Manual setup for PIA (VPN Service Provider) with Gargoyle OpenVPN

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Mark Spruce
Posts: 19
Joined: Mon Sep 05, 2016 7:31 pm

Manual setup for PIA (VPN Service Provider) with Gargoyle OpenVPN

Post by Mark Spruce »

I have the PIA VPN and wonder if there are instructions on how to use the OPEN VPN in the router. In how to install manually with pasting things in the box. The first section I got OK, the 2nd part is another sotory.

CA Certificate:
Client Certificate:
Client Key:
TLS-Auth Key: Use TLS-Auth Key
TLS-Auth Direction:

I mean a step my step. I promise this will be last begging post. :shock:

Mark

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Manual setup for OpenVPN

Post by ispyisail »

command line only

I could never get it to work but others have

MereScott
Posts: 3
Joined: Tue Nov 08, 2016 6:04 am

Re: Manual setup for OpenVPN

Post by MereScott »

I'd really like a step by step guide for this as well. Would be great if someone could post this.

jj.link
Posts: 1
Joined: Fri Mar 31, 2017 4:54 pm

Re: Manual setup for OpenVPN

Post by jj.link »

Can anyone explain how to set PIA OpenVPN with the Gargoyle v1.9.2 ? It keeps telling me it missing the config file.

encro
Posts: 76
Joined: Fri Mar 13, 2015 10:52 am
Location: au.victoria

Re: Manual setup for OpenVPN

Post by encro »

Despite the TLS standard stating that a client key isn't required Gargoyle won't unfortunately let you bypass it. Private Internet Access (PIA) does not generally have a client key.

Download the PIA Certificate files (ca.rsa.2048.crt and crl.rsa.2048.pem) from https://www.privateinternetaccess.com/o ... penvpn.zip

Copy those 2 certificate files into /etc/openvpn on the Gargoyle Router using WinSCP.

While you are in the /etc/openvpn directory, create a file called pia.auth and edit the file:
The first line should have your L2TP Username
The second line should have your L2TP Password.
Save this file and change the permissions on the file to 0600 (rw-------) for security and ensure the group and owner are root.

Create a OpenVPN client from the Open VPN menu option in Connections in the Gargoyle UI.

OpenVPN Server Address: Select the address from https://www.privateinternetaccess.com/pages/network/
Port: 1198
UDP
Encryption Type: Other
aes-128-cbc

Enter the following into the 'OpenVPN Configuration:'
(Change the PIA Server name to your preferred/geographically closer option).

Code: Select all

keysize aes-128-cbc
client
dev tun
proto udp
remote aus-melbourne.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/openvpn/pia.auth
comp-lzo
verb 1
reneg-sec 0
auth-user-pass '/etc/openvpn/pia.auth'
crl-verify '/etc/openvpn/crl.rsa.2048.pem'
CA Certificate:

Code: Select all

-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----
Client Certificate:

Code: Select all

-----BEGIN CERTIFICATE-----
MIID6jCCA1OgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCSEsx
DDAKBgNVBAgTA0tMTjEMMAoGA1UEBxMDVFdTMQ4wDAYDVQQKEwVLSFZQTjERMA8G
A1UECxMIY2hhbmdlbWUxDjAMBgNVBAMTBUtIVlBOMREwDwYDVQQpEwhjaGFuZ2Vt
ZTEhMB8GCSqGSIb3DQEJARYSS0hLRzIwMDlAR01BSUwuQ09NMB4XDTEyMTEwMjE3
Mjg1NloXDTIyMTAzMTE3Mjg1NlowgZUxCzAJBgNVBAYTAkhLMQwwCgYDVQQIEwNL
TE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMFS0hWUE4xETAPBgNVBAsTCGNoYW5n
ZW1lMREwDwYDVQQDEwhDTElFTlQwMTERMA8GA1UEKRMIY2hhbmdlbWUxITAfBgkq
hkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAlm1IYDeyrJESPlRvoUvfneJyNIvtQKT38F9VAs4HpFRA8bUTVwn0
0+v9T71YSIl7KS+P/fA9CYIHLyfboUWgPGtiXWLMFd1zlAfLIiD6p5d6l+d3cC/d
njSbVikZINxotTpgNVmLaIAikZd3b7ZwSAl+pvYvRMmWdxLWsJ7nqtsCAwEAAaOC
AUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUs0IidaQauq68YrEv0N09qr+F4O8w
gccGA1UdIwSBvzCBvIAUVzid2kkwXgDaDOFQXM2Byb5yR5uhgZikgZUwgZIxCzAJ
BgNVBAYTAkhLMQwwCgYDVQQIEwNLTE4xDDAKBgNVBAcTA1RXUzEOMAwGA1UEChMF
S0hWUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ4wDAYDVQQDEwVLSFZQTjERMA8GA1UE
KRMIY2hhbmdlbWUxITAfBgkqhkiG9w0BCQEWEktIS0cyMDA5QEdNQUlMLkNPTYIJ
ANM7BA7OD4HlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkq
hkiG9w0BAQQFAAOBgQDKSmxD9hGJiHCMMhKfUaAVh4sxNkOL79QvlhtNb/ZVtnyV
2a+OnzjbEdc6feAiU+g2BQEUYLHdet/mw7nu5eg0Y/TbAj0hSokqnGWsGzaIGArD
R6StWueMlqT+R/js5/ISgUehiWDfwGsvSm3uw7eIoKT7Hw1ij8pvz5/ViTkQ2Q==
-----END CERTIFICATE-----
Client Key:

