Start by downloading our CA certificate file from https://www.privateinternetaccess.com/openvpn/ca.rsa.2048.crt. We’ll be using this later. You can also find the hostnames of our gateways on our Network page here: https://www.privateinternetaccess.com/pages/network/.
- Ensure that the above certificate file is saved to your machine, somewhere that you can open it.
- Log into your pfSense gateway.
- Navigate to System -> Cert Manager -> CAs.
- If there are any certificates on this page, remove them with the trashcan icon to the right.
- Click on Add in the lower-right to add a new certificate.
- Use the following details:
Descriptive name: PIA, or something else that you will remember.
Method: Import an existing Certificate Authority
Certificate Data: Open the above certificate (ca.rsa.2048.crt) in Notepad/Textedit, then copy and paste the text into this textbox.
Certificate Private Key and Serial: Leave these blank
- Click Save to save the certificate.
- Navigate to VPN -> OpenVPN -> Clients.
- If there are any existing VPNs on this page, remove them with the trashcan icon to the right.
- Click on Add in the lower-right to add a new VPN connection.
- Use the following details:
Server port: 1198
Server hostname resolution: Ensure that "Infinitely resolve server" is checked.
User Authentication Settings: Fill the Username and Password fields with your PIA username and password.
TLS Authentication: Ensure "Enable authentication of TLS packets" is disabled.
Peer Certificate Authority: Select the PIA CA we setup.
Client Certificate: None (Username and/or Password required)
Encryption Algorithm: AES-128-CBC (128-bit).
Auth digest algorithm: SHA1 (160-bit).
Compression: Enabled with Adaptive Compression.
Disable IPv6: Ensure "Don't forward IPv6 traffic" is checked.
Custom options: Copy and paste the following into the custom options textbox:
persist-key persist-tun remote-cert-tls server reneg-sec 0
- Click Save to save the VPN connection.
- Navigate to Status -> OpenVPN.
- If Status doesn't show as "up", click the circular arrow icon under Actions to restart the service. If it still does not come up, navigate to Diagnostics -> Reboot to restart the device.
- Ensure that Status shows as "up" before continuing.
- Navigate to Firewall -> NAT -> Outbound.
- Set the Mode under General Logging Options to "Manual Outbound NAT rule generation (AON)", and click Save.
- Under the Mappings section, click the duplicate (dual-page) icon on the right for the first rule shown in the list.
- Set Interface to "OpenVPN" and click Save at the bottom.
- Repeat the last two steps for all remaining rule shown under Mappings, until every rule has a duplicate for OpenVPN.
- Click Apply at the top of the page to apply all changes.
At this point, your VPN service should be fully operational! If you find that it's not working at this point, navigate to Diagnostics -> Reboot and restart your router.
EASY Setup Guides for Alternate Configurations (Advanced):
The PPTP/L2TP/SOCKS5 protocols are provided for devices lacking compatibility with the Private Internet Access application or OpenVPN protocol. PPTP/L2TP/SOCKS5 should be used for masking one's IP address, censorship circumvention, and geolocation.
If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.
- Windows OpenVPN Setup
- macOS OpenVPN Setup
- macOS Viscosity Setup
- Ubuntu OpenVPN Setup
- Fedora OpenVPN Setup
- Robolinux 7.5.3 OpenVPN Setup
- iOS (iPad/iPhone/iTouch) OpenVPN Setup
- Android 4.0+ OpenVPN Setup
- DD-WRT OpenVPN Setup
- DD-WRT OpenVPN (Older Builds)
- Tomato OpenVPN Setup
- PfSense OpenVPN Setup
OpenVPN Configuration Files (Recommended Default)
OpenVPN Configuration Files (Strong)
Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.
SOCKS5 Proxy Usage Guides
proxy-nl.privateinternetaccess.com port 1080
Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:
After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.
Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.
The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.
This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.
We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to 220.127.116.11 and 18.104.22.168. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.
The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.
Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.
United States (US VPN)
United Kingdom (GB VPN)
Canada (CA VPN)
Australia (AU VPN)
New Zealand (NZ VPN)
Netherlands (NL VPN)
Sweden (SE VPN)
Norway (NO VPN)
Denmark (DK VPN)
Finland (FI VPN)
Switzerland (CH VPN)
France (FR VPN)
Germany (DE VPN)
Belgium (BE VPN)
Austria (AT VPN)
Czech Republic (CZ VPN)
Ireland (IE VPN)
Italy (IT VPN)
Spain (ES VPN)
Romania (RO VPN)
Turkey (TR VPN)
Hong Kong (HK VPN)
Singapore (SG VPN)
Japan (JP VPN)
Israel (IL VPN)
Mexico (MX VPN)
Brazil (BR VPN)
India (IN VPN)