PrivadoVPN on Arch Linux
2025/06/16
Posted Tag: #Linux
Other Tags: #Windows, #Personal, #All
I have an account with PrivadoVPN and, although the do not have an application for Linux in general, they do have instructions as to how to setup a server connection on Linux. Typical of me I wanted more. So here it is an application of sorts that lets you pick which of their server connections you want at a point in time. But first how do you setup an IKEv2 IPSEC VPN connection on Arch Linux. This should work on any other distribution of Linux since IPSEC is a part of Linux. I just adapted for Arch Linux
Type sudo su in bash to gain root access. Below are is the setup method I use:
cd /
pacman -S strongswan
sed -i 's/load = yes/load = no/g' /etc/strongswan.d/charon/constraints.conf
printf '%s' 'your username' : EAP ' 'your password' >> /etc/ipsec.secrets && mv /etc/ipsec.d/cacerts /etc/ipsec.d/cacerts_old && ln -s /etc/ssl/certs /etc/ipsec.d/cacerts
exitThe next thing you need are the various server connections for PrivaroVPN. Go to Support, PrivadoVPN Setup Guides and under that See All. Then choose Manual Setup. Go down to Linux IKEv2 Manual Setup. They give the setup for Debian-based distributions, which I adapted for Arch Linux. What you really want on this page is the connection listing at https://app.privado.live/en/server-list. You will need your username and password to do this. I usually highlight all of the server connection information and then copy it all pasting it into a spreadsheet like Calc with LibreOffice. You also get the number of server nodes at each IP address. I usually pick the one with the most server nodes for my purposes. I pick about six or so in my country and use them. What you need is the entry ending with vpn.privado.io. Place it in a structure like the below:
conn dca
keyexchange=ike
dpdaction=clear
dpddelay=300s
eap_identity=username
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=xxx-###.vpn.privado.io
rightid=vpn.privado.io
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid= %any
type=tunnel
auto=addThe conn is the connection name, which here is Washington DC , I use to later to identify the connection. The other things needed are username and the server node at this location you want to use. I end up doing is the below to update the file ipsec.conf.
sudo su
cd /
cat <<EOF >> /etc/ipsec.conf
conn dca
keyexchange=ike
dpdaction=clear
dpddelay=300s
eap_identity=username
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=xxx-###.vpn.privado.io
rightid=vpn.privado.io
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid= %any
type=tunnel
auto=add
EOF
exit
sudo ipsec restartThis is just one connection but I use one long cat to set nine entries for my purposes. Below is my bash script I use to automate this making it my own little application for PrivadoVPN on Arch Linux.
#!/bin/bash
items=(Amsterdam Atlanta Chicago Dallas Los_Angeles Miami New_York San_Francisco Washington_DC)
options=()
for item in ${items[@]}; do
options+=("${item}" "")
done
while true; do
config=$(whiptail --title "Select an VPN Server:" --menu "" 15 40 6 "${options[@]}" 3>&1 1>&2 2>&3)
if [ "$?" = "0" ]; then
case $config in
Amsterdam)
server="ams"
;;
Atlanta)
server="atl"
;;
Chicago)
server="ord"
;;
Dallas)
server="dfw"
;;
Los_Angeles)
server="lax"
;;
Miami)
server="mia"
;;
New_York)
server="jfk"
;;
San_Francisco)
server="sfo"
;;
Washington_DC)
server="dca"
;;
esac
break
else
clear
whiptail --backtitle --msgbox " A server entry is required. Please try Again...?" 8 55
fi
done
sudo ipsec restart
echo "Enabling $config!"
sleep 5
sudo ipsec up $server
docker-compose -f ~/bin/docker/docker-compose.yml up -d
read -n1 -p 'Press any key to disable docker containers and the vpn...'
docker-compose -f ~/bin/docker/docker-compose.yml down
sudo ipsec down $server
echo ""
read -n1 -p 'The VPN is down, press any key to continue...'
exit 1To start an connection manually type sudo ipsec up dca and sudo ipsec down dca when you want to disconnect.
I have Amsterdam listed because it is in Europe, which sometimes is faster believe it or not . Yes I run a docker-compose file while the VPN is running. That is a whole other subject to write about.
As a bonus, when connected to the VPN go here to verify your DNS.
Wish to add a comment? Your email address will never be shared with anyone.