This week’s post will be the final how-to for Private Internet Access and will cover Linux. For this project I used Ubuntu running in a virtual machine. If you’re new to Linux and don’t know how to install applications in Linux, Private Internet Access’ website offers a good tutorial. Without further ado, Private Internet Access for Linux:
Private Internet Access for Linux – Basics
Like last week’s post, setting up Private Internet Access for Linux is a fairly painless process. First, purchase a PIA subscription. Next, download and install the PIA application. Once the PIA application is installed and running, you will see a PIA logo in your task bar. The logo is your indicator that you are connected to the VPN. If it is green with a small check-mark beside it, you are connected. If it is greyed out, you are unconnected. Clicking this logo will allow you to select a VPN server, connect, disconnect, and exit the application. It will also allow you to access the settings.
Clicking “Settings” will open a new window. This contains only basic settings including username, password, and auto-start/auto-connect. For maximum protection, I recommend checking both the “Start application at login”, “Auto-connect on launch”, and “Show desktop notifications” boxes. The “Region” drop down allows you to select the server set to which your VPN automatically connects. To access additional settings, click the “Advanced” button.
Private Internet Access for Linux – Connection Settings
The settings menu will expand to include connection settings. I will only address the settings that are pertinent to security and privacy.
Connection type: The first setting is Connection type and the options are UDP and TCP. The UDP connection is generally preferred for VPNs for performance reasons. Some public networks attempt to limit VPN traffic by blocking UPD packets. If you run into this, switching to TCP may help resolve the situation.
PIA MACE™: This setting purports to be a built-in ad blocker. I am still unsure of how this technology works, and have not played with it enough to be comfortable recommending it.
VPN Kill Switch: The next setting you should look at is the “VPN Kill Switch”. This “kills” your internet connection should the VPN connection drop unexpectedly (hey, it happens). This setting can be a bit tricky, however.The problems people are likely to run into are situations like logging into hotel or coffee shop internet. Packets from the computer are blocked until you sign in on the host’s website. Because the VPN can’t connect, it won’t let you onto the internet to sign in – your standard Catch-22. In situations like this you can either a. open PIA’s settings, disable the kill switch, or b. exit the VPN program (my preferred technique). You can then sign into the hotel’s Wi-Fi, re-open PIA/re-enable the kill switch and you should be good to go.
DNS Leak Protection: This setting should be checked! This setting ensures that DNS requests are routed through the VPN. By default this option is left unchecked because it may cause connectivity issues on some networks. I recommend checking it, and unchecking only if you experience problems.
IPV6 leak protection: Even though your VPN will always protect your IPV4 IP address, your IPV6 address can still leak. I’ll spare you the technical details, but you should leave this box checked.
Private Internet Access for Linux – Crypto Settings
Clicking the “Encryption” button displays more options. You can manipulate the data encryption, data authentication algorithm, and handshake protocol strength. These options are defaulted to a compromise between performance and security (AES-128, SHA-256, RSA-2048). I prefer to go as secure as possible, and accept the possible loss in performance. My recommended settings are, as shown below, AES-256, SHA-256, and RSA-4096.
Of course these are just recommendations. Even in its default state Private Internet Access provides excellent protection, especially when compared with browsing unprotected. As always, I will point out that there are plenty of other good VPN services out there. Do your homework and choose what your are comfortable with.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.