Code: Select all

-----BEGIN RSA PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJZtSGA3sqyREj5U
b6FL353icjSL7UCk9/BfVQLOB6RUQPG1E1cJ9NPr/U+9WEiJeykvj/3wPQmCBy8n
26FFoDxrYl1izBXdc5QHyyIg+qeXepfnd3Av3Z40m1YpGSDcaLU6YDVZi2iAIpGX
d2+2cEgJfqb2L0TJlncS1rCe56rbAgMBAAECgYBKrXALzDrYbqCm7tYINhmKUPuv
WHPs7rjjzP/wB4ZFr0oadHFoeVngxzwXFQG56P6KgME0KMq0aKfWYiwnkOAtu64A
3i/KsDVcah/XKe3TfWycO7Y9WjgT9OSOf5dGktnP7RjusZ6w61vjQwWAviuc0J6w
jACa9ZK53WWmkcBE8QJBAMR9gWYENs7Cly4CFDKLqS83Wf6yx/3oZU9enNc4EDZn
F1JfX9Xt1Rdx8XmES8BxVT/E8zmOC/jNlVcORo57REkCQQDD/FejfAE02lroBnck
aUUmiWZNp1q6BgsqDPWXS+DAkTG1OrFAgKOoKo7UqjWs5SvlNrr+dL3sumB0NRf2
Ku4DAkAsfJXteQrHqTr9Sa80+nXloMyZY/TvwcweOjecaq8RAio/liRmlSBn3H5l
mtRjz8UTWQ4Qe96uCC3Ftg+3dqUxAkBJ5O0OQQUbbnD0JuvpGJ/wBcJC6SS2Gu0+
r6AxqXRWZug9EqIeVeJe15z+5iZSyB2i0N30bwPlK+iOKC6erFUNAkEAr/LPOTF3
0rSBsvISYcPNjX8kRyPQXMG6ebbi20CcmIpqGzb9xnMlDixLPoMemk6JtG2hJcc4
lwi3blIK1CLBVg==
-----END RSA PRIVATE KEY-----
Click the 'Save Changes' button.

Gargoyle will then create 4 files in /etc/openvpn:
grouter_client_{randomidentifier}.conf
grouter_client_{randomidentifier}.crt
grouter_client_{randomidentifier}.key
grouter_client_{randomidentifier}_ca.crt

The grouter_client_{randomidentifier}.conf will be referenced as the configuration file in:
/etc/config/openvpn
/etc/config/openvpn_gargoyle

You should now see that OpenVPN is running and it will also appear on the Gargoyle login screen. If you go to the Private Internet Access website it will also show that you are protected at the top of the page.

I hope you find this useful, I've been trying to get this working for the last 2 days and it is finally working :D

Note that the Certificate and RSA Key data above comes from this post:
https://www.privateinternetaccess.com/f ... -on-ios/p1
Netgear WNDR3700v4 (N600) - Gargoyle 1.14.x
D-Link DIR-835 - Gargoyle 1.7.1 (Deceased)
Manual set up for PIA's OpenVPN in (Private Internet Access): https://www.gargoyle-router.com/phpbb/viewtopic.php?f=11&t=9129&p=45410#p45410

User avatar
NetMonkey
Posts: 2
Joined: Wed May 24, 2017 10:03 am

Re: Manual setup for PIA (Service Provider) with Gargoyle OpenVPN

Post by NetMonkey »

Hello all,

I checked different VPN server download speeds on the privateinternetaccess site. The Texas server was showing about 72mbps download speed when I was on their site with my normal Comcast cable connection and not using the VPN feature setup in Gargoyle.

So I got an account with the PIA website, went through the setup in this post to the letter and got OpenVPN working in Gargoyle.

Then I went to speedtest dot net and now with OpenVPN setup in Gargoyle and going through the PIA Texas VPN server, my download speed is being reported by speedtest dot net as 12mbps. What the...?

Is there something I'm overlooking in Gargoyle that I can do to boost my connection speed back up? I tried testing different server locations on the PIA site, but that's not the answer.

Any help would be appreciated. :(
Western Digital My Net N750 Gargoyle 1.9.2

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Manual setup for PIA (Service Provider) with Gargoyle OpenVPN

Post by ispyisail »

My guess would be CPU limitation.

It a known problem with fast internet providers.

User avatar
NetMonkey
Posts: 2
Joined: Wed May 24, 2017 10:03 am

Re: Manual setup for PIA (Service Provider) with Gargoyle OpenVPN

Post by NetMonkey »

ispyisail wrote:My guess would be CPU limitation.

It a known problem with fast internet providers.
I'm not sure I understand your meaning. If you mean the CPU of my router, that's not it. If you mean the Texas VPN server I referred to, it was testing at 70mbps from the PIA site.

Yet when I authorize with the Texas server as a VPN user through the VPN function in the router, I can only get a 12mbps download speed from it. And when I disable the VPN function in Gargoyle and make the normal connection through my ISP, I'm back to 90mbps download speed.

I didn't notice the user -- encro, who posted the setup info I used, having anything to say about a download speed decrease. So that's why I asked if anyone had a suggestion on a possible setting I may have overlooked, or could change.
Western Digital My Net N750 Gargoyle 1.9.2

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Manual setup for PIA (Service Provider) with Gargoyle OpenVPN

Post by Lantis »

Yes, it is the CPU on the router.
Encryption takes a lot of processing power, it can only push a lower speed if it has to encrypt it as well.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

tsas
Posts: 12
Joined: Sat Feb 20, 2016 7:57 pm

Re: Manual setup for PIA (VPN Service Provider) with Gargoyle OpenVPN

Post by tsas »

Is it possible to have openvpn configured so that the guest network is not on a vpn?

basically, I want to connect a roku to my tv and not have netflix blocked. netflix is currently blocking my pia vpn. so, just wondering if it's possible for just the roku to not connect through pia. If there's a better way to do this, I'm open to suggestions.

Post Reply