RaspberryPI VPN setup PrivateInternetAccess

vpn_setup.sh

#!/usr/bin/env bash

#tweak for your own needs original guide was here but everybody has their own setup https://not-blog.heyitschris.com/how-to-properly-set-up-pia-vpn-on-a-raspberry-pi-with-a-killswitch-ckhi6vlp900kt1cs189cm5w7u

#Obtain openvpn file such as uk-london from https://www.privateinternetaccess.com/openvpn/openvpn.zip
#Directory to store vpn files /etc/openvpn/client/uk-london.conf

sudo apt update && sudo apt upgrade -y

curl https://ipinfo.io/

sudo apt install openvpn -y

sudo bash -c 'echo "USERNAME" >> /etc/openvpn/login'
sudo bash -c 'echo "PASSWORD" >> /etc/openvpn/login'

#Modify Line
auth-user-pass -> auth-user-pass /etc/openvpn/login

sudo nano /etc/openvpn/client/uk-london.conf

sudo systemctl start openvpn-client@uk-london
sudo systemctl enable openvpn-client@uk-london

curl https://ipinfo.io/

# Allow loopback device (internal communication)
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

#Allow all local traffic.
sudo iptables -A INPUT -s 192.168.8.0/24 -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.8.0/24 -j ACCEPT

# Allow VPN establishment
# Only 2 ports open, 1 for DNS and 1 for VPN
# If establishing thru an IP and not a name, the ones with port 53 can be removed
# Port 1198 may be different depending on the VPN
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --sport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 1198 -j ACCEPT
sudo iptables -A INPUT -p udp --sport 1198 -j ACCEPT

#Accept all TUN connections (tun = VPN tunnel)
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i tun+ -j ACCEPT

#Set default policies to drop all communication unless specifically allowed
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP
sudo iptables -P FORWARD DROP

sudo apt-get install iptables-persistent -y && sudo netfilter-persistent save && sudo systemctl enable netfilter-persistent && sudo reboot