Tag Archives: VPN

Ubuntu – Automatically Connect to VPN on Boot (Without Keyring Prompt)

This post assumes that you have set up a VPN connection on Ubuntu already that you are able to use, and will show you how to make that connection start on boot.

First, the easy step; tell your existing connection to automatically connect to the VPN:

  1. Open up “Network Connections”
  2. Highlight your default network connection
  3. Click edit
  4. Choose the “General” tab
  5. Check the box “Automatically connect to VPN when using this connection” and choose your VPN connection
  6. Save

automatically-connect-checkbox

Stop the Keyring Prompt

At this point, if you restart your machine, you’ll be prompted to enter your keyring:

unlock-login-keyring

To make this go away on boot, navigate to /etc/NetworkManager/system-connections and look for a file named after your VPN connection.  For me, it was “pia-toronto(openvpn)”.  In this file, make two changes:

  1. Under the “[vpn]” section, remove the “password-flags=1” line.
  2. Add a new section, “[vpn-secrets]” to the file with your VPN account password underneath it:
[vpn-secrets]
password=my_vpn_password

And now you should be good to go.

Connect to Private Internet Access through OpenVPN on OpenWRT

Introduction

Whatever the reason you want to use a VPN, whether it’s for added security, or to get an online service that’s limited to certain countries, you may find that the device you want to connect doesn’t provide the functionality.  Such as an Xbox.

But using your router to establish the VPN tunnel will make it automatic and transparent to all of your connected devices.  Which will anonymize all traffic from your ISP, or make Netflix think you’re connecting from the right side of the border.

This is a guide that will attempt to document the steps I took to connect my router to a VPN service.

I personally use Private Internet Access, so this guide will be specific to them, although a couple tweaks should allow this to work with any OpenVPN compatible service.

Prerequisites

  1. A router with OpenWRT installed
  2. A Private Internet Access account
  3. WinSCP installed (for transferring the config files onto your router)
  4. Putty installed (for testing the openvpn connection)

Guides and References I Used

  • Private Internet Access official guide for connecting through OpenVPN in DD-WRT – Link
  • OpenVPN official howto – Link
  • A helpful forum post in the OpenWRT forums.  The user had similar frustrations to me with existing guides. – Link
  • HideMyAss Wiki article for connecting to OpenVPN through OpenWRT (Most Helpful) Link
  • List of Free and Public DNS Servers – Link

Guide

Add OpenVPN to OpenWRT:

1. Log into your OpenWRT admin console, and navigate to “System -> Software” as seen below:

system software2. Get the latest list of available software by clicking “Update lists”:

update lists3. Click on “Available packages”:

available packages4. Type “openvpn” in the filter and look for exactly that in the packages list that returns:

filter for openvpn5. Install it.

Edit: Missing Steps!

Readers have mentioned that something seemed missing, as a successful connection in the router didn’t seem to translate to the devices connected to the router.  So, I set up two virtual machines – one running OpenWRT and one running Ubuntu, which would connect through the OpenWRT VM – and discovered that the missing steps involve setting up the new interface for the VPN connection.

The below steps (5.1+) are the missing steps.

5.1 Navigate to Network -> Interfaces, and click “Add New Interface”

network - interfaces - add new5.2 Use the settings:

  • Name -> tun0
  • Protocol -> unmanaged
  • Bridge? -> unchecked
  • Cover which interfaces? -> custom: “tun0”

tun0 interface initial settings

5.2b Hit submit

5.3 In the common config of your new interface, go to Firewall Settings, and set it to wan.  Then save the settings.

new tun0 interface firewall settings

Private Internet Access OpenVPN config files:

6. Download the official config files from here: link.

7. Use WinSCP to connect to your router:
— a. Use the protocol “SCP”
— b. Use your same root credentials that you use to log into LuCI (your OpenWRT admin page)

8. Navigate to /etc/openvpn/ and copy the following files into that directory (out of the config zip you downloaded from Private Internet Access):
– a. ca.crt
– b. crl.pem
– c. (optional) an ovpn file for the destination you choose to connect to.

Above, step C was optional because we can specify the server as part of the startup command later in this process.  But you will still want an ovpn configuration file.  I took one of the location specific ones and simply removed the server and port from it, creating a type of generic configuration file I can reuse if I want to connect to different parts of the world.

I also added the option “keepalive 10 120” to it after I was experiencing some connection issues, which seemed to help.

So in the end, this is the contents of my “generic-pia.ovpn” OpenVPN config file:

client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass auth
auth-nocache
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
keepalive 10 120

8a. Create a file called “auth” which is also located in “/etc/openvpn/” with the following format:

USERNAME
PASSWORD

Which will give you this, as a recap:

winscp etc openvpn listing

Test VPN Through Putty:

9. Open Putty and connect to your router, then navigate to /etc/openvpn and run the following command:

/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/generic-pia.ovpn --remote ca-toronto.privateinternetaccess.com 1194

If all goes well you should see this in the output, indicating a successful vpn connection from your router to PIA:

Sun Jul 27 14:11:06 2014 Initialization Sequence Completed

But, I bet if you open up a web browser, you can’t navigate the web. This is a DNS issue.

Set Your Own DNS Servers:

10. Resolving the DNS issue is fairly straightforward in OpenWRT, as it has a spot where you can specify your own.  To find a list of free public DNS servers, refer to this page.

Once you have picked the DNS server(s) you would like to use, open up your router’s admin page and navigate to Network -> DHCP and DNS, and place the IP addresses there.  Like so:

openwrt dns settings

Click save and apply, and then restart the VPN connection, you should now be able to navigate the web through your VPN tunnel.

Note: You can test this by using a website such as http://whatismyipaddress.com/.  Check the IP location matches the location of the server you chose.

Set VPN to Auto Start with Your Router:

11.  The final step is to configure the VPN to automatically start up with your router.  So that you don’t have to open up putty and reissue the command every time your router reboots.

Navigate to System -> Startup and look near the bottom for “Local Startup”.  Which is basically a place for you to enter commands you want the router to execute on boot.  This is what I have in that spot:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# VPN custom init
# Ensure only one VPN connection is made. 
/usr/bin/killall openvpn

# Toronto
/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/generic-pia.ovpn --remote ca-toronto.privateinternetaccess.com 1194 &

exit 0

Reboot your router, and test to see that you still can browse the web, and that your IP location is in the right spot. Hopefully all went according to plan and you’re good to go.

Happy surfing.