OpenVPN Step-by-Step Setups for various Debian based Linux OSs (with videos) - Ubuntu/Mint/Debian...
Updated for AES-128 ( AES-256 steps still pending )
OpenVPN Setup on Debian and Debian based Linux Distributions
=============================================
Tested on...
- Linux Mint 17.2 "Rafaela" - MATE (64-bit)
- Linux Mint 17.2 "Rafaela" - Cinnamon (64-bit)
- Linux Mint 17.1 "Rebecca" - Cinnamon (64-bit)
- Linux Mint 17 "Qiana" - Xfce (64-bit)
- Ubuntu 15.04 "Vivid Vervet" (64-bit)
- Ubuntu 14.04.2 LTS (Trusty Tahr) (64-bit)
- Ubuntu 12.04.5 LTS "Precise Pangolin" (64-bit)
- elementary OS (64-bit)
- Lubuntu 15.04 Vivid Vervet (64-bit)
- Kali Linux Version 1.1.0a (64-bit)
- CrunchBang Plus Plus (64-bit)
- CrunchBang 11 (32-bit)
For Manjaro Linux Setup - click here
For pfSense aes128 Setup - click here
For pfSense aes256 Setup - click here
(Videos are at the end...)
Instructions
Setting up OpenVPN on Debian and Debian based Linux Distributions
=============================================
Color Key
=============================================
Things highlighted in yellow are commands to be executed in the terminal
Things highlighted in blue are to be clicked
Things highlighted in green are to be typed
Things highlighted in violet are to be pressed on the keyboard
Things highlighted in grey are showing output
Make sure your package list is up to date
=============================================
Open Terminal and update apt-get
sudo apt-get update
- then press [enter]
Install network-manager-openvpn and its dependencies
=============================================
sudo apt-get install network-manager-openvpn network-manager network-manager-gnome network-manager-openvpn-gnome
- then press [enter]
*{For Debian and Kali only}
Enabling Interface Management
sudo nano /etc/NetworkManager/NetworkManager.conf
- then press [enter]
- edit the line "managed=false" to be...
"managed=true"
- Save the file and exit by...
- Press "Ctrl+x"
- then press "y"
- then press the [Enter] key
Reboot the computer now!
* After rebooting the computer continue with the following steps...
Make a directory and download the crt and pem files
=============================================
In Terminal - Make a directory to store the setup files
mkdir ~/OpenVPN-setup-PIA
- then press [enter]
Move into that directory
cd ~/OpenVPN-setup-PIA
- then press [enter]
Download the openvpn.zip from privateinternetaccess.com with...
wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
- then press [enter]
Extract the files from the zip with...
unzip openvpn.zip
- then press [enter]
You can now exit the terminal with...
exit
- then press [enter]
Import the PIA OpenVPN config file
=============================================
- Right click the Network Manager on the menu bar
- and click "Edit Connections..."
- then click "Add"
- choose "Import a saved VPN configuration..." for the connection type from the drop down menu
- then click "Create..."
- double click to go into "OpenVPN-setup-PIA" folder
- choose which server you would like to setup and connect to
- then click "Open"
- Remove only the ":1198" from the "Gateway:" ( if present ) as only the domain name should be in this box
- for the "User name:" type in your "p1234567" username
- for the "Password:" type in the password that goes with your "p-xxxxx" username
- Then click "Advanced..."
- Check "Use custom gateway port:" and set it to "1198"
- Click on the "Security" tab
- Set the "Cipher:" to "AES-128-CBC"
- Set the "HMAC Authentication:" to "SHA-1"
- Click "OK"
- Click "Save"
Reboot the computer now! (optional but recommended )
Now connect to the VPN
=============================================
- Now Left click the Network Manager on the menu bar
- click "VPN Connections"
- click Ex. "Mexico" {This will be the name of the server you chose to setup}
- wait for it to connect
- Test by opening your Internet browser and going to...
https://www.privateinternetaccess.com/pages/whats-my-ip/
https://ipleak.net/
Enjoy!
