Thanks for the reply, do you mean i need to download the openvpn.zip file again from PIA?You probably just need to upgrades your openvpn PIA config files to the nextgen version. I just spend the last couple of hours trying to figure this out. Everything was working fine until this morning.
You want https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip. I wrote the script below to setup PIA in a jail. I've got the resolvconf stuff in it commented out because I no longer use it. It might be useful to you.Thanks for the reply, do you mean i need to download the openvpn.zip file again from PIA?
#!/usr/local/bin/bash ## set -x ## ## In part based on ## https://gist.github.com/jedediahfrey/6d475dcc34c710f62a7c ## ## Includes setup of DNS servers after the VPN tunnel is brought up ## and taken down by openvpn. This functionality relies on ## https://github.com/masterkorp/openvpn-update-resolv-conf.git ## ## Doesn't try to build openvpn from ports since openvpn versions ## greater then 2.3.9 already include PW_SAVE support complied in The ## script will check your version of openvpn and if it is less than ## 2.3.9 it will terminate ## ## LICENSE: GPL2 ## https://www.gnu.org/licenses/gpl-2.0.txt ## # set -x getUsername() { read user echo $user } getPassword() { ## turn off echo to the password does not appear on the screen stty -echo read pass ## turn on echo again stty echo echo "$pass" } updatePkgs() { /usr/sbin/pkg update -f /usr/sbin/pkg upgrade -y } isOpenVpnInstalled() { ovpn=`which openvpn` if [ "x$ovpn" == "x" ] ; then return 0 else return 1 fi } installPackages() { env ALWAYS_ASSUME_YES=YES pkg install openvpn } openVpnSupportsPwSave() { ovpn_version=`openvpn --version | head -1 | awk -F ' ' '{print $2}'` major=`echo $ovpn_version | cut -d '.' -f 1` minor=`echo $ovpn_version | cut -d '.' -f 2` patch=`echo $ovpn_version | cut -d '.' -f 3` ## see https://www.freshports.org/security/openvpn ## if [ $major -eq 2 ] && [ $minor -ge 3 ] && [ $patch -gt 9 ] ; then if [ $major -eq 2 ] && [ $minor -ge 3 ] ; then echo "OpenVPN appears to support PW_SAVE. Does not need upgrading" return 0 else echo "OpenVPN appears to not support PW_SAVE. You should install it from ports before rerunning this script." echo "Commands like the following may help" echo "/usr/sbin/portsnap fetch" echo "/usr/sbin/portsnap extract" echo "cd /usr/ports/security/openvpn" echo "/usr/bin/make config-recursive" echo "/usr/bin/make install" echo "/usr/bin/make clean" exit 1 fi } getIpAddress () { # if [ -x "/usr/local/bin/wget" ] ; then # ip=`wget -qO- http://wtfismyip.com/text` # elif [ -x "/usr/local/bin/curl" ] ; then # ip=`curl -s http://wtfismyip.com/text` # fi ip=`fetch -q -o- http://wtfismyip.com/text` echo $ip } chooseVpnServer() { echo "Available VPN servers are:" > /dev/stderr i=1 for ff in *.ovpn ; do echo -e "\t$i:\t$ff" > /dev/stderr i=`expr $i + 1` done echo -n "Enter a number corresponding to a server listed above: " > /dev/stderr read choice echo `ls -1 *.ovpn | sed "${choice}q;d"` } ################################################################################ ### END OF FUNCTION DEFINITIONS ################################################################################ if ! isOpenVpnInstalled ; then # check open vpn version openVpnSupportsPwSave else echo "Could not find OpenVPN. Attempting to install" installPackages openVpnSupportsPwSave fi openVpnDir=/usr/local/etc/openvpn rm -fr $openVpnDir mkdir $openVpnDir cd $openVpnDir echo "Downloading private internet access OpenVPN configuration files" fetch https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip piaOpenVpnZipFilename=openvpn-nextgen.zip #echo "Getting update-resolv-conf script" #git clone https://github.com/masterkorp/openvpn-update-resolv-conf.git ## set the correct paths #echo "Setting correct path to bash and resolvconf script" #sed -i ".orig" 's#bin/bash#usr/local/bin/bash#;s#^RESOLVCONF.