PIA VPN App - Linux Beta

1235719

Comments

  • Have installed the latest beta to Ubuntu 12.04. Program loads, tray icon installs and all setup options function. Attempts to login (connect) fail. The login cycles about five times tray icon is animated  and quits.I see a number of command line errors saying that changes could not be made to iptables because I am not root. I have tried with various selections for ip6 and kill switch including all off.
    Did you install the script as root or using sudo? You should just run it as your regular user. For example: 

    cd Downloads/PIA
    chmod +x i*.sh
    ./i*.sh

    and it will prompt you for your sudo password at the appropriate time. It sounds like you ran the whole installer as root (or sudo) and now it's trying to run elevated actions under standard privileges. 
  • Posts: 3
    I reinstalled the entire package to insure I had not used root to install before. All went well but I still have the problem. I believe it involves the openvpn-launcher program seeing that it cannot load device tun or set the ifconfig (SIOCSIFADDR: etc.)

    Starting a connection from Network Manager works.
  • XeNXeN
    Posts: 5
    Linux app works great, thank you so much private internet access team. =)

    Just wondering through, why not use twofish-cbc instead of blowfish-cbc? It did replace it, and is much more secure. Would also like to see serpent as its more secure than AES and with rumors of AES being broken why not offer the more secure option?

     anyways thanks for the app!
  • Posts: 4,013
    Linux app works great, thank you so much private internet access team. =)

    Just wondering through, why not use twofish-cbc instead of blowfish-cbc? It did replace it, and is much more secure. Would also like to see serpent as its more secure than AES and with rumors of AES being broken why not offer the more secure option?

     anyways thanks for the app!
    Is there any evidence whatsoever besides sheer speculation that suggests that AES is broken?
    http://www.eetimes.com/document.asp?doc_id=1279619
    ^^^ Read that to see how crazy it is to think AES is broken.
  • VPNVPN
    Posts: 795
    [...] why not use twofish-cbc instead of blowfish-cbc?
    Because that's not supported by OpenVPN (same as Serpent btw.):
    # openvpn --show-ciphers
    The following ciphers and cipher modes are available
    for use with OpenVPN.  Each cipher shown below may be
    used as a parameter to the --cipher option.  The default
    key size is shown as well as whether or not it can be
    changed with the --keysize directive.  Using a CBC mode
    is recommended.

    DES-CBC 64 bit default key (fixed)
    IDEA-CBC 128 bit default key (fixed)
    RC2-CBC 128 bit default key (variable)
    DES-EDE-CBC 128 bit default key (fixed)
    DES-EDE3-CBC 192 bit default key (fixed)
    DESX-CBC 192 bit default key (fixed)
    BF-CBC 128 bit default key (variable)
    RC2-40-CBC 40 bit default key (variable)
    CAST5-CBC 128 bit default key (variable)
    RC5-CBC 128 bit default key (variable)
    RC2-64-CBC 64 bit default key (variable)
    AES-128-CBC 128 bit default key (fixed)
    AES-192-CBC 192 bit default key (fixed)
    AES-256-CBC 256 bit default key (fixed)
    CAMELLIA-128-CBC 128 bit default key (fixed)
    CAMELLIA-192-CBC 192 bit default key (fixed)
    CAMELLIA-256-CBC 256 bit default key (fixed)
    SEED-CBC 128 bit default key (fixed)
  • Posts: 4,013
    Thank you vpn, makes much more sense now. =)

    OmniNegro ->> https://communities.intel.com/community/itpeernetwork/datastack/blog/2010/03/26/is-aes-128-and-aes-256-broken
    That was published in 2010 and no part of it even hints at a broken part of AES. It does suggest part of AES is weakened, but it is like weakening the front armor on a tank to be half as much material. It is still far stronger than is needed for most purposes.