To donate, please scan the QR code to the left or send bitcoins to the following address:
17ioPjLoCLDsUKwNpGV9dGtnLmpM8ioyUn
(optional manual OpenVPN config)
Now Configure Network Manager (Manual config)
=============================================
- Right click the Network Manager on the menu bar
- and click "Edit Connections..."
- then click "Add" (...or if you see and "VPN" tab click it then click "Add")
- choose "OpenVPN" for the connection type from the drop down menu
- then click "Create..."
- for the "Connection name:" type in "Private Internet Access VPN"
- for the "Gateway:" type in "us-west.privateinternetaccess.com" or...
- whatever Hostname you would like to use from...
https://www.privateinternetaccess.com/pages/network/
- Ex. "brazil.privateinternetaccess.com"
- Ex. "mexico.privateinternetaccess.com"
- for the "Type:" select "Password" from the dropdown menu
- for the "User name:" type in your "p1234567" username
- for the "Password:" type in the password that goes with your "p-xxxxx" username
- for the "CA Certificate:" browse and select the CA Certificate from ~/OpenVPN-setup-PIA folder
- now click on "Advanced..."
- Check "Use custom gateway port:" and set it to "1198"
- Put a check in "Use LZO compression"
- Click on the "Security" tab
- Set the "Cipher:" to "AES-128-CBC"
- Set the "HMAC Authentication:" to "SHA-1"
- Click "OK"
- Click "Save"
- You may get asked to save a keyring password (you can leave this blank)
Reboot the computer now! (optional but recommended )
Now connect to the VPN
=============================================
- Now Left click the Network Manager on the menu bar
- click "VPN Connections"
- click "Private Internet Access"
- wait for it to connect
- Test by opening your Internet browser and going to...
https://ipleak.net/
Enjoy!
To donate, please scan the QR code to the left or send bitcoins to the following address:
17ioPjLoCLDsUKwNpGV9dGtnLmpM8ioyUn
Videos...
...showing the following steps being done in each Linux distribution
=============================================
- Linux Mint 17.2 "Rafaela" - MATE (64-bit)
- linuxmint-17.2-mate-64bit.iso
- http://youtu.be/de7G0Dl1a5c
- Linux Mint 17.2 "Rafaela" - Cinnamon (64-bit)
- linuxmint-17.2-cinnamon-64bit.iso
- http://youtu.be/w1mNMX07KM4
- Linux Mint 17.1 "Rebecca" - Cinnamon (64-bit)
- linuxmint-17.1-cinnamon-64bit.iso
- (video to come)
- Linux Mint 17 "Qiana" - Xfce (64-bit)
- linuxmint-17-xfce-dvd-64bit.iso
- http://youtu.be/p_fJ2yPDjog
- Ubuntu 15.04 "Vivid Vervet" (64-bit)
- ubuntu-15.04-desktop-amd64.iso
- http://youtu.be/xkvePC4spxw
- Ubuntu 14.04.2 LTS (Trusty Tahr) (64-bit)
- ubuntu-14.04.2-desktop-amd64.iso
- http://youtu.be/_FFWhvhNeUk
- Ubuntu 12.04.5 LTS "Precise Pangolin" (64-bit)
- ubuntu-12.04.5-desktop-amd64.iso
- http://youtu.be/zj1SoSImaxo
- elementary OS (64-bit)
- elementaryos-freya-amd64.20150411.iso
- http://youtu.be/I7XN0xNQazI
- Lubuntu 15.04 Vivid Vervet (64-bit)
- https://youtu.be/g6SQ7_JJD_s
- Kali Linux Version 1.1.0a (64-bit)
- [sudo not needed as Kali runs root default]
- http://youtu.be/rS1DR_XjMVI
- CrunchBang Plus Plus (64-bit)
- cbpp-1.0-amd64-20150428.iso
- http://youtu.be/l2iXykirRUk
- CrunchBang 11 (32-bit)
- (video to come)
Enjoy!
Comments
Ubuntu 15.04 "Vivid Vervet" (64-bit)
Ubuntu 14.04.2 LTS (Trusty Tahr) (64-bit)
Ubuntu 12.04.5 LTS "Precise Pangolin" (64-bit)
Enjoy!