*#RESOLVCONF=/sbin/resolvconf#' $openVpnDir/openvpn-update-resolv-conf/update-resolv-conf.sh ## now tell resolvconf to manage the epair interface so that DNS ## settings will be updated automatically by the update-resolv-conf.sh ## when it is invoked by openvpn #cp /etc/resolv.conf /tmp/resolv.conf #RESOLVCONF=$(which resolvconf) ## clear the state directory #$RESOLVCONF -I #dev=`ifconfig -l | tr ' ' '\n' | grep -v lo | grep -v pflog` #dev_count=$( echo $dev | wc -l ) #if [[ $dev_count -gt 1 ]] ; then # echo "Got more than one configured interface. This script can't handle more then one configured interface. Exiting" # exit 256 #fi #echo "Configuring $RESOLVCONF to manage the DNS resolution servers for ${dev}" # $RESOLVCONF -a "${dev}.inet" < /tmp/resolv.conf ## rm -f /tmp/resolv.conf if [ -f ${piaOpenVpnZipFilename} ] ; then unzip -q ${piaOpenVpnZipFilename} rm -f ${piaOpenVpnZipFilename} for ovpn in *.ovpn ; do ## echo "Editing $ovpn" # Tell OpenVPN where to find the username and password if grep -q auth-user-pass "$ovpn" ; then sed -i ".orig" "s#auth-user-pass#auth-user-pass $openVpnDir/pass.txt#" "$ovpn" else echo "auth-user-pass $openVpnDir/pass.txt" >> "$ovpn" fi # Tell OpenVPN what script to run when the tunnel is brought # up and down echo "script-security 2" >> "$ovpn" echo "up /usr/local/libexec/openvpn-client.up" >> "$ovpn" echo "down /usr/local/libexec/openvpn-client.down" >> "$ovpn" ## Try to keep the link alive by pinging every 60 seconds if ## nothing is sent across the tunnel. Any server side ## provided keep-alive or ping and ping-restart options will ## override this keep-alive directive echo "keepalive 60 120" >> "$ovpn" ## run the up/down script on restarts of the tun interface. Hopefully ## this will eliminate DNS resolution issues echo "up-restart" >> "$ovpn" #Use full path names to avoid ambiguity # sed -i ".orig" -e "s#ca\.crt\$#$openVpnDir/ca\.crt#g" "$ovpn" # sed -i ".orig" -e "s#crl\.pem\$#$openVpnDir/crl\.pem#g" "$ovpn" ## Finally replace the spaces in the filename with underscores ## to make typing the filenames less of a PITA ovpn2=`echo $ovpn | sed "s/ /_/g"` mv -f "$ovpn" "$ovpn2" rm -f "${ovpn}.orig" done fi ## now ask for the username and password used to authenticate to the VPN provider echo -n "Enter VPN service username: " username=`getUsername` echo -n "Enter VPN service password (it will not appear on screen when you type it): " password=`getPassword` passwordFile=$openVpnDir/pass.txt touch $passwordFile chmod 600 $passwordFile echo $username > $passwordFile echo $password >> $passwordFile echo "" vpnServer=`chooseVpnServer` echo "You chose $vpnServer as your VPN server" echo "Enabling OpenVPN" sysrc openvpn_enable=YES echo "Setting your VPN server of choice" sysrc openvpn_configfile="$openVpnDir/$vpnServer" echo "Getting remote host name from OpenVPN config file" remote_host_name=$( grep "remote " $openVpnDir/$vpnServer | awk '{print $2}' ) echo "Remote host is: $remote_host_name" echo "Converting remote host to list of class C IPV4 networks" remote_host_nets=( $( host $remote_host_name | \ grep -v "is an alias for" | \ awk '{print $4}' | \ sed 's#\.[0-9][0-9]*$##g' | \ sort | \ uniq ) ) echo "Got ${#remote_host_nets[@]} class C networks for the remote host name" cat /dev/null > $openVpnDir/openvpn_nets_ipfw_table.txt for (( ii=0; ii< ${#remote_host_nets[@]}; ii++ )) ; do echo "Remote host net[${ii}]: ${remote_host_nets[$ii]}" echo "${remote_host_nets[$ii]}.0/24" >> $openVpnDir/openvpn_nets_ipfw_table.txt done echo "Your DNS resolvers are:" cat /etc/resolv.conf oldIp=`getIpAddress` service openvpn start sleepDuration=5 echo "Waiting ${sleepDuration} second for OpenVPN to start" sleep ${sleepDuration} newIp=`getIpAddress` echo "IP before starting OpenVPN: $oldIp" echo "IP after starting OpenVPN: $newIp" if [ "$oldIp" != "$newIp" ] ; then echo "Success! OpenVPN appears to have started successfully." else echo "The old IP and new IP are the same. It appears that OpenVPN didn't start correctly" fi echo "Your DNS resolvers are:" cat /etc/resolv.conf
You want https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip. I wrote the script below to setup PIA in a jail. I've got the resolvconf stuff in it commented out because I no longer use it. It might be useful to you.
