PIA Application vs OpenVPN

edited April 2014 in General Privacy Discussion Posts: 13
Is there a particular reason why one would use PIA Application over OpenVPN or vice versa? I've been using the application and have worked through the early issues I had but I see OpenVPN mentioned a lot so I'm not sure what is best.


Comments

  • VPNVPN
    Posts: 795
    Next to some integrated features that you would otherwise have to implement manually (kill-switch - you've seen how well that works already, port forwarding, various other leak protection options), the only real advantage of the client is that it allows you to configure advanced encryption settings, i.e. disable encryption completely or use the highest grade encryption supported.
  • @VPN is correct, though it's worth noting that AlexB (who is missed) told me the Linux client also handles iptables automatically.

    However, given PIA's lack of transparency over updates and the closed-source nature of their client it would be advisable to use an OpenVPN community release if possible imho.
  • edited April 2014 Posts: 4,013
    I too would go for OpenVPN over PIA's client. It is what I use, and it serves me well. If you need any special functionality, the PIA client may be able to provide it, but I would use DNSCrypt to cover the DNS problem first and never look back from there. The kill-switch side of things is more difficult, but you have surely seen the threads about that already.
    Post edited by OmniNegro on
  • Posts: 20
    I will throw in my vote for OpenVPN as well. I find to be much less resource intensive as well as more stable. I find that the PIA app loses connection sometimes and then fails to reconnect, as it just seems to give up quickly. Sometimes the disconnects are due to my internet going out, sometimes they are due to other unknown factors. However, at least OpenVPN is consistent about reconnecting.

    It does lack two built-in features that I use. First, it doesn't have built-in port forwarding capability, but an awesome user created a Powershell script to take care of that and set the port in uTorrent automatically. Second, without their client, I cannot select alternate encryption methods; this is something that PIA really needs to address!
  • Posts: 42
    I have been testing OpenVPN and  DNSCrypt but my DNS is still leaking??
  • edited May 2014 Posts: 40
    OpenVPN all the way over time took note and have big list of server IP with openvpn i can choose my own connection right down to IP.

    Also when my connection drops it must have killswitch by default because my internet wont work until i reconnect to VPN.

    And for DNS leak protection just set DNS through the router,
    Post edited by demo23019 on
  • Posts: 106
    Just to be clear for anyone seeking the advice of this post, it is not clear if you should be making the jump to OpenVPN right now.  I too am getting ready to make the jump to try it out, but it is best advised to wait until the config/.crt files from PIA have been updated and it is confirmed that everything is correct.  Hopefully this will be resolved shortly.
  • Posts: 1,103
    I prefer OpenVPN as well, although I will use the client from time to time.
  • Posts: 68
    I also would like to try openvpn.  In a way I already did and it worked.  The only thing missing for me was the port forwarding. As I am new to linux, I have to figure out how to do that independently and then I would use openvpn. Until then it is the app.
  • Posts: 222
    I also would like to try openvpn.  In a way I already did and it worked.  The only thing missing for me was the port forwarding. As I am new to linux, I have to figure out how to do that independently and then I would use openvpn. Until then it is the app.
    You're using Kubuntu 14.04 if I remember correctly? If so, open a terminal (konsole) and type the following commands. You can also copy and paste them. Copy as usual by selecting with the mouse and going right click > copy (or CTRL + C). In the terminal/konsole you can paste by holding CTRL + SHIFT + V. It's way easier than typing long commands out!

    First do

    head -n 100 /dev/urandom | md5sum | tr -d " -" > ~/.pia_client_id

    then

    sudo apt-get update && sudo apt-get install curl

    That will generate a random number and store it in a file hidden in your home directory, called pia_client_id. It's this random number the PIA server will use to link the forwarded port to you anonymously. Curl is a little Linux app that will let you send the request to PIA's server for the port forward.

    Once those two things are done, you can then use the following text - pasted into your terminal/konsole - to get the port. Replace USERNAME and PASSWORD to those of your account. You'll also need to change the ADDRESS to the LOCAL IP you have been issued for that particular connection to PIA (i.e. it will change each session).

    curl -d "user=USERNAME&pass=PASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=ADDRESS" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment

    You will already  know your username and password. The IP address can be found by typing in 'ifconfig' to the terminal/konsole window. It will return a bunch of text including a section for tun0 (the VPN connection) and a local address looking something like 10.136.1.6

    That local IP address (starting with a 10) is the one you copy in. It might seem a lot when you read it the first time, if you're new to stuff like this. But it's really easy.

    1) ifconfig (which shows your local IP for tun0 is - for example - 10.136.1.6)

    2) curl -d "user=P123456&pass=aBc123&client_id=$(cat ~/.pia_client_id)&local_ip=10.136.1.6" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment

    Once you press enter/return, you will get a result along the lines of 'Port forward 87654. That's the port number you need to put into applications. If you re-enter the command every hour or two it'll make sure the port stays tied to you. In the terminal/konsole, the up arrow key lets you scroll through previously issued commands, you don't need to type it again every time!