One question I have is - do you know if we can change the encryption settings or if the default encryption is good? I've tried to change to AES-128 but it can't connect...
Thanks
For 128 bit AES you use port 1196 instead of the default of 1194.
Do you have any thoughts on the best setup? Also, do you have any idea on how to open PIA through a SSH tunnel?
Linux Mint 17.2 "Rafaela" - Cinnamon (64-bit)
Enjoy!
elementary OS (64-bit)
Enjoy!
"http://ipv6leak.com/"?
**Update, I tried the (IP-TCP) IPV6 still leaks.**
What OS / Distro are you using?
Anyone else want to chime in?
Suggestions?
sudo apt-get install network-manager-openvpn network-manager network-manager-gnome network-manager-openvpn-gnome
If so what was the output?
Also, can you post a screen cap of the network manager you do have?
[email protected] ~ $ sudo /etc/init.d/network-manager restart
sudo: /etc/init.d/network-manager: command not found
I got a "command not found" error. I also do not find a "network manager" anywhere.
Restart the network manager with...
sudo /etc/init.d/network-manager restart
- then press [enter]
...or you can simply reboot the computer now (recommended)
This is what is wrong with your directions; the assume a level of understanding that a person that needs them does not have. This is what is wrong with you also, and linux users in general and is the primary reason why linux does not have the widespread adoption that it should have. People that use linux regularly are very poor at communication, and do not have the ability to anticipate the level of awareness of a normal, non-full on linux geek. Rainman thinks EVERYONE can count 6 decks of cards at the Blackjack table. That makes him the oddball and everyone else normal. Linux people need to learn how to communicate with normal people and deliver information in a way that is useful and does not exist (at least in part) to serve as some kind of "right of passage" hurdle that the intellectually deviant and passive aggressive Linux users use to feel good about other people's difficulties when learning something new.
sudo dnf install NetworkManager-openvpn-gnome
Reboot
When importing via OpenVPN file you will need to manually select the certificate in /etc/openvpn. Otherwise it is going to try to use the one in the same folder the OpenVPN file was in.
Odd that I have to do the password for each host I use but that's not your fault - I assume this is a Ubuntu/Network Manager issue. So far I only use a couple of hosts so not really a big deal.
Thanks again for all your hard work!
[sudo] password for john:
Reading package lists... Done
Building dependency tree
Reading state information... Done
network-manager is already the newest version.
network-manager set to manually installed.
network-manager-gnome is already the newest version.
network-manager-gnome set to manually installed.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
network-manager-openvpn : Depends: openvpn (>= 2.1~rc9) but it is not installable
E: Unable to correct problems, you have held broken packages.
[email protected]:~$
Im thinking that its trying to download older versions than what i currently have? I get the same error either in terminal or software center. ive been trying to fix the broken packages in synaptic package manager but am unable to fix the issues. It seems as if none of the needed dependencies are available to me. any help you may be able to give would be greatly appriciated. If you need more information please let me know what it is you need. I am new to linux so i dont know my way around very well but i will do my best to help you help me. thank you~
====================================
- Open a terminal window and do the following steps to install and connect to PIA VPN via OpenVPN
- Install OpenVPN with the following command
sudo apt-get install openvpn
- Change to the /etc/openvpn directory with the following command
cd /etc/openvpn
- Download the openvpn.zip file containing the configs and the certs with the following command
sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
- Install unzip to decompress the file with the following command
sudo apt-get install unzip
- Decompress the openvpn.zip file with the following command
sudo unzip openvpn.zip
- List the contents of the directory (see a list of the server config files) with the following command
ls -l
- Start a connection to the PIA VPN with openvpn and the chosen config file with the following command
sudo openvpn "config-filename-goes-here.ovpn"
Example:
sudo openvpn "Sweden.ovpn"
---
After you do the above steps once please follow the next steps to connect when you want to.
