PIA installation on TAILS

Hello, can someone help me how to install PIA onto a USB version of TAILS? 
I followed the instructions on the TAILS website and got TAILS installed onto my usb pendrive with the 2 usb setup. 

Is there a step by step installation guide for PIA onto a USB Tails Linux? 
Those two together should be a perfect combination, but I cant get it to work. 

Any help would be really awesome, I am not very skilled with Linux. Thanks a lot. 


  • Posts: 266
    I don't think it's a very good idea to use PIA with Tails. This is a quite specialized distribution that already does everything it can to prevent any possibility of leaks, and going against it would likely break the distribution and worsen your privacy as a result. The Tails developers themselves don't recommend it, and the way Tails is set up changes the way you'd have to install and set up OpenVPN. I really wouldn't try this without having a good understanding of Linux and Tails first.
  • Posts: 269
    TAILS already has OpenVPN client installed, yes? Just use it. With the PIA-prepared ovpn files.
  • edited October 27 Posts: 85
    DISCLAIMER: The information and instructions in this post are provided for informational purposes only. Improper usage of Tails can break your anonymity. Always assess your threat model before attempting to change the default functionality of Tails. Learn more about threat modeling here.

    Daily Tails user here, checking-in. I've written a guide below for Tails users. Hope it can be of some use!

    Using a VPN/Proxy in Tails

    Tor + VPN in Tails

    The topic of VPN support in Tails (whether Tor > VPN or VPN > Tor) and the issues it presents are discussed here https://tails.boum.org/blueprint/vpn_support/

    While it isn't recommended to use a VPN inside the Tails environment (nor would it even work properly without significant modification), using a proxy for specific purposes is completely fine. Your PIA account includes a free Netherlands proxy (proxy-nl.privateinternetaccess.com) that you can generate a userid/pass for and use inside Tails.

    Proxy > Tor

    If your threat model does not care if PIA knows which first-hop Tor node you connect to and you're merely trying to hide your Tor activity from your ISP, then a Proxy > Tor connection is ideal. You may also achieve this by using a private Tor bridge (requestable online at https://bridges.torproject.org/ ) but there is zero guarantee that the bridge being used won't also be known to your ISP and it will still be clear to your ISP that the traffic is Tor related.

    To make this type of connection, supply the proxy information in the "Network connection" settings at the Tails startup screen.

    Tor > Proxy (using a program's internal proxy settings)

    Note: these instructions must be repeated each time you restart Tails

    If your threat model does not care if your local ISP knows you're using Tor and you wish to hide your Tor activity from the target website or service (i.e. a site that blocks or restricts Tor users), then a Tor > Proxy connection is ideal. Keep in mind that this would be making a connection between your PIA account details (and any payment methods used for it) and your activity on the target service site. Do not use this if you're trying to be anonymous unless you are confident that your purchase of PIA credentials was equally anonymous and understand the risks involved.

    To make this type of connection, first you'll need to obtain SOCKS credentials from your PIA account page. Log in to your PIA account and on the account page ( https://www.privateinternetaccess.com/pages/client-control-panel ), in the "PPTP/L2TP/SOCKS Username and Password" section there should be a username and password to use for proxy login. If not, click the button to generate one.

    You will be provided with the host proxy-nl.privateinternetaccess.com and port 1080. Then,

    In the program you wish to route over SOCKS, change the proxy settings of the program to PIA's SOCKS host and credentials. Typically this data is already entered as port 9050 to route the traffic over Tor.

    Instead of running the program standalone, run it with the proxychains command. First we need to install proxychains.

            sudo apt-get install proxychains

    Now we run the program (in this example, hexchat)

            proxychains hexchat

    This forces the connection first over Tor ( and then uses the program's own connection functionality to connect to the SOCKS proxy.

    If the program you want to run does not have proxy settings available, this method will not work.

    Tor > Proxy (forcing all traffic over proxychains; ideal for web browsers that don't have internal proxy settings)

    Note: these instructions must be repeated each time you restart Tails

    To use this method for a browser so that you can view a website through the PIA SOCKS, you will not be able to use the built-in tor-browser in Tails. Due to apparmor in Tails, the default tor-browser will not allow interaction with the regular file system and thus cannot read the proxychains.conf file properly. This restriction from such usage is done for your safety, and using another browser instead of it may put you at risk of reducing your anonymity or leaking more information. If you choose to accept this risk, you'lll need to install an additional browser to use for your Tor > SOCKS sessions.

    If you haven't already installed proxychains, do that first!

            sudo apt-get install proxychains

    For this example, we'll use the firefox-esr browser for Debian.

            sudo apt-get install firefox-esr

    Now we need to update the proxychains config file to add the PIA SOCKS credentials. Since proxychains doesn't work with hostnames, we need to DNS the proxy-nl.privateinternetaccess.com domain to get an active SOCKS IP (at the time of writing this, DNS returned

            host proxy-nl.privateinternetaccess.com
    This will return something similar to the following in Tails:

    ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
    ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
    proxy-nl.privateinternetaccess.com has address
    Host proxy-nl.privateinternetaccess.com not found: 3(NXDOMAIN)
    Host proxy-nl.privateinternetaccess.com not found: 4(NOTIMP)
    Now we have the IP address (

            sudo chmod 0756 /etc/proxychains.conf
    gedit /etc/proxychains.conf

    You will need to change the last lines to the following, replacing with the IP returned from a DNS of proxy-nl.privateinternetaccess.com, and username and password with your SOCKS credentials.

    # add proxy here ...
    # meanwile
    # defaults set to "tor"
    socks5        9050
    socks5  1080        username        password

    Now you're ready to start!

            proxychains firefox-esr

    To test that it works, visit https://www.privateinternetaccess.com/pages/whats-my-ip/ . If it's working, you should see your location as coming from the Netherlands.

    Hope this was helpful!
    Post edited by sn0wmonster on
Sign In or Register to comment.