    From your article link:
    "In summary, the academics have found ways
    to “attack” AES-128 and AES-256 faster than an exhaustive search, but
    not against the full AES. Though the computation times are much faster
    than exhaustive search, these attacks require related keys, and are 
    non-practical, and do not seem to pose any real threat to the security
    of AES-based systems."
  • Posts: 4,013
    @XeN
    Another way to look at this is as follows:
    Blowfish has never been broken one single time since it was first introduced. The same is true for AES. While Twofish was a relatively natural evolution of the strong building block of Blowfish, if we are to go over to a competing format, we may as well use Threefish instead.

    But remember that for now, we use nothing not in OpenVPN, and it is stronger than anyone needs to keep the whole world out for a decade or more. Adding algorithms is a great thing, but it is also a boatload of work. If you want to help with this, and have the knowledge to actually do it, we would all love it. (There may be a hundred people in the seven billion people of the world that actually know all they need to do this. Most of them are not going to get involved.)

    We have had quite a few threads discussing the prospects of adding algorithms. And if you cannot find one, do not feel bad. The search function here sucks. Just make a new thread and go crazy. We love to chat about encryption.
  • Posts: 3
    @rainmakerraw

    Thank you for helping. A couple more tries and I have it.
  • @rainmakerraw

    Thank you for helping. A couple more tries and I have it.
    @sinacy I'm glad you got it sorted mate, and fwiw I'm sorry I posted and ran. I didn't know you'd submitted further posts until I got the 'tag' notification today and saw the extra replies when I visited the thread. My apologies. 

    For my own issue, with the status 'line' that's supposed to show at the top of the context menu: 

    I have spoken with support and my first reply was a copy/paste of how to connect to PIA using networkmanager(?!) and the second one said 'It works for us'. I queried the library versions, distro version and asked what libraries and packages are used to call the status line, and got 'ask the forum' in response. Not cool guys. I'm paying PIA, not the users who give their time here for free. 

    For 'port forwarding in [torrent client]' threads that's fine, but when someone has a technical question about an app developed in-house? I'm not sure what the forum is meant to provide when I've had posts go unanswered here (understandably) already. 

    Just in case anyone is actually following my posts or can replicate the issue, I have since found that although the status line doesn't appear in Mint KDE 16 (or Kubuntu 13.10), it DOES work perfectly well in Mint 13 (based on 12.04 LTS). I can only surmise that there's probably a breakage based on an updated package or library in later versions of the distros, which is called by the PIA app. Otherwise perhaps a library or package omitted from later versions of the distros which was present in 12.04. This is supported by the fact that netrunner KDE somehow displays the status line OK, despite being based on 13.10 (and is the only Kubuntu derivative to work properly). 

    I have tried to get it installed and working properly on Debian testing as well as Kubuntu 13.10 to no avail. I'm stuck on 12.04 derivatives for now until either I finally figure it out (and finally get some sleep!), or else someone happens by who has a better idea than I. Le sign. :(  
  • Posts: 61
    @rainmakerraw type:  ...I queried the library versions, distro version and asked what libraries and packages are used to call the status line, and got 'ask the forum' in response. Not cool guys. I'm paying PIA, not the users who give their time here for free.

    Definitely not helpful of PIA support if what typed is true.

    Add to that the fact that this 'beta client' development hasn't progressed further (that we know of) since the last download offering on 'Tue Dec 10 00:07:45 UTC 2013' (as of today, 3 months 20 days and counting...ago) might lead one to suspect that PIA isn't all that interested in a Linux client any longer?  Who knows?  At this point definitely not us, the Linux PIA 'forum users'.
    .
  • Posts: 4,013
    Most Linux users want official and up to date support for OpenVPN. I use Linux occasionally, but I still consider it the most useful open-sourced example ever made. If I did not play games, there is no way I would use Windows. I would be Linux up to my eyeballs and happy for it.

    So the bulk of the reason the PIA client on Linux is not a priority is that most of us that have interest in Linux have no interest in the PIA client, although we know we debatably lose something by sticking to OpenVPN.