How to connect to PIA VPN via OpenVPN within a terminal window
========================================================
- Open a terminal window and do the following steps to connect to PIA VPN via OpenVPN
- Change to the /etc/openvpn directory with the following command
cd /etc/openvpn
- List the contents of the directory (see a list of the server config files) with the following command
ls -l
- Start a connection to the PIA VPN with openvpn and the chosen config file with the following command
sudo openvpn "config-filename-goes-here.ovpn"
Example:
sudo openvpn "Sweden.ovpn"
I am trying to run PIA on Kubuntu 15.10 with the exact same results as you. I've tried using the PIA installer which has an error in it, so I tried these step by step instructions which also has DNS leaks.
I hope a fix is available otherwise I have to cancel my subscription here.
e1705 ~ $ sudo apt-get update
[sudo] password for delv:
Hit http://ppa.launchpad.net trusty InRelease
Ign http://ppa.launchpad.net trusty InRelease
Ign http://packages.linuxmint.com rafaela InRelease
Hit http://ppa.launchpad.net trusty/main Sources
Hit http://packages.linuxmint.com rafaela Release.gpg
Hit http://ppa.launchpad.net trusty/main i386 Packages
Hit http://ppa.launchpad.net trusty/main Translation-en
Hit http://ppa.launchpad.net trusty Release.gpg
Hit http://packages.linuxmint.com rafaela Release
Hit http://ppa.launchpad.net trusty Release
Hit http://ppa.launchpad.net trusty/main Sources
Hit http://ppa.launchpad.net trusty/main i386 Packages
Hit http://packages.linuxmint.com rafaela/main i386 Packages
Hit http://ppa.launchpad.net trusty/main Translation-en
Hit http://packages.linuxmint.com rafaela/upstream i386 Packages
Hit http://packages.linuxmint.com rafaela/import i386 Packages
Ign http://extra.linuxmint.com rafaela InRelease
Get:1 http://security.ubuntu.com trusty-security InRelease [64.4 kB]
Hit http://extra.linuxmint.com rafaela Release.gpg
Ign http://archive.canonical.com trusty InRelease
Ign http://archive.ubuntu.com trusty InRelease
Hit http://extra.linuxmint.com rafaela Release
Hit http://archive.canonical.com trusty Release.gpg
Get:2 http://archive.ubuntu.com trusty-updates InRelease [64.4 kB]
Get:3 http://security.ubuntu.com trusty-security/main i386 Packages [351 kB]
Hit http://archive.canonical.com trusty Release
Hit http://extra.linuxmint.com rafaela/main i386 Packages
Hit http://archive.canonical.com trusty/partner i386 Packages
Get:4 http://security.ubuntu.com trusty-security/restricted i386 Packages [12.7 kB]
Hit http://archive.ubuntu.com trusty Release.gpg
Get:5 http://security.ubuntu.com trusty-security/universe i386 Packages [120 kB]
Ign http://archive.canonical.com trusty/partner Translation-en
Get:6 http://archive.ubuntu.com trusty-updates/main i386 Packages [634 kB]
Get:7 http://security.ubuntu.com trusty-security/multiverse i386 Packages [4,967 B]
Hit http://security.ubuntu.com trusty-security/main Translation-en
Hit http://security.ubuntu.com trusty-security/multiverse Translation-en
Ign http://extra.linuxmint.com rafaela/main Translation-en_US
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Ign http://extra.linuxmint.com rafaela/main Translation-en
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Get:8 http://archive.ubuntu.com trusty-updates/restricted i386 Packages [15.6 kB]
Get:9 http://archive.ubuntu.com trusty-updates/universe i386 Packages [329 kB]
Get:10 http://archive.ubuntu.com trusty-updates/multiverse i386 Packages [13.1 kB]
Hit http://archive.ubuntu.com trusty-updates/main Translation-en
Hit http://archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://archive.ubuntu.com trusty Release
Hit http://archive.ubuntu.com trusty/main i386 Packages
Hit http://archive.ubuntu.com trusty/restricted i386 Packages
Hit http://archive.ubuntu.com trusty/universe i386 Packages
Hit http://archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://archive.ubuntu.com trusty/main Translation-en
Hit http://archive.ubuntu.com trusty/multiverse Translation-en
Hit http://archive.ubuntu.com trusty/restricted Translation-en
Hit http://archive.ubuntu.com trusty/universe Translation-en
Ign http://archive.ubuntu.com trusty/main Translation-en_US
Ign http://archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://archive.ubuntu.com trusty/universe Translation-en_US
Ign http://packages.linuxmint.com rafaela/import Translation-en_US
Ign http://packages.linuxmint.com rafaela/import Translation-en
Ign http://packages.linuxmint.com rafaela/main Translation-en_US
Ign http://packages.linuxmint.com rafaela/main Translation-en
Ign http://packages.linuxmint.com rafaela/upstream Translation-en_US
Ign http://packages.linuxmint.com rafaela/upstream Translation-en
Fetched 1,610 kB in 22s (70.9 kB/s)
Reading package lists... Done
[email protected] ~ $ sudo apt-get install network-manager-openvpn network-manager network-manager-gnome network-manager-openvpn-gnome
Reading package lists... Done
Building dependency tree
Reading state information... Done
network-manager-gnome is already the newest version.