Code:#!/usr/local/bin/bash ## set -x ## ## In part based on ## https://gist.github.com/jedediahfrey/6d475dcc34c710f62a7c ## ## Includes setup of DNS servers after the VPN tunnel is brought up ## and taken down by openvpn. This functionality relies on ## https://github.com/masterkorp/openvpn-update-resolv-conf.git ## ## Doesn't try to build openvpn from ports since openvpn versions ## greater then 2.3.9 already include PW_SAVE support complied in The ## script will check your version of openvpn and if it is less than ## 2.3.9 it will terminate ## ## LICENSE: GPL2 ## https://www.gnu.org/licenses/gpl-2.0.txt ## # set -x getUsername() { read user echo $user } getPassword() { ## turn off echo to the password does not appear on the screen stty -echo read pass ## turn on echo again stty echo echo "$pass" } updatePkgs() { /usr/sbin/pkg update -f /usr/sbin/pkg upgrade -y } isOpenVpnInstalled() { ovpn=`which openvpn` if [ "x$ovpn" == "x" ] ; then return 0 else return 1 fi } installPackages() { env ALWAYS_ASSUME_YES=YES pkg install openvpn } openVpnSupportsPwSave() { ovpn_version=`openvpn --version | head -1 | awk -F ' ' '{print $2}'` major=`echo $ovpn_version | cut -d '.' -f 1` minor=`echo $ovpn_version | cut -d '.' -f 2` patch=`echo $ovpn_version | cut -d '.' -f 3` ## see https://www.freshports.org/security/openvpn ## if [ $major -eq 2 ] && [ $minor -ge 3 ] && [ $patch -gt 9 ] ; then if [ $major -eq 2 ] && [ $minor -ge 3 ] ; then echo "OpenVPN appears to support PW_SAVE. Does not need upgrading" return 0 else echo "OpenVPN appears to not support PW_SAVE. You should install it from ports before rerunning this script." echo "Commands like the following may help" echo "/usr/sbin/portsnap fetch" echo "/usr/sbin/portsnap extract" echo "cd /usr/ports/security/openvpn" echo "/usr/bin/make config-recursive" echo "/usr/bin/make install" echo "/usr/bin/make clean" exit 1 fi } getIpAddress () { # if [ -x "/usr/local/bin/wget" ] ; then # ip=`wget -qO- http://wtfismyip.com/text` # elif [ -x "/usr/local/bin/curl" ] ; then # ip=`curl -s http://wtfismyip.com/text` # fi ip=`fetch -q -o- http://wtfismyip.com/text` echo $ip } chooseVpnServer() { echo "Available VPN servers are:" > /dev/stderr i=1 for ff in *.ovpn ; do echo -e "\t$i:\t$ff" > /dev/stderr i=`expr $i + 1` done echo -n "Enter a number corresponding to a server listed above: " > /dev/stderr read choice echo `ls -1 *.ovpn | sed "${choice}q;d"` } ################################################################################ ### END OF FUNCTION DEFINITIONS ################################################################################ if ! isOpenVpnInstalled ; then # check open vpn version openVpnSupportsPwSave else echo "Could not find OpenVPN. Attempting to install" installPackages openVpnSupportsPwSave fi openVpnDir=/usr/local/etc/openvpn rm -fr $openVpnDir mkdir $openVpnDir cd $openVpnDir echo "Downloading private internet access OpenVPN configuration files" fetch https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip piaOpenVpnZipFilename=openvpn-nextgen.zip #echo "Getting update-resolv-conf script" #git clone https://github.com/masterkorp/openvpn-update-resolv-conf.git ## set the correct paths #echo "Setting correct path to bash and resolvconf script" #sed -i ".orig" 's#bin/bash#usr/local/bin/bash#;s#^RESOLVCONF.