Sunday, 29 January 2017

Setting up a VPN on Android and Raspberry Pi (Private Internet Access - PIA)

There are a number of reason you might want to get access to a VPN, some legitimate and some a little shady like protecting yourself while downloading torrents. My main reason is that I do a bit of travelling and find myself connecting to random free Wi-Fi services and it's always bothered me that someone is probably intercepting any messages that are unencrypted and using my data (man-in-the-middle attack). It also doesn't hurt to be able to access any websites I want, regardless of and government mandates blocks to ISPs.

I decided to go with Private Internet Access as my VPN provider, they seemed to offer a wide range of functionality and multi-platform support. In my case I was focused on an Android app and easy Raspberry Pi configuration.

Note: I paid for my subscription using the website which charged me in USD. After downloading the app I realised it would have been cheaper to sign up through the app, it was advertised about $5 cheaper than I paid in AUD after conversion.


  1. Download the Android app from the app store
  2. Enter your username and password from the email you got when you subscribed
  3. Done! It's that easy

Raspberry Pi:

I used this description on the PIA forums to get my Raspberry Pi configured but had to make a couple of small changes to get it to work. It's a bit of a process, but here are the steps I followed:

  1. Log in to your device, I use the terminal app Putty for Windows to remote in to my device
  2. Make sure you device is up to date
    • sudo apt-get update
    • sudo apt-get upgrade
  3. Install openvpn and the network manager to configure the VPN on the Pi
    1. sudo apt-get install network-manager-openvpn openvpn
  4. Create a new folder for the PIA configuration files and download the PIA openvpn configurations
    • sudo mkdir  openvpn-pia
    • cd openvpn-pia
    • sudo wget
  5. Extract the openvpn zip file
    • sudo unzip
  6. Try to connect using one of the default openvpn configurations for your region. You'll be asked for your username and password
    • sudo openvpn --config ./AU\ Sydney.ovpn
    • enter username and password
  7. Once the script is running you should see a number of messages printed to the terminal, one of which should be 'Initialization Sequence Completed'. If this doesn't happen you may have mucked up one of the previous steps.
  8. The Raspberry Pi will not terminate the script when it is finished, you'll need to do this yourself by pressing 'CTRL -c' to kill the script
  9. Assuming everything went well we will now create a config file to store our username and password
    • sudo nano /etc/openvpn/login.conf
  10. The file created will be blank, enter only your username and password on separate lines as I have below
    • p123456 
    • AbCdEF123
  11. Press 'CTRL -x' to exit and enter 'y'  and 'Enter' to save the file
  12.  Change the file permission with the following command
    • sudo chmod 400 /etc/openvpn/login.conf
  13. Make a copy of the configuration file we have been previously using in the /etc/openvpn/ folder and change the file extension to .conf
    • sudo cp AU\ Sydney.ovpn /etc/openvpn/Sydney.conf
  14. Edit the .conf file we copied and add the login.conf file to the file at the line auth-user-pass. It should change from the first point to the second as shown below
    • sudo nano /etc/openvpn/Sydney.conf
    • auth-user-pass [CHANGE THIS LINE]
    • auth-user-pass login.conf [THIS IS HOW IT SHOULD LOOK AFTER CHANGE]
    • hit 'CTRL -x' to exit and type 'y' and hit 'Enter' to save
  15. You now need to copy the ca.rsa.2048.crtfile and the crl.rsa.2048.pem file to the /etc/openvpn folder. You won't see these files in your folder using the standard 'ls' command, you will need to use 'ls -a' to show hidden files
    • sudo cp ca.rsa.2048.crt /etc/openvpn/
    • sudo cp crl.rsa.2048.pem /etc/openvpn/
  16. Navigate to the openvpn folder and test the configuration file we have edited to make sure it is still working as it was in step 7
    • cd /etc/openvpn/
    • sudo openvpn Sydney.conf
  17. If everything went well you should see the 'Initialization Sequence Complete' again
  18. Now we need to add the configuration to the startup sequence so the VPN connection is made on boot. We will need to open /etc/default/openvpn file and add an autostart option
    • sudo nano /etc/default/openvpn
    • add the line 'AUTOSTART="Sydney" to the autostart commands so it looks like:
      • #AUTOSTART="all"
      • #AUTOSTART="none"
      • #AUTOSTART="home office"
      • AUTOSTART="Sydney"
  19. Done! Everything should be working, but we should test the setup to make sure everything is working on boot
    • sudo reboot
    • wget -O - -q ; echo
  20. If everything worked you should see a different IP to the one your ISP has given you

Happy restriction-free browsing


  1. Is the raspberry pi a proxy here? I.e. all other devices in your house connect to the outside world via the raspberry pi?

    1. No, this setup is only for connecting the raspberry pi directly to a proxy service.