    @VPN, myself, and many others keep asking for the additions made to the PIA client to be provided for OpenVPN so everyone may benefit. We know this puts PIA in a tough spot since they would be giving up something they went through a lot of trouble and spent ages working on. And the competition would no doubt start claiming PIA has nothing they do not have as far as software goes if PIA did. But I genuinely think that the public would remember that the contributions PIA has made made everyone safer online. (Some of the competition already slander PIA every chance they get. One of the regulars here goes absolutely ape-shit when he sees it. And I think everyone knows who I speak of.)

    It is their call. But please do not be silent if you agree. And please do not just say "I agree" and wash your hands of it. Please explain how you see things and make them understand how much they have to gain by being the first VPN to do this sort of thing to help everyone.

    Unless I am mistaken, the PIA servers are running an older compile of OpenVPN. Most optional algorithms of the newer revisions are not actually supported if the user employs OpenVPN and tries to use them. They seem to only work if the user employs the PIA client. (AES, for instance.)
  • Posts: 8
    I installed the client using the instructions in the first post as I'm a total linux n00b. It installed, I entered my credentials but when I try to connect the red icon flashes several times and nothing happens. I'm not sure if there is some log I could check to see what the problem is?
  • Posts: 4,013
    I installed the client using the instructions in the first post as I'm a total linux n00b. It installed, I entered my credentials but when I try to connect the red icon flashes several times and nothing happens. I'm not sure if there is some log I could check to see what the problem is?
    What Distribution? And I would wager there is at least a minimal log that would help resolve what is going wrong in any case, and you can likely force a very-verbose option to figure it out. I will have to leave that to others here with more specific knowledge.
  • Posts: 8
    Mint Cinnamon 16 petra 32.
  • Posts: 61
    Willie typed:  I'm not sure if there is some log I could check to see what the problem is?

    The PIA beta VPN client crash log can be found here:  '~/.pia_manager_crash.log' .  Possibly you'll find a clue to your issues there?
    .

  • edited April 2014 Posts: 222
    Most Linux users want official and up to date support for OpenVPN. I use Linux occasionally, but I still consider it the most useful open-sourced example ever made. If I did not play games, there is no way I would use Windows. I would be Linux up to my eyeballs and happy for it.

    So the bulk of the reason the PIA client on Linux is not a priority is that most of us that have interest in Linux have no interest in the PIA client, although we know we debatably lose something by sticking to OpenVPN.
    I agree, and generally would much prefer to use network-manager-openvpn over and above the closed-source PIA binary. However, it's a bit of a nuisance to set up port forwarding without the app. Though it's do-able where necessary (eg on distros that don't have the dependencies available that the PIA binary calls for, such as libxss1), the fact remains that connecting via openvpn, then generating a PIA ID, connecting to the server via curl and getting a forwarded port, then running the iptm script to set up iptables is rather cumbersome compared to just running the app.

    In other news, the script installs but refuses to run at all on the latest beta of Kubuntu 14.04 Trusty Tahr. Unless PIA pull their finger out and stop fobbing off paying customers by sending them to the forum instead of actually engaging with them, the app is useless as of next month anyway. It will only run on certain Ubuntu and Debian derivative distros without some hacking, and now even they are broken so the app is effectively useless except for older LTS release distros (eg *buntu 12.04, Debian stable).

    I've been shopping around for other providers who have actual proper support and an active Linux based mindset with truly cross platform binary apps meaning I don't have to care which distro they're being installed on, they 'just work'. I've found a few and trials are promising. Shame really, when PIA only need pull their socks up to be the best supplier in the world. :(
    Post edited by rainmakerraw on
  • edited April 2014 Posts: 61
    @rainmakerraw typed:  In other news, the script installs but refuses to run at all on the latest beta of Kubuntu 14.04 Trusty Tahr.

    Similar experience in a 'Live' beta-2 of Ubuntu-GNOME 14.04 LTS amd64 I booted off a USB thumb drive.  In my case, the PIA Linux Beta VPN client installed without errors, I got the popup window in which to enter PIA username/password and then saved.  After clicking 'Save' I got a PIA server connection, but the tray applet was nowhere to be found in Ubuntu 14.04's taskbar (or whatever it's called?).  Thus no way to check Linux PIA client connection status or change config via the PIA applet icon.

