Setup a VPN Gateway Server which will use the privateinternetaccess.com (PIA) GU

1. Setup a VPN Gateway Server which will use the privateinternetaccess.com (PIA) GUI software.
2. ================================================================================================================================================================
3.  
4.  
5. Notes
6. ----------------------------------------------------------------
7. -- As of this writing on 04/20/2019, here are the software versions I am using:
8. -- PIA GUI software v1.1.1
9. -- Ubuntu Desktop 19.04
10.  
11.  
12.  
13.  
14. Rename the USB Networks interface name
15. ----------------------------------------------------------------
16.  
17. -- Here are what each network port on the VPN Gateway is suppose to connect to:
18. eth1 - WAN
19. eth2 - VPN & Firewall. This is where all client PCs/Laptops are to connect to.
20. eth3 - VPN Only. Use this if want to bypass the Firewall (Endian Firewall on my setup)
21.  
22. -- Find the example file in PIA/example_files/70-persistent-net.rules.
23. -- In that file, only modify the mac address by using the USB Network's mac address. Make sure you pair up the ethernet name (e.g. eth1, eth2) with their corresponding mac address.
24. You can find the USB Networks mac address by using the 'ifconfig' linux command and finding the mac address printed physically on the USB Network adapter.
25.  
26. -- Copy or merge the modified PIA/example_files/70-persistent-net.rules.
27. -- If the /etc/udev/rules.d/70-persistent-net.rules file exist, then merge the changes into existing file.
28. -- If the /etc/udev/rules.d/70-persistent-net.rules file does NOT exist, then just copy that file to that directory path.
29.  
30. -- Next, reboot your VPN Gateway linux machine.
31.  
32. -- Verify by using 'ifconfig' that each USB Network adapter has the correct network adapter name (e.g. eth1, eth2).
33.  
34.  
35.  
36. Install some Ubuntu packages
37. ----------------------------------------------------------------
38. -- This installs the 'ifconfig' command
39. % sudo apt-get install net-tools
40.  
41.  
42.  
43. Configure the interfaces.
44. ----------------------------------------------------------------
45.  
46. -- Save the original network interface configurations
47. % sudo /etc/network/interfaces /etc/network/interfaces_save_04-20-2019A # Change the date stamp on the destination filename to todays date.
48.  
49. -- Modify the example interface config file
50. % vi PIA/example_files/interfaces.txt
51. # Temporarily comment out any 'pre-up' of 'post-down' commands.
52.  
53.  
54. -- Copy the modified interface config file to the real one.
55. % sudo PIA/example_files/interfaces.txt /etc/network/interfaces
56.  
57. -- Next, reboot your VPN Gateway linux machine.
58.  
59. -- Verify by using 'ifconfig' that the interfaces have the correct IP addresses:
60. -- Check that eth1 (WAN) has a WAN IP address. It should not have a 192.168.*.* address. You can use a web tool to determine the origin of that IP address (e.g. it comes from your ISP like Comcast).
61. This interface will request a DHCP IP from your ISP (e.g. Comcast). It does not use the VPN Gateways DNS server.
62. -- Check that eth2 (VPN & Firewall) has the correct IP address. On my setup, this should be 192.168.3.*.
63. -- Check that eth2 (VPN only) has the correct IP address. On my setup, this should be 192.168.101.*.
64.  
65.  
66.  
67. Install Ubuntu packages
68. ----------------------------------------------------------------
69. % sudo apt-get update
70. % sudo apt-get -y install openvpn network-manager-openvpn network-manager-openvpn-gnome
71.  
72.  
73.  
74. Setup PIA software
75. ----------------------------------------------------------------
76. -- Download the PIA software from the privateinternetaccess.com site. Download the Linux version since it will be installed on Ubuntu.
77. -- Install it
78. % chmod +x pia-linux-1.1.1-02545.run
79. % ./pia-linux-1.1.1-02545.run
80. # Do NOT use the 'sudo' command here to run this file.
