Reccomend a VPN provider

I can no longer use my provider for years, Private Internet Access. They never supported openSuse but another user had posted a set of install instructions that worked. No longer. So can someone recommend a provider that lets me install using a bash script? I have no problems if I use a Debian based O.S.

Thanks in advance for any advice.

I just installed PIA into NetworkManager on Leap 15.2 on two machines using the instructions at https://www.privateinternetaccess.com/pages/client-support/fedora-openvpn.

One machine had a fresh installation of 15.2, and the install went correctly (except the “wget” is left out of the text in step 4; it’s in the image). The other machine has been through a number of version upgrades, and the pia-nm.sh file as-received caused an error. I edited the file to delete the Debian and ArchLinux sections, then it worked. Edited file is

#!/bin/bash
#
# Install OpenVPN profiles in NetworkManager for PIA
#

error() {
    echo $@ >&2
    exit 255
}

if  "$(whoami)" != "root" ]; then
    error "This script needs to be run as root. Try again with 'sudo $0'"
fi

pkgerror="Failed to install the required packages, aborting."

##
# Debian-based distributions
##
# RHEL-based distributions
if command -v rpm 2>&1 >/dev/null; then
    installpkg=()

    if ! rpm -q python 2>&1 >/dev/null; then
        installpkg+=(python)
    fi

    if ! rpm -q NetworkManager-openvpn 2>&1 >/dev/null; then
        installpkg+=(NetworkManager-openvpn)
    fi

    if  ! -z "$installpkg" ]; then
        if which dnf; then
            dnf install ${installpkg@]} || error "$pkgerror"
        else
            yum install ${installpkg@]} || error "$pkgerror"
        fi
    fi

##
# ArchLinux
fi
##
# Ask questions

echo -n "PIA username (pNNNNNNN): "
read pia_username

if  -z "$pia_username" ]; then
    error "Username is required, aborting."
fi


echo -n "Connection method (UDP/tcp): "
read pia_tcp

case "$pia_tcp" in
    U|u|UDP|udp|"")
        pia_tcp=no
        ;;
    T|t|TCP|tcp)
        pia_tcp=yes
        ;;
    *)
        error "Connection protocol must be UDP or TCP."
esac

echo -n "Strong encryption (Y/n): "
read pia_strong

case "$pia_strong" in
    Y|y|yes|"")
        pia_cert=ca.rsa.4096.crt
        pia_cipher=AES-256-CBC
        pia_auth=SHA256

        if  "$pia_tcp" = "yes" ]; then
            pia_port=501
        else
            pia_port=1197
        fi
        ;;

    N|n|no)
        pia_cert=ca.rsa.2048.crt
        pia_cipher=AES-128-CBC
        pia_auth=SHA1

        if  "$pia_tcp" = "yes" ]; then
            pia_port=502
        else
            pia_port=1198
        fi
        ;;
    *)
        error "Strong encryption must be on or off."
esac


##
# Download and install
test -d /etc/openvpn || mkdir /etc/openvpn
curl -sS -o "/etc/openvpn/pia-$pia_cert" \
    "https://www.privateinternetaccess.com/openvpn/$pia_cert" \
    || error "Failed to download OpenVPN CA certificate, aborting."

IFS=$(echo)
servers=$(curl -Ss "https://www.privateinternetaccess.com/vpninfo/servers?version=24" | head -1)

if  -z "$servers" ]; then
    error "Failed to download server list, aborting."
fi

rm -f "/etc/NetworkManager/system-connections/PIA - "*

servers=$(python2.7 <<EOF
import sys
import json
data = json.loads('$servers')

for k in data.keys():
    if k != "info":
        print data[k]"dns"] + ':' + data[k]"name"]
EOF
)

echo "$servers" | while read server; do
    host=$(echo "$server" | cut -d: -f1)
    name="PIA - "$(echo "$server" | cut -d: -f2)
    nmfile="/etc/NetworkManager/system-connections/$name"

    cat <<EOF > "$nmfile"
[connection]
id=$name
uuid=$(uuidgen)
type=vpn
autoconnect=false

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
username=$pia_username
comp-lzo=no
remote=$host
cipher=$pia_cipher
auth=$pia_auth
connection-type=password
password-flags=1
port=$pia_port
proto-tcp=$pia_tcp
ca=/etc/openvpn/pia-$pia_cert

[ipv4]
method=auto
EOF
    chmod 0600 "$nmfile"
done

nmcli connection reload || \
    error "Failed to reload NetworkManager connections: installation was complete, but may require a restart to be effective."

echo "Installation is complete!"

