PIA VPN App - Linux Beta

SupportSupport
edited February 2016 in Privacy News Posts: 183
After a while of being in alpha we're now releasing an official beta of the PIA Linux app.


V.56 sha256sum (installer_linux.tar.gz): 7df499f87703d1a4e77e6628c496549323c4513d5d7ceaadab5f547f247f5a59

Instructions

From the terminal in the directory you downloaded to:

1) Extract file:
tar -xvf installer_linux.tar.gz 

2) Tell OS to proceed:
chmod +x installer_linux.sh

3) Run installer:
./installer_linux.sh


Release notes:
- Should work on 32 and 64bit Linux
- Should work on any system that supports the App Indicators notification area system (most modern Linuxes)
- Has been tested on Ubuntu 12.04/13.04 32/64bit stock installs as well as Linux Mint 15 Cinnamon 32bit
- The installer will attempt to apt-get install 4 dependencies: libjpeg62, libxss1, libappindicator1, libgail18
- The installer will create an application launcher entry in ~/.local/share/applications
- The installer will create an entry in ~/.config/autostart for automatic start on login
  - But this can be controlled through the app as usual
- The installer will create a ~/pia.sh script for starting the app from a terminal
- Installer and app should be run as your normal login user and _not_ as root

Update Wed Nov  6 02:28:39 UTC 2013
The last version of the installer had an issue which caused it not to work correctly on 32bit machines.  This is fixed and the installer link has been updated.  Thanks to martywd for helping figure out the issue.

Update Sun Nov 10 10:56:03 UTC 2013
Installer will now apt-get install libgail18 and libappindicator1 in case they are not already present.  Installer link has been updated.

Update Sun Dec  8 22:07:53 UTC 2013
v.35 update.  Installer link has been updated.

Update Tue Dec 10 00:07:45 UTC 2013
Fixed dns issue, now uses correct PIA nameservers.  Thanks to martywd.  Installer link has been updated.

Update Tue May 27 2014
- Update includes new keys / Open SSL version

Update Tue June 10 2014- Update OpenSSL to latest version (openssl-1.0.1h)
Update Tue August 12 2014
- Update OpenSSL to latest version (openssl-1.0.1i)
- New checksum above

Edit Sat December 20 2014 (StephenA)
- Updated checksum above to reflect the current v.46 version

Update Sat November 28, 2015
Update Wed February 17 2016
- Update glibc to latest version, which fixes CVE-2015-7547

Post edited by Support on
«13456719

Comments

  • MoreBandwidthMoreBandwidth
    Posts: 125
    - The installer will create an application launcher entry in ~/.local/share/applications
    - Should work on any system that supports the App Indicators notification area system (most modern Linuxes)
    Thank you for listening to our ideas and putting them in! 
  • leoOKleoOK
    Posts: 24
    Please add Openvpn "proxy" feature, 
    it's a very useful feature omitted in all your apps.
  • martywdmartywd
    Posts: 61
    Already had the 'Alpha' installed as mentioned/posted previously here.

    The Beta install went OK on my two lm15 MATE (64-bit) machines.

    At present this 'Beta' install DOES NOT WORK on my netbook (Samsung NC-10) running lm13 MATE (32-bit).  This what happens.  When running the Beta 'installer_linux.sh' executable on the 32-bit machine, at completion I get a 'install success' message, but the the PIA icon on the task bar disappears and any attempt to restart PIA either by running '~/pia.sh' or clicking on the MATE menu entry (Menu|All Applications|Other|Private Internet Access) fail.  Repeated install attempts of the 'Beta' exhibit this same behavior every time.

    At this point I am back to running the 'Alpha' on the 32-bit machine.  If someone can clue me in to how to get some debug output from the 'Beta' installer(?), I'll gladly post the output here.
    .

  • MoreBandwidthMoreBandwidth
    Posts: 125
    Please add Openvpn "proxy" feature, 
    it's a very useful feature omitted in all your apps.
    The idea being the app just creates a local socks proxy like TOR? Actually a very good idea, Just a small note i have always wanted :P

    adblocking and malwear blocking built in (hahaha... windows), make it OPT IN but you can set URL lists like adblock.txts and it will block, all client side, So you don't have to see our traffic and can keep it an "open web"
  • vicktor_1vicktor_1
    edited November 2013 Posts: 3
    hi I have ubunto 13  64 bit and get the following error when try to run it (i verified that the file is present )

    [00:52:26:928] [Ti.Host] [Debug] Loading module: /home/vian/.pia_manager/pia_tray.64/modules/ui/1.3.2-beta/libtideui.so
    [00:52:26:929] [Ti.Host] [Error] Could not load module (/home/vian/.pia_manager/pia_tray.64/modules/ui/1.3.2-beta/libtideui.so): "Error loading module (/home/vian/.pia_manager/pia_tray.64/modules/ui/1.3.2-beta/libtideui.so): libappindicator.so.1: cannot open shared object file: No such file or directory
    "

    Is this the correct 64 bit module? it is present in the target folder
    Post edited by vicktor_1 on
  • SupportSupport
    Posts: 183
    @martywd: Fixed!  Thanks for your help.

