On 06/15/2017 11:02 PM, Chris Laprise wrote:
On 06/15/2017 08:15 PM, Steven Walker wrote:
Can anyone give me any feedback on how to setup privateinternetaccess
on qubes. I wrote to pia, and they didn't really give me much help on
how to set this up.
Any help greatly appreciated.
Thanks,
Steve
You want to first download the openvpn config from pia's
Download/Support page:
Choose Advanced OpenVPN SSL Usage Guides, then OpenVPN Configuration
Files... 'default' or 'strong'.
Then follow the Qubes doc "iptables and CLI" instructions here:
https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts
BTW, I noticed there is an "easy" way to setup Network Manager
connections from pia, if NM is what you prefer. Their "Advanced OpenVPN
Ubuntu" instructions have a script that adds VPN connections to Network
Manager. You can run this 'pia-nm.sh' script in a Qubes proxyVM *each*
time you start it.
To make the settings work permanently, you could copy
/etc/openvpn/pia*crt to /rw/config, then go into
/rw/config/NM-connections and edit the PIA files you intend to use and
change the path for the "ca " entry from /etc/openvpn to /rw/config.
Another way to make it permanent is to setup bind-dirs for /etc/openvpn.
Finally, you can protect against leaks by adding these lines to
/rw/config/qubes-firewall-user-script (and make it executable):
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -i eth0 -j DROP
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d6613155-eca3-52c3-8c28-86b320fa61cb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