This puts all 66 PIA locations in the NM connections list. The entries are set to be for all users, without the password. I changed the few I use to be for a single user with stored password. PIA VPN connections work correctly on both machines.
Regards,

I use ProtonVPN. Just in case you are interested. It is easily installed with pip3 e.g. or curl.

Thanks for the speedy response. Installed “yum” and “dnf” and ran your script. It reported…

 :~> sudo bash vpn.bash/usr/bin/dnf
Error: There are no enabled repositories in "/etc/dnf/repos.d", "/etc/yum.repos.d", "/etc/yum/repos.d", "/etc/distro.repos.d".
Failed to install the required packages, aborting.
ion@localhost:~> 

Where do I get the repo.d files, or are they each similar to…

clientdev tun
proto udp
remote ca.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0 

Why do you prefer ProtonVPN? It’s more expensive than P.I.A. Mine is not a critical or business situation.

Many reasons but most importantly I already use ProtonMail, so it is natural that I also use their VPN service. I like the privacy aspect of it and their philosophy and it works great. The servers are in Switzerland complying with strict privacy laws. If you want to know more than just have a look at their FAQ.

I saved the edited file with its original name,

pia-nm.sh
then ran

sudo bash pia-nm.sh

in the directory where the file is. yum and dnf are not installed on this KDE system. Make sure NetworkManager-openvpn is installed, or I guess NetworkManager-openvpn-gnome if running gnome desktop. The installer must have been satisfied with python.

So far, so good.

 :~> sudo bash pia-nm.sh
PIA username (pNNNNNNN): (my username)
Connection method (UDP/tcp): UDP
Strong encryption (Y/n): n
Installation is complete! 
  > ./pia-linux-2.3.1-05354.run
Verifying archive integrity...  100%   MD5 checksums are OK. All good.
Uncompressing Private Internet Access  100%  


=================================
Private Internet Access Installer
=================================


Detected a previous systemd install - assuming systemd
There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 You can enable repos with yum-config-manager --enable <repo>

ion@localhost:> yum repolist all
repolist: 0

A few steps closer, and I do really appreciate how much time you’re spending on this. So now where do I find the repos to enable?

Do you think you might want to post your script on the P.I.A. site to aid other LEAP users who may not be using our forum? Or if you are too busy I could post it and ensure you get full credit.

When it says

Installation is complete!

it really means it. There is no need to do

  > ./pia-linux-2.3.1-05354.run

That’s for Debian-type distributions, hence the use of yum to look for repos.

A few steps closer, and I do really appreciate how much time you’re spending on this. So now where do I find the repos to enable?
At this point, the NetworkManager should contain all the PIA locations under Available connections. Click the one of your choice, provide password when asked, and it should connect. I think there was no need to restart NM or reboot, but I could be mistaken.

Success! You have no idea how much easier this was than what I had to do to connect in previous years. Creating configuration files with nano for every single server. Thank you very much!

Good idea. I’m retired, so not too busy. I’ll communicate with the PIA folks and tell them how close they are to supporting openSUSE, and try to get them to add more information.
Thanks,

Great. I agree, this is superior to adding openVPN connections for PIA to NM one location at a time.

One more naive question. How do I disconnect and change servers? When I tried that it wouldn’t disconnect until I rebooted the computer and router.

https://www.dropbox.com/s/e10n3kvd8xzrp0p/NM2s.png?dl=0With KDE, when I click on the network icon in the bottom panel, the opened window shows the active connections at top. Putting the mouse cursor on one shows a Disconnect button at the right end. Clicking that does disconnect that VPN server. Pointing at another shows a Connect button, and clicking it connects to the other server.https://www.dropbox.com/s/e10n3kvd8xzrp0p/NM2s.png?dl=1

End of story. Happy ending. Everything works now.

Several servers will no longer connect while others are no problem. One example is swiss.privateinternetaccess.com and it doesn’t look like the server ip has changed. Another is denmark.privateinternetaccess.com.

Any suggestions would be appreciated.

I see similar results. Cannot connect to Switzerland or UK London servers. Can connect to UK Manchester and Norway servers.

Perhaps a query to the PIA support site would help.
Regards,

No such problem when booting Ubuntu 20.04 or MX-19. Switzerland is connected at this moment.

How are you connecting with those? The supported PIA application from https://www.privateinternetaccess.com/installer/x/download_installer_linux works with Ubuntu, but not openSUSE. I’m using the third-party installer for NetworkManager from https://www.privateinternetaccess.com/pages/client-support/fedora-openvpn. Apparently it’s not totally compatible with all current PIA servers.

PIA states

We’re working on supporting more Linux flavors and versions
. I hope that soon includes openSUSE.