*#RESOLVCONF=/sbin/resolvconf#' $openVpnDir/openvpn-update-resolv-conf/update-resolv-conf.sh ## now tell resolvconf to manage the epair interface so that DNS ## settings will be updated automatically by the update-resolv-conf.sh ## when it is invoked by openvpn #cp /etc/resolv.conf /tmp/resolv.conf #RESOLVCONF=$(which resolvconf) ## clear the state directory #$RESOLVCONF -I #dev=`ifconfig -l | tr ' ' '\n' | grep -v lo | grep -v pflog` #dev_count=$( echo $dev | wc -l ) #if [[ $dev_count -gt 1 ]] ; then # echo "Got more than one configured interface. This script can't handle more then one configured interface. Exiting" # exit 256 #fi #echo "Configuring $RESOLVCONF to manage the DNS resolution servers for ${dev}" # $RESOLVCONF -a "${dev}.inet" < /tmp/resolv.conf ## rm -f /tmp/resolv.conf if [ -f ${piaOpenVpnZipFilename} ] ; then unzip -q ${piaOpenVpnZipFilename} rm -f ${piaOpenVpnZipFilename} for ovpn in *.ovpn ; do ## echo "Editing $ovpn" # Tell OpenVPN where to find the username and password if grep -q auth-user-pass "$ovpn" ; then sed -i ".orig" "s#auth-user-pass#auth-user-pass $openVpnDir/pass.txt#" "$ovpn" else echo "auth-user-pass $openVpnDir/pass.txt" >> "$ovpn" fi # Tell OpenVPN what script to run when the tunnel is brought # up and down echo "script-security 2" >> "$ovpn" echo "up /usr/local/libexec/openvpn-client.up" >> "$ovpn" echo "down /usr/local/libexec/openvpn-client.down" >> "$ovpn" ## Try to keep the link alive by pinging every 60 seconds if ## nothing is sent across the tunnel. Any server side ## provided keep-alive or ping and ping-restart options will ## override this keep-alive directive echo "keepalive 60 120" >> "$ovpn" ## run the up/down script on restarts of the tun interface. Hopefully ## this will eliminate DNS resolution issues echo "up-restart" >> "$ovpn" #Use full path names to avoid ambiguity # sed -i ".orig" -e "s#ca\.crt\$#$openVpnDir/ca\.crt#g" "$ovpn" # sed -i ".orig" -e "s#crl\.pem\$#$openVpnDir/crl\.pem#g" "$ovpn" ## Finally replace the spaces in the filename with underscores ## to make typing the filenames less of a PITA ovpn2=`echo $ovpn | sed "s/ /_/g"` mv -f "$ovpn" "$ovpn2" rm -f "${ovpn}.orig" done fi ## now ask for the username and password used to authenticate to the VPN provider echo -n "Enter VPN service username: " username=`getUsername` echo -n "Enter VPN service password (it will not appear on screen when you type it): " password=`getPassword` passwordFile=$openVpnDir/pass.txt touch $passwordFile chmod 600 $passwordFile echo $username > $passwordFile echo $password >> $passwordFile echo "" vpnServer=`chooseVpnServer` echo "You chose $vpnServer as your VPN server" echo "Enabling OpenVPN" sysrc openvpn_enable=YES echo "Setting your VPN server of choice" sysrc openvpn_configfile="$openVpnDir/$vpnServer" echo "Getting remote host name from OpenVPN config file" remote_host_name=$( grep "remote " $openVpnDir/$vpnServer | awk '{print $2}' ) echo "Remote host is: $remote_host_name" echo "Converting remote host to list of class C IPV4 networks" remote_host_nets=( $( host $remote_host_name | \ grep -v "is an alias for" | \ awk '{print $4}' | \ sed 's#\.[0-9][0-9]*$##g' | \ sort | \ uniq ) ) echo "Got ${#remote_host_nets[@]} class C networks for the remote host name" cat /dev/null > $openVpnDir/openvpn_nets_ipfw_table.txt for (( ii=0; ii< ${#remote_host_nets[@]}; ii++ )) ; do echo "Remote host net[${ii}]: ${remote_host_nets[$ii]}" echo "${remote_host_nets[$ii]}.0/24" >> $openVpnDir/openvpn_nets_ipfw_table.txt done echo "Your DNS resolvers are:" cat /etc/resolv.conf oldIp=`getIpAddress` service openvpn start sleepDuration=5 echo "Waiting ${sleepDuration} second for OpenVPN to start" sleep ${sleepDuration} newIp=`getIpAddress` echo "IP before starting OpenVPN: $oldIp" echo "IP after starting OpenVPN: $newIp" if [ "$oldIp" != "$newIp" ] ; then echo "Success! OpenVPN appears to have started successfully." else echo "The old IP and new IP are the same. It appears that OpenVPN didn't start correctly" fi echo "Your DNS resolvers are:" cat /etc/resolv.conf
You probably just need to upgrades your openvpn PIA config files to the nextgen version. I just spend the last couple of hours trying to figure this out. Everything was working fine until this morning.