1. Robert Bak

    Awesome, you should put the “dnf” and “systemctl …” parts in the script too, and maybe make a github gist out of this so people can star or fork it 🙂

    • Ahriman

      Hi Robert.
      The idea was to describe all the individual steps instead of giving away a script that does everything, so the readers can learn what each step does (if they want).
      In the end I had to compromise and put the non-trivial steps in a simple script anyway. It would be too complicated to explain them without making this a monster post. 🙂
      Perhaps I should dedicate some time and put all this in a proper shell script…
      Thanks for the suggestion!

  2. Zach

    Wow!! Thank you so much!! I did have some trouble at one point but I just had to save using unix/linux line endings.

    But wow! I had talked to the support yesterday in hopes that they could help me but all they referred me to was something for Ubuntu which isn’t entirely helpful when I’m running Fedora.

    It’s actually working!! I’ll be bookmarking this page for sure, maybe even asking the support to refer others to this page if they come into a situation like mine where they are using Fedora. Thanks again!

    • Ahriman

      Thanks for pointing that out!

      I’ve quickly looked into that shell script. It might be helpful to some people, but it’s basically the same script provided by PIA for Ubuntu with a few modifications. Besides obvious changes like replacing apt-get by dnf and translating Debian’s package names to their counterparts in Fedora, I see that this new script:

      • Gives the user the option to add its password to the VPN configuration files, however:
        • It’s a bad idea (in my opinion) because this should be managed by the Gnome Keyring;
        • The variable PASS is not properly initialized which might cause problems if it was previously defined and the user doesn’t choose to add its password to the VPN files;
      • Assumes that the package python is Python 2.7, which might not be true for older Fedora releases (Python 2.7 is needed to parse the JSON file that contains the VPN servers’ info);
      • Contains PIA’s public key hard-coded (just like the original Ubuntu version). Despite it’s very unlikely that this will change, I still prefer to download it fresh from PIA’s website during the installation;
      • Adds an incorrect file-context for /etc/openvpn/ca.crt. It should be openvpn_etc_t (or cert_t) instead of home_cert_t.

      Kudos to Shayne Wang for adjusting PIA’s script, and it’s definitely a step in the right direction, but for now I will stick to the steps I described in this post for configuring PIA VPN in Fedora. 🙂

  3. Adrian

    Can’t thank you enough for the post and the script. Completely taken the work out of setting up PIA. I wish I could find blog posts like these for every issue I run into! Thanks again.

  4. GAtos

    Hi this post is simply great , thanks a lot for all, it work both on fedora and Korrora , cant yous please help to install this on Opensuse 42.1, i was thinking that is the same methode but dnf commande does not act on Opensuse terminal.

    Thanks for help.

    • Ahriman

      I don’t have experience with openSUSE, but I believe you need to use zypper instead of dnf. The package names might be different too, so you need to adjust them.
      Good luck and let me know if it worked.

  5. GAtos

    Hi , and thanks for your replay ,
    in fact the script work as a charme on Opensuse.

    All i have to do is installing openvpn package with yaST.

    And create the pia.sh file and save it to Download folder for example then cd \… to Downloads and run all the commands.

    At :
    # restorecon -F /etc/openvpn/ca.crt
    # restorecon -F /etc/NetworkManager/system-connections/PIA\ *

    In the terminal open suse find the right commande to download, install and run it (very simple) all the other commands to are going well in Opensuse 42.1, and after :

    # systemctl restart NetworkManager

    Everythings goes right !!!

    Thank you for this smart and well done job.


  6. New Bee

    Hello, I’m having trouble with this. It asks for my username, which I enter… and then this:

    ./pia.sh: line 8: wget: command not found
    Traceback (most recent call last):
    File “”, line 3, in
    File “/usr/lib64/python2.7/json/__init__.py”, line 291, in load
    File “/usr/lib64/python2.7/json/__init__.py”, line 339, in loads
    return _default_decoder.decode(s)
    File “/usr/lib64/python2.7/json/decoder.py”, line 364, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
    File “/usr/lib64/python2.7/json/decoder.py”, line 382, in raw_decode
    raise ValueError(“No JSON object could be decoded”)
    ValueError: No JSON object could be decoded
    ./pia.sh: line 17: wget: command not found
    rm: cannot remove ‘/tmp/openvpn-4856.zip’: No such file or directory

    I have followed your instructions, and this is a clean install of fedora24. Can you tell me what I need to do?

    • New Bee

      oops! I figured it out :p Needed to install ‘wget’, and then restart NetworkManager, as GAtos said. Thank you!

      • Ahriman

        There you go. 😉
        Please don’t just run the script. It’s only one piece of the whole setup. You must follow all the instructions.

    • Ahriman

      You need to install wget, as mentioned in the preparation steps, to download the JSON file which contains the VPN servers’ information. All other error messages are due to the missing JSON file.

  7. KingKronk

    PIA must have did something on their end as my VPN on fedora does not work anymore. Connection cannot be activated.

    Was working before today, last night… 🙂

    Can this script be updated to reflect any changes? Is there a removal script for the old setup?

    • Ahriman

      Two days ago PIA sent out an email to all clients communicating that they are no longer doing business within Russian territory due to new laws that were passed there. PIA also said that they have updated their apps, rotated all their certificates and improved their encryption algorithms.

      As far as this post is concerned, the connection port, encryption cipher and CA’s certificate had to be updated, which I just did.
      Just rerun all the steps (not only the shell script) to get things working again. 😉

  8. EmbeddedIvan

    Thanks alot for taking the time to post this article. I was a little overwhelmed having jumped into the deep end from Linux Mint after a couple of years into Fedora and your explanation helped me painlessly set up PIA on my new system.
    Much Appreciated

  9. Riley

    Thank you so much for taking the time to do this! You provided an awesome guide for running the script and I really appreciate it 🙂

  10. Tony

    Great, this had me stumped but it all works fine.
    One question, in Windows and in Mint, their is also an option to go into ‘Settings’ and select to use MACE and othe PIA specific settings, I am uncertain how to do this. Do you know?

    Thanks a lot for this it really helped.

    • Ahriman

      I believe you are referring to the PIA client app on Windows and Mint.
      MACE is an ad blocker developed by PIA and released earlier this year that uses a custom DNS server to resolve IP addresses to localhost whenever it detects a unwanted domain.
      You might do just fine with browser extensions like Privacy Badger or Ghostery though.

      • tony

        Thanks for the reply – no I mean when you right click on the PIA icon in the taskbar (in mint) as well as the aption of connecting to any of the servers in the server list, their as also a ‘settings’ choice that can be made. This is what I was trying to get into.

        I’m already using Privay Badger an d uBlock.

        Thanks again.

Leave a Reply

Your email address will not be published. Required fields are marked *