Update PIA configuration files to the NextGen Network (Gen4)

gen4.sh

#!/usr/bin/env bash

###########################################################################
#
# DESCRIPTION:
# Update the PIA configuration files genereated by PyPia to the new 
# NextGen vpn network (gen4). Even if you don't have PyPia installed,
# this script will generate the needed configuration files and copy
# the PIA certificate into '/etc/openvpn'. Of course, you will not
# have any of PyPia's functionality but you will be able to establish
# a PIA VPN connection.
#
# USAGE:
# Run the script as root.
# You will prompted for your PIA Username and Password.
# The gen4 PIA configuration files and certificate will be downloaded
# from the PIA website and new 'PIA - *' configuration files will be
# generated in '/etc/NetworkManager/system-connections'. The
# certificate will be copied to '/etc/openvpn'.
# When that is done the Network Manager Service will be restarted and
# you should be good to go.
# 
#
# Output from the commands are sent to a log file named 'gen4.log' in
# the same folder as the script.
# 
# LINKS:
# Next Generation DNS Custom Configuration:
# https://www.privateinternetaccess.com/helpdesk/kb/articles/next-generation-dns-custom-configuration
#
# DISCLAIMER:
# This script is only a temporary workaround until the PyPia script has
# been updated (https://github.com/dagrha/pypia).
#
# Please let me know if something isn't working (write a comment below).
#
# I have only tested this script a few times on my fedora 33 installation.
# Use it at your own risk!
#
# Author: saltani
#
# Date: 2020/11/11
#
# Edit: 2021/01/22
#
# CHANGES:
# - Added 'LINKS' section in description header.
# - Added list of PIA DNS servers with a short description.
#
###########################################################################
#
#
## error handeling
set -euo pipefail
#
#
## Variables
readonly pia_url="https://www.privateinternetaccess.com/openvpn/openvpn.zip"
#
# 10.0.0.242 - DNS
# 10.0.0.243 - DNS+Streaming
# 10.0.0.244 - DNS+MACE
# 10.0.0.241 - DNS+Streaming+Mace
readonly dns="10.0.0.241;10.0.0.242;10.0.0.243;10.0.0.244;"
#
readonly dst_dir="/etc/NetworkManager/system-connections"
readonly openvpn_dir="/etc/openvpn"
readonly tmp_dir="$(mktemp -d)"
#
#
# Color Codes
readonly red="\e[91m"
readonly gre="\e[92m"
readonly nml="\e[m"
#
#
## Action
function action() {
  local msg="${1:?Missing argument: Action Message}"
  printf "%-60s" "$msg..."
}
#
#
## check if user is root
function check_if_root() {
    [[ $(id -u) = 0 ]] || { printf "\e[91myou must be root\e[m\n"; exit 1; }
}
#
#
## OK Message
function ok_msg() {
  printf "[$gre %s $nml]\n" "OK"
}
#
#
## Error Message
function error_msg() {
  printf "[$red %s $nml]\n" "ERROR"
}
#
#
## get username
read -rp "PIA username: " -e username
if [[ -z $username ]];
then
  printf "$red%s$nml\n" "You must enter your PIA username"
  exit 1
fi
#
#
## get password
read -rp "PIA password: " -s password
if [[ -z $password ]];
then
  printf "\n$red%s$nml\n" "You must enter your PIA password"
  exit 1
fi
printf "********\n"
#
#
## download configuration files
function download_config_files() {
    action "Downloading PIA configuration files"
    if wget "$pia_url" -P "${tmp_dir}" &>gen4.log; then
        ok_msg
    else
        err_msg
        return "$LINENO"
    fi
}
#
#
## unpack configuration files
function unpack_archive() {
    archive_path="${tmp_dir}/$(basename ${pia_url})"
    action "Unzipping archive"
    if unzip  "$archive_path" -d "$tmp_dir" &>>gen4.log; then
        ok_msg
    else
        err_msg
        return "$LINENO"
    fi
}
#
#
## Remove old Configuration Files
function remove_old_config_files() {
    if compgen -G "${dst_dir}/PIA*" &>>gen4.log; then
        action "Removing old PIA configuration files"
        if rm -vf ${dst_dir}/PIA* &>>gen4.log; then
            ok_msg
        else
            err_msg
            return "$LINENO"
        fi
    fi
}
#
#
# Copy new certificate to '/etc/openvpn'
function copy_certificate() {
    action "Copying certifcates"
    if cp -av "${tmp_dir}/ca.rsa.2048.crt" "/etc/openvpn" &>>gen4.log; then
        ok_msg
    else
        err_msg
        return "$LINENO"
    fi
}
#
#
## Generate new Configuration Files
function generate_config_files() {
action "Generating configuration files"
if for src_file in "${tmp_dir}"/*.ovpn
do
    remote="$(grep 'remote' "$src_file" | grep -v 'server' | cut -f2 -d' ')"
    port="$(grep 'remote' "$src_file" | grep -v 'server' | cut -f3 -d' ')"
    id="PIA - $(basename "$src_file" | cut -f1 -d'.')"
    uuid="$(uuidgen)"
    dst_file="${dst_dir}/${id}"

cat <<EOF > "$dst_file"
[connection]
id=$id
uuid=$uuid
type=vpn
autoconnect=false


[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
username=$username
comp-lzo=yes
remote=$remote
connection-type=password
password-flags=0
ca=/etc/openvpn/ca.rsa.2048.crt
port=$port
auth=SHA1
cipher=AES-128-CBC


[vpn-secrets]
password=$password


[ipv4]
method=auto
dns=$dns
ignore-auto-dns=true


[ipv6]
method=ignore
EOF
done; then
ok_msg
else
    err_msg
    return "$LINENO"
fi
}
#
#
## Update Configuration File permissions
function update_permissions() {
    action "Updating file permissions"
    if chmod 600 ${dst_dir}/* &>>gen4.log; then
        ok_msg
    else
        err_msg
        return "$LINENO"
    fi
}
#
#
## Update SELinux Security Context
function update_selinux_security_context() {
    if [[ $(sestatus | grep 'SELinux status' | grep 'enabled') ]] &>>gen4.log; then
        if restorecon -v; then
            action "Updating SELinux Security Context"
            if restorecon "$openvpn_dir" "$dst_dir" &>>gen4.log; then
                ok_msg
            else
                err_msg
                return "$LINENO"
            fi
        fi
    fi
}
#
#
## Restart the NetworkManager
function restart_network_manager() {
    action "Restarting the NetworkManager Service"
    if systemctl restart NetworkManager &>>gen4.log; then
        ok_msg
    else
        err_msg
        return "$LINENO"
    fi
}
#
#
### Main Function
function main() {
    check_if_root
    download_config_files
    unpack_archive
    remove_old_config_files
    copy_certificate
    generate_config_files
    update_permissions
    update_selinux_security_context
    restart_network_manager
}
#
#
## Done
if main; then
    printf "$gre%s$nml\n" "PIA Configuration files successfully updated"
else
    printf "$red%s$nml\n" "Script failed"
fi

Tested updated version on Ubuntu 20.04.1 after deleting all PIA configs and the certificate so I had a clean baseline. PIA profiles went in ok and network manager was restarted well.

Only issue is one error message:

line 219: restorecon: command not found

I assume you just need to check if restorecon exists before executing command.

Thanks for making this :)

@JavaScriptDude
Thanks for your feedback.
I have modified the script so it checks if SELinux is installed and enabled. If not, it skips trying to restore the SELinux Security Context.
You'r welcome :-)