    Hope this helps. :)
  • Posts: 68
    Wow that is quite a tutorial.  Thank you very much @rainmakerraw. Yes, I do use Kubuntu e only reason I didn't try the openvpn was for the port forwarding.  You have given me my homework for tonight and I will do that and report back tomorrow. I am sorry I didn't see your post yesterday or I would have done it. Many thanks.
  • Posts: 68
    Sorry for the missing word above.  Someone came and I accidentally pressed post comment before finishing the proper sentence.  I meant to say 'yes I use Kubuntu 14.04 and the only reason...'
  • Posts: 222
    No worries @nmrman Let me know how you get along. :)
  • Posts: 68
    @rainmakerraw: As I am familiar with about half the things you wrote, I thought I give it a quick try.  I had the same Kubuntu setup here.  So, first I installed the network-manager-gnome, created a vpn connection and made sure it connected.  
    After that I followed your detailed instructions--I must say they are excellent--and sure enough, I got the port assigned. 
    I must say that I learnt quite a bit in one sitting--big thanks to you.  I am beginning to really like Linux.  Thanks again.
  • Posts: 222
    @nmrman Glad to be of service, enjoy the learning curve. :)
  • Posts: 14
    Hello!

    I want to look into using OpenVPN as an alternative to the PIA client. I went to OpenVPN's site and the How-to page looks more like it teaches how to set up your own VPN rather than using an alternative client to connect to existing VPNs unless I am misreading? Where can I find information on an OpenVPN client for accessing existing VPN's (whether PIA or another VPN) and configuring it to my preferences?
  • Posts: 4,013
    https://www.privateinternetaccess.com/pages/client-support/#windows_openvpn

    That has detailed instructions, but the version of OpenVPN they link there is outdated. If you use a x64 system, this is the file you want. Otherwise you want this one.
  • Posts: 68
    @OmniNegro: both those are for windows.  Is there a newer version that we should update the Ubuntu/Kubuntu x64 version with?  Thanks.
  • VPNVPN
    Posts: 795
    mnrman: For Linux, best use your distribution's packages or NetworkManager plugins, whatever you like better. I guess a NetworkManager howto is available on PIA's howto page, and if you use OpenVPN directly from distribution packages, a lot of distribution specific setup guides can probably be found on web search engines.
  • Posts: 4,013
    The source is available here too, but the prerequisite roulette problem persists with different builds of Linux.
    http://openvpn.net/index.php/download/community-downloads.html

    As @VPN said, you are better off using the package manager of your choice.
  • Posts: 68
    @VPN and @OmniNegro: Thank you very much.  I think I have done that as I just installed it and it should be as new files as possible.  It is quite different from the windows world but so far I enjoy the learning and challenge.  
  • Posts: 14
    https://www.privateinternetaccess.com/pages/client-support/#windows_openvpn

    That has detailed instructions, but the version of OpenVPN they link there is outdated. If you use a x64 system, this is the file you want. Otherwise you want this one.
    "RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com: The requested name is valid, but no data of the requested type was found."

    I had to reply via laptop because I can't connect to the internet at all on the desktop.
  • Posts: 4,013
    https://www.privateinternetaccess.com/pages/client-support/#windows_openvpn

    That has detailed instructions, but the version of OpenVPN they link there is outdated. If you use a x64 system, this is the file you want. Otherwise you want this one.
    "RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com: The requested name is valid, but no data of the requested type was found."

    I had to reply via laptop because I can't connect to the internet at all on the desktop.
    Damn. It sounds like the DNS problem yet again. At this point, I would suggest trying a different resolver. I know you want to use OpenNIC, but give another resolver a try and see if the problems go away. If not, then I suggest killing DNSCrypt and restarting so you get your normal assigned DNS servers.
  • I enter this line:
    curl -d "user=P123456&pass=aBc123&client_id=$(cat ~/.pia_client_id)&local_ip=10.136.1.6"

    Only with my information in it, but I receive an error that says, "curl: no URL specified!"

    Up until this point, I followed your instructions and they worked flawlessly.
    Any ideas what I've done wrong?


  • Posts: 31
    I find that the latest version of the PIA app v61 is stable, faster and almost as good as the OpenVpn client... any thoughts?
  • I have found that the PIA client running in Windows 10 on my older, but still plenty fast desktop (Sandy-E Core i7-3930k@4.8Ghz) is quite a bit slower than OpenVPN running on my router (pfSense, Core i3-7100)

    This difference was never evident until I was recently upgraded to gigabit speeds.   The router gives me ~570Mbit down vs the client giving me about ~260Mbit.

    And this is with standard settings (128bit AES) on the client, and strengthened (256bit AES) on the router.

    The 570Mbit appears to be the upper limit of either PIA's NYC servers, or my route from Verizon FiOS in Boston to said servers, not the router, as it hits a max of 27% CPU load during these speed tests.

    There seems to be something in the client that limits its speeds, seeing that it performs worse at 128bit AES (which should be easier) than OpenVPN in pfSense does with 256bit AES.

    I haven't done enough testing to say any more than this at this point though.
Sign In or Register to comment.