Quoted Strings

PrivadoVPN on Arch Linux

  2025/06/16

Posted Tag: #Linux
Other Tags: #Windows, #Personal, #All

I have an account with PrivadoVPN and, although the do not have an application for Linux in general, they do have instructions as to how to setup a server connection on Linux. Typical of me I wanted more. So here it is an application of sorts that lets you pick which of their server connections you want at a point in time. But first how do you setup an IKEv2 IPSEC VPN connection on Arch Linux. This should work on any other distribution of Linux since IPSEC is a part of Linux. I just adapted for Arch Linux

Type sudo su in bash to gain root access. Below are is the setup method I use:

cd /

pacman -S strongswan

sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf

printf '%s' 'your username' : EAP ' 'your password' >> /etc/ipsec.secrets && mv /etc/ipsec.d/cacerts /etc/ipsec.d/cacerts_old && ln -s /etc/ssl/certs /etc/ipsec.d/cacerts

exit

The next thing you need are the various server connections for PrivaroVPN. Go to Support, PrivadoVPN Setup Guides and under that See All. Then choose Manual Setup. Go down to Linux IKEv2 Manual Setup. They give the setup for Debian-based distributions, which I adapted for Arch Linux. What you really want on this page is the connection listing at https://app.privado.live/en/server-list. You will need your username and password to do this. I usually highlight all of the server connection information and then copy it all pasting it into a spreadsheet like Calc with LibreOffice. You also get the number of server nodes at each IP address. I usually pick the one with the most server nodes for my purposes. I pick about six or so in my country and use them. What you need is the entry ending with vpn.privado.io. Place it in a structure like the below:

conn dca
        keyexchange=ike
        dpdaction=clear
        dpddelay=300s
        eap_identity=username
        leftauth=eap-mschapv2
        left=%defaultroute
        leftsourceip=%config
        right=xxx-###.vpn.privado.io
        rightid=vpn.privado.io
        rightauth=pubkey
        rightsubnet=0.0.0.0/0
        rightid= %any
        type=tunnel
        auto=add

The conn is the connection name, which here is Washington DC , I use to later to identify the connection. The other things needed are username and the server node at this location you want to use. I end up doing is the below to update the file ipsec.conf.

sudo su

cd /

cat <<EOF >> /etc/ipsec.conf

conn dca
        keyexchange=ike
        dpdaction=clear
        dpddelay=300s
        eap_identity=username
        leftauth=eap-mschapv2
        left=%defaultroute
        leftsourceip=%config
        right=xxx-###.vpn.privado.io
        rightid=vpn.privado.io
        rightauth=pubkey
        rightsubnet=0.0.0.0/0
        rightid= %any
        type=tunnel
        auto=add

EOF

exit

sudo ipsec restart

This is just one connection but I use one long cat to set nine entries for my purposes. Below is my bash script I use to automate this making it my own little application for PrivadoVPN on Arch Linux.

#!/bin/bash

items=(Amsterdam Atlanta Chicago Dallas Los_Angeles Miami New_York San_Francisco Washington_DC)
options=()
for item in ${items[@]}; do
  options+=("${item}" "")
done

while true; do
  config=$(whiptail --title "Select an VPN Server:" --menu "" 15 40 6 "${options[@]}" 3>&1 1>&2 2>&3)
  if [ "$?" = "0" ]; then
    case $config in
      Amsterdam)
        server="ams"
      ;;
      Atlanta)
        server="atl"
      ;;
      Chicago)
        server="ord"
      ;;
      Dallas)
        server="dfw"
      ;;
      Los_Angeles)
        server="lax"
      ;;
      Miami)
        server="mia"
      ;;
      New_York)
        server="jfk"
      ;;
      San_Francisco)
        server="sfo"
      ;;
      Washington_DC)
        server="dca"
      ;;
    esac
    break
  else
    clear
    whiptail --backtitle --msgbox  "  A server entry is required. Please try Again...?" 8 55               
  fi
done

sudo ipsec restart
echo "Enabling $config!"
sleep 5
sudo ipsec up $server

docker-compose -f ~/bin/docker/docker-compose.yml up -d
read -n1 -p 'Press any key to disable docker containers and the vpn...'
docker-compose -f ~/bin/docker/docker-compose.yml down

sudo ipsec down $server

echo ""
read -n1 -p 'The VPN is down, press any key to continue...'
exit 1

To start an connection manually type sudo ipsec up dca and sudo ipsec down dca when you want to disconnect.

I have Amsterdam listed because it is in Europe, which sometimes is faster believe it or not . Yes I run a docker-compose file while the VPN is running. That is a whole other subject to write about.

As a bonus, when connected to the VPN go here to verify your DNS.

Wish to add a comment? Your email address will never be shared with anyone.

Email me a comment to post it.