network-manager-openvpn is already the newest version.
network-manager-openvpn-gnome is already the newest version.
network-manager is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
[email protected] ~ $ sudo nano /etc/NetworkManager/NetworkManager/conf
[email protected] ~ $ sudo/etc/init.d/network-manager restart
bash: sudo/etc/init.d/network-manager: No such file or directory
[email protected] ~ $ sudo/etc/init.d/network-manager restart
bash: sudo/etc/init.d/network-manager: No such file or directory
[email protected] ~ $ mkdir OpenVPN-setup-PIA
[email protected] ~ $ cd OpenVPN-setup-PIA
[email protected] ~/OpenVPN-setup-PIA $ sudo wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
--2015-11-27 15:29:47-- http://www.privateinternetaccess.com/openvpn/openvpn.zip
Resolving www.privateinternetaccess.com (www.privateinternetaccess.com)... 23.4.151.87
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|23.4.151.87|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.privateinternetaccess.com/openvpn/openvpn.zip [following]
--2015-11-27 15:29:48-- https://www.privateinternetaccess.com/openvpn/openvpn.zip
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|23.4.151.87|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12364 (12K) [application/zip]
Saving to: ‘openvpn.zip’
100%[======================================>] 12,364 --.-K/s in 0s
2015-11-27 15:29:50 (128 MB/s) - ‘openvpn.zip’ saved [12364/12364]
[email protected] ~/OpenVPN-setup-PIA $ sudo unzip openvpn.zip
Archive: openvpn.zip
inflating: AU Melbourne.ovpn
inflating: AU Sydney.ovpn
inflating: Brazil.ovpn
inflating: CA North York.ovpn
inflating: CA Toronto.ovpn
inflating: Denmark.ovpn
inflating: France.ovpn
inflating: Germany.ovpn
inflating: Hong Kong.ovpn
inflating: India.ovpn
inflating: Ireland.ovpn
inflating: Israel.ovpn
inflating: Italy.ovpn
inflating: Japan.ovpn
inflating: Mexico.ovpn
inflating: Netherlands.ovpn
inflating: New Zealand.ovpn
inflating: Romania.ovpn
inflating: Russia.ovpn
inflating: Singapore.ovpn
inflating: Sweden.ovpn
inflating: Switzerland.ovpn
inflating: Turkey.ovpn
inflating: UK London.ovpn
inflating: UK Southampton.ovpn
inflating: US California.ovpn
inflating: US East.ovpn
inflating: US Florida.ovpn
inflating: US Midwest.ovpn
inflating: US New York City.ovpn
inflating: US Seattle.ovpn
inflating: US Silicon Valley.ovpn
inflating: US Texas.ovpn
inflating: US West.ovpn
inflating: ca.crt
inflating: crl.pem
[email protected] ~/OpenVPN-setup-PIA $ sudo cp ca.crt /etc/openvpn
[email protected] ~/OpenVPN-setup-PIA $ sudo cp crl.pem/etc.openvpn
cp: missing destination file operand after ‘crl.pem/etc.openvpn’
Try 'cp --help' for more information.
