ago I installed Private Internet Access's OpenVPN script on my Ubuntu Touch device. Over time I noticed certain VPN connections stopped working. PIA had retired or changed some IP addresses for certain VPN locations.
I ran a search today and found about 4 pages on PIA's website regarding OpenVPN. Some of the pages have links to support files that no longer work.
https://helpdesk.privateinternetaccess.com/kb/openvpnThis page appears to be the most recent:
https://helpdesk.privateinternetaccess.com/kb/articles/linux-setting-up-manual-openvpn-connection-through-the-terminalThe old PIA OpenVPN script from about six years ago had a certain URL in it that allowed it to fetch the latest VPN server IP addresses from the PIA website. A few years ago, PIA began retiring those old servers and released a new Wireguard script. Inside that script, the URL where the new server IP addresses are to be fetched is now different.
This may help explain why some PIA VPN server locations don't work.
-
@craig Thanks!, indeed, I haven't used PIA VPN too much in my UT device the last couple of years, I use it mostly in my computers and TV set. As I said, I didn't check too much, but "de-frankfurt.privacy.network" is still working for me in my UT device.
-
@craig I tried now with 5 of the servers shown in the configuration files of the updated link you provide, and all work perfectly.
-
@wgarcia Hi wgarcia: thanks for this post... that I've found finally... 23 days later. I am very grateful for your work and will study it closely, try it out, and report to the group what works. I can say that the openvpn thing with PIA works on all of my raspberry pis. Not sure if thats relevant, but I thought I'd just offer it. Here on the forum just to establish that it works for something.
-
@Craig I tried the methods you recommend that are at https://helpdesk.privateinternetaccess.com/kb/articles/linux-setting-up-manual-openvpn-connection-through-the-terminal
... I ran into a problem: my phablet is a read-only file system and even if I use sudo I can't get anything downloaded or unzipped in /etc/openvpn
Can you suggest a solution, please?
Thanks, Darly
DP
-
@Daryl You could install the UT Tweak Tool from the Open Store. Open it up, select 'System' from the top left menu, select 'Make Image Writeable' and then select the option you want on the next screen. To avoid problems don't foeget to make the system read only when you have finished. Also be aware that you may have to make the same changes after each update.
-
