Package Details: private-internet-access-vpn 3.4-4

Git Clone URL: https://aur.archlinux.org/private-internet-access-vpn.git (read-only, click to copy)
Package Base: private-internet-access-vpn
Description: Installs VPN profiles for Private Internet Access Service
Upstream URL: https://www.privateinternetaccess.com/
Keywords: connman networkmanager openvpn python vpn
Licenses: GPL
Conflicts: xawtv
Submitter: flamusdiu
Maintainer: Auerhuhn
Last Packager: Auerhuhn
Votes: 87
Popularity: 0.41
First Submitted: 2014-08-14 01:22 (UTC)
Last Updated: 2024-12-22 18:56 (UTC)

Pinned Comments

Auerhuhn commented on 2023-10-27 08:23 (UTC) (edited on 2023-10-27 08:23 (UTC) by Auerhuhn)

Note that this package provides only VPN profiles but not the vendor’s software.

The package version refers to the python-pia tool by @flamusdiu, which may lag behind the vendor’s own VPN software version.

Please do not flag this package out-of-date unless @flamusdiu releases a new stable python-pia version.

Thank you!

Latest Comments

« First ‹ Previous 1 .. 29 30 31 32 33 34 35 36 37 38 39 .. 48 Next › Last »

flamusdiu commented on 2016-07-13 02:21 (UTC) (edited on 2016-07-13 02:21 (UTC) by flamusdiu)

New "normal" vs Old "normal" configuration: --- /etc/openvpn/Brazil.conf 2016-06-19 21:43:33.000000000 -0400 +++ Brazil.ovpn 2016-07-08 16:21:41.000000000 -0400 @@ -1,22 +1,18 @@ client dev tun proto udp -remote brazil.privateinternetaccess.com 1194 +remote brazil.privateinternetaccess.com 1198 resolv-retry infinite nobind persist-key persist-tun -ca /etc/openvpn/ca.crt +cipher aes-128-cbc +auth sha1 tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify /etc/openvpn/crl.pem - - -auth-nocache -script-security 2 -up /etc/openvpn/update-resolv-conf.sh -down /etc/openvpn/update-resolv-conf.sh +crl-verify crl.rsa.2048.pem +ca ca.rsa.2048.crt

flamusdiu commented on 2016-07-13 02:19 (UTC)

LOL, cryzed Well, it's still broken. Looks like they changed the configuration for the "normal" zip too. (sigh) Too tired to figure it out tonight. I guess I'll have to fix it tomorrow and patch python-pia as well.

cryzed commented on 2016-07-13 02:16 (UTC)

@flamusdiu, > I just updated the normal openvpn.zip. So, this is not broken. What do you mean by that? I still get the same error mentioned in the earlier comment (even after updating), and I don't seem to be the only one. So far only nigeil's workaround seems to do the trick for me.

flamusdiu commented on 2016-07-13 01:27 (UTC)

Here's a diff between "normal" and "strong": --- Brazil.ovpn 2016-07-08 16:21:41.000000000 -0400 +++ /etc/openvpn/Brazil.conf 2016-06-19 21:43:33.000000000 -0400 @@ -1,18 +1,22 @@ client dev tun proto udp -remote brazil.privateinternetaccess.com 1197 +remote brazil.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun -cipher aes-256-cbc -auth sha256 +ca /etc/openvpn/ca.crt tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 -crl-verify crl.rsa.4096.pem -ca ca.rsa.4096.crt +crl-verify /etc/openvpn/crl.pem + + +auth-nocache +script-security 2 +up /etc/openvpn/update-resolv-conf.sh +down /etc/openvpn/update-resolv-conf.sh

flamusdiu commented on 2016-07-13 01:17 (UTC)

I just updated the normal openvpn.zip. So, this is not broken. Let me take a look at the new "strong" zip and see what I an do with that.

vise890 commented on 2016-07-12 20:57 (UTC) (edited on 2016-07-12 21:15 (UTC) by vise890)

I can still connect through `openvpn` from the cli after the changes suggested by @nigeil (thanks!), but still no luck with NetworkManager. I've opened an issue on https://github.com/flamusdiu/python-pia/issues/9 EDIT: it's now working, it needs `cipher=AES-128-CBC` as well....

cryzed commented on 2016-07-12 11:51 (UTC)

@nigeil, thank you! This is very much appreciated!

nigeil commented on 2016-07-12 04:44 (UTC)

I've done some fiddling with the openvpn-strong.zip files that PIA also provides, but to no avail. However, using the regular (new) certificates and keys and switching to TCP on port 502: proto tcp remote us-east.privateinternetaccess.com 502 DOES seem to work! I've opened a support ticket with PIA, and will report back with what I learn. I think this is a certificate issue on their end; see http://serverfault.com/questions/348967/openvpn-self-signed-certificate-in-chain

cryzed commented on 2016-07-12 01:40 (UTC) (edited on 2016-07-12 02:25 (UTC) by cryzed)

The changed openvpn.zip is very likely related to this: http://i.imgur.com/34OWqSk.png. I bit the bullet and manually updated the pkgsums and installed it, unfortunately connection the VPN now fails with the error: https://gist.github.com/anonymous/4828be19ed622abad2cba721a073cabe. So does this mean that the certificate file shipped with the openvpn.zip doesn't match the certificate on the server, or is the problem that it is actually a self-signed (by PIA)? If so, shouldn't the shipped configuration files allow this? I'm confused. Doesn't look good. Does anyone by any chance have the old openvpn.zip lying around?

pyroclast commented on 2016-07-10 22:46 (UTC) (edited on 2016-07-11 01:15 (UTC) by pyroclast)

Looks like checksums are out of date again ==> Validating source files with sha256sums... openvpn.zip ... FAILED login-example.conf ... Passed pia-example.conf ... Passed restart.conf ... Passed vpn.sh ... Passed pia.8.gz ... Passed hook.install ... Passed hook.remove ... Passed python-pia ... Skipped openvpn-update-resolv-conf ... Skipped update-resolv-conf.patch ... Passed ==> ERROR: One or more files did not pass the validity check! :: failed to verify private-internet-access-vpn integrity

« First ‹ Previous 1 .. 29 30 31 32 33 34 35 36 37 38 39 .. 48 Next › Last »