Looking to make a OpenVPN config file for my dedicated IP

As the title says, I’m looking to make a OpenVPN file for the dedicated Ip that PIA offers. They do not offer native support in their config file creator for the dedicated Ip. Is this even possible? I would like my router to be able to connect to only that IP. Since it has the lowest latency and the highest DL speed from the list of local servers.

Side note, my TP Link router only works well with andriod files, using openvpn 2.4 and RSA-4096

Were you able to do it?, I’m starting to do some research on how to do this with wireguard since it would be so much faster than openvpn.

https://www.reddit.com/r/PrivateInternetAccess/s/y1qiO8kmB3

Figured it out, and made a tutorial.

Also. The dedicated ip can only be used on their app/software.

Are you positive about this? As in, have PIA confirmed this to you? If so, I just completed wasted ~£80 on the dedicated IP option, as the only reason I need it is for use in a docker container via a .opvn config file…

Yup, I talked to PIA. You can only access it with their app. I wasted a years worth on it as well. I wanted it for my router, because eventually they get unflagged and you don’t have to fill out captchas

Unfortunately, that seems to be the case, based on what I’ve been reading. It might not be applicable to your situation, but if you haven’t already found a solution, here’s what I’m thinking of doing for one of my virtual machines that needs port forwarding (apartment-provided internet so no router access).

PIA has a version of their app available for linux that has command-line options, so it should work in a headless environment. Below, is the command-line option where you can specify the dedicated IP with the token provided by PIA:

dedicatedip
usage (add): dedicatedip add <token_file> usage (remove):
dedicatedip remove <region_id> Add or remove a Dedicated IP. To
add, put the dedicated IP token in a text file (by itself), and
specify that file on the command line:
DIP20000000000000000000000000000 (This ensures the token is not
visible in the process command line or environment.) To remove,
specify the dedicated IP region ID, as shown by piactl get
regions, such as dedicated-sweden-000.000.000.000.

I figure if you install the linux PIA app within your container (if compatible :crossed_fingers:) and associate it with the dedicated IP, it should work, right?

were you able to get it to work?

Did it work? Can you provide a quick feedback please?

The PIA desktop app for Linux CLI documentation explicitly mentions that you need a GUI: “Some commands, such as connect, require that the graphical client is also running.”
I just asked PIA support for some clarification on this topic, because I would also like to set up a dedicated PIA IP in full headless mode (with no GUI available). Maybe they’ll put it on the roadmap for the near future if they receive enough support requests like this. Can’t be that hard to implement, right…

I had a nice interaction with PIA support. They confirmed that private IP without GUI is currently not possible. They did promise to let their development team know that this is a much wanted feature for my use case. I suggest you also contact them in order to actually get this feature on their roadmap.

What did they say exactly? It seems to work fine on my router, altough i’ve only had it running for a few minutes or so. It was not a pleasant setup with me messing with the router’s filesystem until I finally figuring out that all I needed to do was replace the username provided by PIA with “dedicated_ip_$[token}”, which I figured out by looking at the source code they provide here: https://github.com/pia-foss/manual-connections
(So I generated a config with that tool, removed the auth_user_pass and scripts from the config, and used the regular password with username “dedicated_ip_”)
Now, curling ifconfig.me from any device on my network yields the dedicated ip from the app.

Could you provide me a copy? Looking for the same solution. I am keen to see if port forwarding works as they describe now being able to host websites and mail servers using the dedicated ip via vpn.

In general it’s a better idea to generate it from the script as my setup only works for the one I chose in Sweden, but here you go:

```

client

dev tun06

resolv-retry infinite

nobind

persist-key

persist-tun

cipher aes-256-cbc

auth sha256

tls-client

remote-cert-tls server

dedicated_ip_

compress

verb 1

reneg-sec 0

-----BEGIN CERTIFICATE-----

MIIHq…

-----END CERTIFICATE-----

disable-occ

remote <Dedicated_ip> 1197 udp

```

Replace the , , and <Dedicated_ip> with your actual values, and include the actual certificate given by PIA (Reddit would not allow me to paste the entire thing).

I’m not 100% sure about the <Dedicated_ip> part, as I switched vpn recently to try out another one and can’t confirm whether it was the dedicated ip I had or some other remote host.