    @viktor_1: Just tested this and you're right.  The installer does't work out of the box on Ubuntu 13.10.  You'll need to run this and then it should work:
    sudo apt-get install libappindicator1

    I'll look into adding this to the installer
  • vicktor_1vicktor_1
    Posts: 3
    Thanks.. all is good now. Although with my provider I had to use TCP. Using UDP results in speed of few kilobits/sec. I don't know, if this is a problem with the ISP or my network.
  • NullNull
    Posts: 49
    Is the link above still work for 32 bits Linux Mint. Gonna test it during the weekend.
  • rainmakerrawrainmakerraw
    Posts: 222
    Works great here on Linux Mint 15 x64. Thanks!!
  • tinktink
    Posts: 6
    Installed on a 64 bit virtual machine:
    $ uname -a
    Linux vbox-torrent 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux


    This is the error I get:
    pia_tray: no process found
    pia_tray: no process found
    Couldn't load file:/home/tink/.pia_manager/pia_tray.64/runtime/1.3.2-beta/libtide.so, error: libgailutil.so.18: cannot open shared object file: No such file or directory

    Installing the libappindicator1 pkg did not help
  • SupportSupport
    Posts: 183
    @Null: Yes it should work for 32bit Linux Mint.

    @tink: What Linux distro are you running?
  • NullNull
    Posts: 49
    Already had the 'Alpha' installed as mentioned/posted previously here.
    The Beta install went OK on my two lm15 MATE (64-bit) machines.
    At present this 'Beta' install DOES NOT WORK on my netbook (Samsung NC-10) running lm13 MATE (32-bit).  This what happens.  When running the Beta 'installer_linux.sh' executable on the 32-bit machine, at completion I get a 'install success' message, but the the PIA icon on the task bar disappears and any attempt to restart PIA either by running '~/pia.sh' or clicking on the MATE menu entry (Menu|All Applications|Other|Private Internet Access) fail.  Repeated install attempts of the 'Beta' exhibit this same behavior every time.
    At this point I am back to running the 'Alpha' on the 32-bit machine.  If someone can clue me in to how to get some debug output from the 'Beta' installer(?), I'll gladly post the output here..
    Same problem cannot load for beta .Going back to Alpha.

    OS : Linux Mint 15 Cinnamon 32 bits 
  • VPNVPN
    edited November 2013 Posts: 795
    @tink @Support: It's an Ubuntu kernel, so maybe that's it.
    Apparently there is at least one Ubuntu version where libgail is not included in gtk2. 'apt-get install libgail18' should fix that.
    Post edited by VPN on
  • TestyMcTestTestyMcTest
    Posts: 1
    I've been wracking my brain trying to get PIA working on a Cubieboard (w/ A10 processor). I have tried 3 different flavors of Debian and Ubuntu to no success. I've also tried creating the VPN connection 3 different ways, including the ubuntu_install.sh download from the Client Support page (which is what I'm attempting this most recent try, on Ubuntu 13.03). All tries give the same error:

    Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
    Assertion failed at misc.c:222
    Exiting

    I have verified every time that /dev/net/tun exists in every Linux flavor I've tried. When it didn't exist, I created it using mknod /dev/net/tun c 10 200 per some Googling.
    Not sure if it matters, but the Cubieboard has a weird NIC that creates a random MAC at every boot.
    I'm at a loss. Can anyone help me get this working? I'm a computer technician that's relatively new to Linux. Any help would be appreciated!

  • martywdmartywd
    edited November 2013 Posts: 61

    null sez: "Same problem cannot load for beta .Going back to Alpha.

    OS : Linux Mint 15 Cinnamon 32 bits"
    ---------------------------------------------



    @null:  Then you're doing it wrong.  Make sure you download the latest 'installer_linux.sh'

    I just booted my netbook to a liveDVD lm15 Cinnamon 32-bit (install on a USB flash drive) and did a successful 'PIA VPN App - Linux Beta' install.  TWICE.  Just to make sure the first install was not a fluke.

    I took a couple of screenshots as proof.  You can find them here.
    .




    Post edited by martywd on
  • tinktink
    Posts: 6
    apt-get install libgail18   ... that did it for me!  I'm running LUbuntu (ubuntu without a lot of the bloatware installed).  Thanks @VPN !
  • VPNVPN
    Posts: 795
    @TestyMcTest:

    The missing /dev/net/tun usually results from missing kernel modules or parameters. Check to see if the /lib folder for your running kernel has tun.ko available (find /lib -name tun.ko -print), else recompile your kernel with CONFIG_TUN set to m or y.
  • NullNull
    Posts: 49

    null sez: "Same problem cannot load for beta .Going back to Alpha.
    OS : Linux Mint 15 Cinnamon 32 bits"---------------------------------------------


    @null:  Then you're doing it wrong.  Make sure you download the latest 'installer_linux.sh'
    I just booted my netbook to a liveDVD lm15 Cinnamon 32-bit (install on a USB flash drive) and did a successful 'PIA VPN App - Linux Beta' install.  TWICE.  Just to make sure the first install was not a fluke.
    I took a couple of screenshots as proof.  You can find them here..