    The beta Linux PIA client, warts and all, is my preference because of it's ability to automagically connect/re-connect after login when I bootup, reboot, or bring a machine out of sleep.  It's going to suck if I have to go back to Network Manager's openvpn plugin.

    Edit (Mon Apr 21 10:13:14 CDT 2014):  Downloaded the recently release default 'Ubuntu 14.04 LTS (Trusty Tahr)' [ubuntu-14.04-desktop-amd64.iso] yesterday.  Did a clean install on one of my machine's.  The PIA Beta VPN client works in this build.

    Note:  This new install is NOT 'ubuntu-gnome-14.04-desktop-amd64' that I had tried previously on live bootable flash drive.  Maybe 'ubuntu-gnome' was/is the problem?
    .
    Post edited by martywd on
  • This is great!  I've been moving over to linux and having this kill switch and disable IPV6 app available for us is really convenient.

    Can PIA staff guarantee that the kill switch and IPV6 settings when enabled will work?  Or is there a chance that they will fail?
  • This is great!  I've been moving over to linux and having this kill switch and disable IPV6 app available for us is really convenient.

    Can PIA staff guarantee that the kill switch and IPV6 settings when enabled will work?  Or is there a chance that they will fail?
    It's not going to be 100% accurate, its there to provide you with an extra layer of security when using the VPN service.
  • edited April 2014 Posts: 5
    This is great!  I've been moving over to linux and having this kill switch and disable IPV6 app available for us is really convenient.

    Can PIA staff guarantee that the kill switch and IPV6 settings when enabled will work?  Or is there a chance that they will fail?
    It's not going to be 100% accurate, its there to provide you with an extra layer of security when using the VPN service.
    Can you suggest other settings and/or commands for a second line of defense should the disable IPV6 or kill switch features fail?

    I'd like to be as secure as possible with torrent IPs exposing me, browsing the web or hosting a server etc.

    With torrent clients for example are there any open source linux bittorrent clients that can be configured to only leech/seed through the VPN connection only?
    Post edited by johndoeyo on
  • ***Unrelated double post***

    I use an older macbook2,1 with ubuntu 10.10 netbook 32-bit to convert it into a seedbox.

    I copied the installer_linux.sh file to my desktop, changed directories over to it and ran the two lines of code.  Terminal had no complaints. 

    After I did this on the same computer with ubuntu 12.04LTS, it immediately launched PIA.

    My same computer with ubuntu 10.10 didn't launch PIA right away.  I tried searching my computer for 'PIA' or 'private internet access' but nothing turned up.  What is the exact name of the PIA linux app?  Do I need to install some other stuff in order for the PIA linux app to run?

    Thanks
  • Posts: 4,013
    This is great!  I've been moving over to linux and having this kill switch and disable IPV6 app available for us is really convenient.

    Can PIA staff guarantee that the kill switch and IPV6 settings when enabled will work?  Or is there a chance that they will fail?
    It's not going to be 100% accurate, its there to provide you with an extra layer of security when using the VPN service.
    Can you suggest other settings and/or commands for a second line of defense should the disable IPV6 or kill switch features fail?

    I'd like to be as secure as possible with torrent IPs exposing me, browsing the web or hosting a server etc.

    With torrent clients for example are there any open source linux bittorrent clients that can be configured to only leech/seed through the VPN connection only?
    I am no expert, but I know you can entirely disable IPv6 on all existing OSes, and can make custom routing tables that will do everything that the killswitch does. (Since all PIA IPs are within a known range, you just block any traffic that does not fall in that range.)

    I will have to leave it to a more knowledgeable person to explain how though.
  • @tardisonline How come you reply to a random question about the IPv6 but totally disregard all the comments, questions and frustrations about the poor support responses from PIA, and the apparent abandonment of the Linux script? Now that 14.04 has broken it, will it just fall into disrepair? Are PIA actually bothered about addressing the issues with the Linux installer, or bothered about the customers affected by it? At the moment it seems not which, speaking as an annual subscriber, is a shame.
  • I have encountered some kind of bug with this.