81.  
82. -- Use the PIA GUI to configure VPN
83. -- After installing, the PIA GUI will appear. Use this to configure the VPN.
84.  
85.  
86.  
87. Set up iptables to use VPN.
88. ----------------------------------------------------------------
89.  
90. % vi PIA/scripts/script_setup_iptables_vpn.sh
91. # Modify the interface values (e.g. INTF_LAN, and etc) as needed.
92.  
93. % sudo chmod +x PIA/scripts/script_setup_iptables_vpn.sh
94.  
95. % sudo PIA/scripts/script_setup_iptables_vpn.sh
96. # Must use the 'sudo' command here.
97.  
98. -- Verify these files were recently created:
99. /etc/iptables.downrules
100. /etc/iptables.rules
101.  
102.  
103. -- Modify the example interface config file to re-enable the 'pre-up' of 'post-down' commands.
104.  
105. % sudo vi /etc/network/interfaces
106. # Uncomment out any 'pre-up' of 'post-down' commands.
107.  
108.  
109. Recommended PIA VPN configuration
110. ----------------------------------------------------------------
111. -- In Settings/General:
112. -- Enable 'Launch on System Startup'.
113. -- Enable 'Connect on Launch'.
114.  
115. -- In Settings/Network:
116. -- Use the 'PIA DNS'. This will allow web access from the VPN Gateway and the client.
117.  
118. -- In Settings/Privacy:
119. -- Set 'VPN Killswtich' to 'Auto'.
120. -- Set the 'PIA Mace' to 'On'.
121.  
122. -- In Settings/Connection:
123. -- Set 'Data Encryption' to 'AES-256 (CBC)'.
124. -- Set 'Data Authentication' to 'SHA256'.
125.  
126. # These assures the best encryption/authentication strength.
127.  
128. -- After making changes, you must disconnect and then reconnect to apply the changes.
129.  
130.  
131.  
132. VPN Gateway server should auto login at boot time so PIA GUI can start up.
133. ----------------------------------------------------------------
134. 1) You will need the Ubuntu VPN Server to automatically login at boot up time so that the
135. PIA VPN GUI can start up.
136. -- In Ubuntu, select:
137. System Settings > Details > Users > (select username)
138. Click on the Unlock icon at top menu bar.
139. Enable the 'Automatic Login'.
140.  
141.  
142.  
143. Test the PIA VPN connection
144. ----------------------------------------------------------------
145. -- Reboot the VPN Gateway.
146. -- From the VPN Gateway server, ping 8.8.8.8, it should pass. Open a web server to yahoo.com, it should pass.
147. -- From a client, ping 8.8.8.8, it should pass. Open a web browser to yahoo.com, it should pass.
148. -- From a client, use myip.com to find your client's IP address. It should be different than the VPN Gateway server's eth1 WAN IP address. Also, this IP should match the 'VPN IP' displayed by the PIA GUI.
149.  
150.  
151.  
152. Notes
153. ----------------------------------------------------------------
154. -- Restart Networking services in Ubuntu 19.04:
155. % sudo service network-manager restart
156.  
157. % sudo systemctl restart NetworkManager.service
158.  
159. % sudo netplan apply
160.  
161. -- The scripts:
162. # When running these, remember to use the 'sudo' command.
163.  
164. -- script_pia_tunnel.sh
165. It is used to allow Cisco Anyconnect to work with this VPN Gateway.
166.  
167. -- script_setup_iptables_open.sh
168. Disables allow of the iptables so both VPN Gateway and clients can use the internet. However, you are NOT protected in this mode.
169.  
170. -- script_setup_iptables_vpn.sh
171. This is used when using PIA VPN GUI software. This is the default way of using the VPN Gateway.
172.  
173. -- script_setup_iptables_vpn_port_forwarding.sh
174. This is used when using port forwarding with PIA VPN GUI software.