Pia Openvpn

Posted onby
  1. OpenVPN and Transmission with WebUI. This container contains OpenVPN and Transmission with a configuration where Transmission is running only when OpenVPN has an active tunnel. It has built in support for many popular VPN providers to make the setup easier. Before you continue. The documentation for this image is here.
  2. OpenVPN Compatible Routers Some routers support OpenVPN protocol thus allowing you to use any VPN that operates on the Open Source technology. Since PIA uses OpenVPN, this device works perfectly as a Private Internet Access router. Moreover, with this router at your disposal, you do not need to flash new firmware.
  3. Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Our service is backed by multiple gateways worldwide with access in 78+ countries, 101+ regions. Connect with us. Payment Methods.


Right-Click the OpenVPN GUI icon on your desktop, and choose Run as administrator Right-click the OpenVPN icon in the System Tray to choose a region to connect to, or to disconnect from the VPN. Enter your Username and password when prompted, and Click OK. EASY Setup Guides for Alternate Configurations (Advanced).

This post will show my setup using PIA (Private Internet Access) with OpenVPN on a Linux machine. Specifically, where only certain applications will utilize the VPN and the rest of the traffic will go out the normal ISP's default route. It will also show how to access the PIA API via a shell script, to open a forwarding port for inbound traffic. Lastly, I will show how to take all of the OpenVPN and PIA information and feed it to programs like aria2c or curl. The examples below were done on Ubuntu 16.04.


Packages and PIA Setup

OpenVPN password file

Now that we have PIA login info lets make password file so we don't have to put in a password every time we start OpenVPN. We just need to make a file with the PIA username on one line and the PIA password on the second line. So just use you favorite text editor and do this. The file should be called 'pass' and put in the '/etc/openvpn/pia' directory. The scripts that are used later depend on this file being called 'pass' and put in this specific directory. An example of what the file looks like is below.

Change permission on this file so only root can read it

OpenVPN config file

This is the OpenVPN config file that works with PIA, and that also utilizes the scripts that will be talked about further down in the page. Use your favorite editor and copy and paste this text to a file called 'pia.conf' and put in the '/etc/openvpn/pia' directory.

OpenVPN route script

This is the script that the OpenVPN client will run at the end of startup. The magic happens in this script. Without this script OpenVPN will start the client and make the default route for the box the vpn connection. If you want that then go into the pia.conf file and comment out the 'script-security 2', 'route-noexec', and 'route up ...' lines, and just fire up the client 'sudo openvpn --config /etc/openvpn/pia/pia.conf' and your done.

If you don't want the vpn to take over your default route then let's keep going. Now that you have left those lines in the pia.conf file, the following script will be run when the client starts, and it will set up a route that does not take over the default gateway, but just adds secondary vpn gateway for programs to use. Open your favorite text editor and copy in the script below into the file '/etc/openvpn/pia/openvpn-route.sh'.

Pia Openvpn Config

Now run some final commands to get the script ready to work

PIA port forward script

The following script is run by the openvpn-route.sh script. It will contact a PIA server and tell it to open a port for incoming traffic on your vpn connection. This is so people on the internet can contact your machine through the vpn connection. Just a important note that currently only a certain list of PIA gateways support port forwarding. See the PIA support article on this for more info. Now, open your favorite text editor and copy in the script below into the file '/etc/openvpn/pia/pia_port_fw.sh'.

Starting OpenVPN

Finally we can start OpenVPN to connect with PIA. To do this run the the following command. It will keep the connection in the foreground so you can watch the output.

During startup the OpenVPN client and both of the scripts we made will report on the screen data about the connection and if there were any errors. The output will look like the following example.

Pia Openvpn

Using the vpn connection

When the vpn started it dropped some files in /tmp. These files have the ip and port info we need to give to different programs when the startup. The scripts created the following files.

  • /tmp/vpnip - ip address of the vpn
  • /tmp/vpnportfw - incomming port being forwarded from the internet to the vpn
  • /tmp/vpnint - interface of the vpn

Now you can use this info when you start certain programs. Here are some examples.

Final notes and warnings

If you start any programs and don't specifically bind them to the vpn interface or its ip address their connection will go out the default interface for the machine. Please remember this setup only sends specific traffic through the vpn so things like DNS requests still go through the non-vpn default gateway.

Pia Openvpn Conf

Remember only certain PIA gateways support port forwarding so if it is not working, try another PIA gateway. As of this writing, it seems that gateways that support port forwarding are ones not in the USA, like Toronto.

Pia Openvpn Files

PIA has a Linux vpn client that you can download and use if you are into GUI's.

Related stories

Pia Openvpn Configs

If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.

  • OpenVPN Configuration Files (Recommended Default)
    OpenVPN Configuration Files (Recommended Default windows only plus block-outside-dns)
    OpenVPN Configuration Files (Strong)

  • Legacy

    Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.
    SOCKS5 Proxy Usage Guides
    proxy-nl.privateinternetaccess.com port 1080
    Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:
    After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.
    Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.

Pia Openvpn Setup

    IPv6 leak protection disables IPv6 traffic while on the VPN. This ensures that no IPv6 traffic leaks out over your normal internet connection when you are connected to the VPN. This includes 6to4 and Teredo tunneled IPv6 traffic.

Pia Openvpn Router

    The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.
    This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.
    We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to and When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
    If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.

Pia Openvpn File

    The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.
    Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.