[email protected] ~/OpenVPN-setup-PIA $ sudo cp ca.crt /etc/openvpn
[email protected] ~/OpenVPN-setup-PIA $ sudo cp crl.pem/etc/openvpn
cp: missing destination file operand after ‘crl.pem/etc/openvpn’
Try 'cp --help' for more information.
[email protected] ~/OpenVPN-setup-PIA $ cp --help
Usage: cp [OPTION]... [-T] SOURCE DEST
or: cp [OPTION]... SOURCE... DIRECTORY
or: cp [OPTION]... -t DIRECTORY SOURCE...
Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.
Mandatory arguments to long options are mandatory for short options too.
-a, --archive same as -dR --preserve=all
--attributes-only don't copy the file data, just the attributes
--backup[=CONTROL] make a backup of each existing destination file
-b like --backup but does not accept an argument
--copy-contents copy contents of special files when recursive
-d same as --no-dereference --preserve=links
-f, --force if an existing destination file cannot be
opened, remove it and try again (this option
is ignored when the -n option is also used)
-i, --interactive prompt before overwrite (overrides a previous -n
option)
-H follow command-line symbolic links in SOURCE
-l, --link hard link files instead of copying
-L, --dereference always follow symbolic links in SOURCE
-n, --no-clobber do not overwrite an existing file (overrides
a previous -i option)
-P, --no-dereference never follow symbolic links in SOURCE
-p same as --preserve=mode,ownership,timestamps
--preserve[=ATTR_LIST] preserve the specified attributes (default:
mode,ownership,timestamps), if possible
additional attributes: context, links, xattr,
all
--no-preserve=ATTR_LIST don't preserve the specified attributes
--parents use full source file name under DIRECTORY
-R, -r, --recursive copy directories recursively
--reflink[=WHEN] control clone/CoW copies. See below
--remove-destination remove each existing destination file before
attempting to open it (contrast with --force)
--sparse=WHEN control creation of sparse files. See below
--strip-trailing-slashes remove any trailing slashes from each SOURCE
argument
-s, --symbolic-link make symbolic links instead of copying
-S, --suffix=SUFFIX override the usual backup suffix
-t, --target-directory=DIRECTORY copy all SOURCE arguments into DIRECTORY
-T, --no-target-directory treat DEST as a normal file
-u, --update copy only when the SOURCE file is newer
than the destination file or when the
destination file is missing
-v, --verbose explain what is being done
-x, --one-file-system stay on this file system
--help display this help and exit
--version output version information and exit
By default, sparse SOURCE files are detected by a crude heuristic and the
corresponding DEST file is made sparse as well. That is the behavior
selected by --sparse=auto. Specify --sparse=always to create a sparse DEST
file whenever the SOURCE file contains a long enough sequence of zero bytes.
Use --sparse=never to inhibit creation of sparse files.
When --reflink[=always] is specified, perform a lightweight copy, where the
data blocks are copied only when modified. If this is not possible the copy
fails, or if --reflink=auto is specified, fall back to a standard copy.
The backup suffix is '~', unless set with --suffix or SIMPLE_BACKUP_SUFFIX.
The version control method may be selected via the --backup option or through
the VERSION_CONTROL environment variable. Here are the values:
none, off never make backups (even if --backup is given)
numbered, t make numbered backups
existing, nil numbered if numbered backups exist, simple otherwise
simple, never always make simple backups
As a special case, cp makes a backup of SOURCE when the force and backup
options are given and SOURCE and DEST are the same name for an existing,
regular file.
Report cp bugs to [email protected]
GNU coreutils home page: <http://www.gnu.org/software/coreutils/>;
General help using GNU software: <http://www.gnu.org/gethelp/>;
For complete documentation, run: info coreutils 'cp invocation'
[email protected] ~/OpenVPN-setup-PIA $ ^C
[email protected] ~/OpenVPN-setup-PIA $