    @martywd

    I did actually the same of what you done in your screen shot. To be honest i cannot narrow down what is the real issue as some of you guys mention it is kernel.
  • SupportSupport
    Posts: 183
    Latest installer will now attempt to install libappindicator1 and libgail18
  • tinktink
    Posts: 6
    This worked on my Ubuntu VM, but did a fresh install of debian and got an error "GLIBC_2.14 not found (required by ./installer_linux/64/ruby

    How did I not get a new enough version of glibc with a fresh install?  I have 2.13

    #cat /etc/debian_version
    7.2

  • VPNVPN
    Posts: 795
    Please don't include Ruby binaries in your software package. Please try to rely as much as possible on installed system packages. Specify dependencies accordingly!

    Remember, this is not Windows or MAC. Linux has had package management since centuries. Best package your product as .deb/.rpm or whatever, and only include components that are absolutely needed (like RubyEncoder libs). Specify dependencies for the rest.

    If you don't want to do that, perhaps someone from the community can help.

  • MoreBandwidthMoreBandwidth
    Posts: 125
    Please don't include Ruby binaries in your software package. Please try to rely as much as possible on installed system packages. Specify dependencies accordingly!

    Remember, this is not Windows or MAC. Linux has had package management since centuries. Best package your product as .deb/.rpm or whatever, and only include components that are absolutely needed (like RubyEncoder libs). Specify dependencies for the rest.

    If you don't want to do that, perhaps someone from the community can help.

    +1 especially since I go to nano your "install script" and i get a few commands, then binary..." not what were looking for
  • cumhurcumhur
    Posts: 2
    I cannot download beta of the PIA Linux app from https://mega.co.nz/#!hwpj3Cpa!Kgagc10F2IGdkiScgPa7uRihVZ4JW8AQ8MTe7dpI1bM it stops at %12 and doesnt go further... is there any other link?
  • johnfromnowherejohnfromnowhere
    Posts: 40
    I cannot download beta of the PIA Linux app from https://mega.co.nz/#!hwpj3Cpa!Kgagc10F2IGdkiScgPa7uRihVZ4JW8AQ8MTe7dpI1bM it stops at %12 and doesnt go further... is there any other link?
    If you are using Firefox you might need the "mega" add-on, this is what I had to install.
  • johnfromnowherejohnfromnowhere
    Posts: 40
    For those of us who are more paranoid could you please include PGP signatures for these downloads?  Given the NSA's recent escapades I am sure they would love to intercept these downloads and insert their own code.

    BTW, I tried this in Ubuntu and it works flawlessly, thanks for a great app.  Now I am downloading it for Tails.
  • OmniNegroOmniNegro
    Posts: 4,013
    Do you know the mathematics of that sha1 hash used? It is so unlikely that any change could be made without changing the hash that if every file ever made on a PC had a billion copies with a single bit difference in random places, it could not have happened yet.

    PGP and GPG works for some, but a simple hash is easier and built into Linux. (And you know I have entirely given up on PGP/GPG.)
  • borissbborissb
    edited November 2013 Posts: 6
    I am sorry if this has been documented somewhere...

    1) How does the app work, by manipulating iptables rules? So f.e. I have some iptables rules place f.e. to block some app to access net and when I run PIA Linux app, my own iptables are overrun?

    2) How does the IPv6 leak protection work in the app - what is the method it prevents IPv6 leaks in Linux?

    My primary concern of course is my iptables rules are gone if I run this app.

    Thank you.

    Post edited by borissb on
  • VPNVPN
    Posts: 795
    1) No, there should be no kind of firewall functionality. OpenVPN manipulates network interfaces and routing. Although I don't know how they did the kill switch in Linux.
    2) My guess is /proc/sys/net/ipv6/*/disable_ipv6

    Just backup your rules and try it out?
  • borissbborissb
    edited November 2013 Posts: 6
    Yes, I tried and checked with iptables -L command in terminal, there were values that hint PIA's Linux app had kicked in and modified iptables values.

    Can someone from PIA side write also into the introduction of the app how exactly the kill switch functions in Linux + how is ipv6 leaking prevented (in detail what does the app do?)
    Post edited by borissb on
  • tinktink
    Posts: 6
    Please don't include Ruby binaries in your software package. Please try to rely as much as possible on installed system packages. Specify dependencies accordingly!

    +1 on this.  Can we get an update?  If its left as-is, won't you have to release updates once the library dependencies get outdated (as opposed to too-new for me)?
Sign In or Register to comment.