    Fresh install of Linux Mint 64-bit.

    Installing the latest client and trying to connect with the standard settings.

    When I connect the logo just goes back and forth between light green(trying to connect) and red, quickly (a few second in each stage) a couple of times and then it gives up and is back on red again.

    I opened at ticket and they told me they could not help me.
  • I opened at ticket and they told me they could not help me.
    Unfortunately that's standard for PIA support lately. They just direct you to the forum, totally ignoring the fact it's full of people with the same issues, all of whom are just as frustrated as you are.

    What version of Linux Mint are you using and what DE (Cinnamon, MATE, KDE etc)? It should work OK on anything up to the latest (non-beta) releases. Being honest I thought twice about replying to you... I don't know why I have to assist you when I, and you, are both paying PIA for the privilege?! :/
  • @tardisonline How come you reply to a random question about the IPv6 but totally disregard all the comments, questions and frustrations about the poor support responses from PIA, and the apparent abandonment of the Linux script? Now that 14.04 has broken it, will it just fall into disrepair? Are PIA actually bothered about addressing the issues with the Linux installer, or bothered about the customers affected by it? At the moment it seems not which, speaking as an annual subscriber, is a shame.
    I am not disregarding anything, if there is something I can't directly reply to I will escalate that to a different department. We are continuing to look into these issues and are working around the clock on resolving them as quickly as possible.
  • edited April 2014 Posts: 222
    @tardisonline How come you reply to a random question about the IPv6 but totally disregard all the comments, questions and frustrations about the poor support responses from PIA, and the apparent abandonment of the Linux script? Now that 14.04 has broken it, will it just fall into disrepair? Are PIA actually bothered about addressing the issues with the Linux installer, or bothered about the customers affected by it? At the moment it seems not which, speaking as an annual subscriber, is a shame.
    I am not disregarding anything, if there is something I can't directly reply to I will escalate that to a different department. We are continuing to look into these issues and are working around the clock on resolving them as quickly as possible.
    @tardisonline That's great. So why are T2 support just sending people to the forum instead of answering the simple questions being asked of them regarding Linux? When you say you're working around the clock to resolve issues, is this just management buzzwords or is something actually happening? The Linux script hasn't been updated (or supported) since last year!

    Your competitors are leaving you in the dust on this one, and some actual honesty rather than fobbing off paying customers, would be great. Hell if you even did something like simply implement the ability for a customer to manually forward a small number of ports (or even A port) in their control panel as some of your competitors do, you'd eliminate the only real reason for a dedicated Linux app entirely.

    That way we can stick to using the .ovpn files in network manager, forward a port as and if required, and leave you the hell alone to focus on whatever it is you all do when you're ignoring your Linux users for six months on end! :p
    Post edited by rainmakerraw on
  • PIAPIA
    Posts: 3
    @tardisonline That's great. So why are T2 support just sending people to the forum instead of answering the simple questions being asked of them regarding Linux? When you say you're working around the clock to resolve issues, is this just management buzzwords or is something actually happening? The Linux script hasn't been updated (or supported) since last year!
    Absolutely not, we address all the issues and requests and are work towards resolving them in a timely fashion.  


  • Absolutely not, we address all the issues and requests and are work towards resolving them in a timely fashion.  
    Ok then here's my problem I'd like resolved,  I am trying to install the linux PIA app on my macbook2,1 running ubuntu 10.10.

    I ran the two commands needed to install the app after downloading it as instructed by the first post.

    Terminal said some things were installed, but when I tried finding the application by searching for 'PIA' or 'private internet access' nothing popped up.

    I did noticed a 'pia.sh' file is sitting on my root directory and trying running that program with terminal after moving it to desktop, but again nothing happened when I used these commands in terminal:
    './pia.sh'
    or
    'sh pia.sh'
    Why don't either of these commands make the PIA app run?
Sign In or Register to comment.