flamusdiu / python-pia Goto Github PK

As per the title, running e.g. pia -a -d does not seem to enable debug logging. There is no output from the command, whereas if debug() is inserted somewhere in run.sh, some debug output is produced.

Brand new install on Arch, pia -a creates a bunch of config files which refer to a ca.rsa.2096.crt, which leads to this:

/etc/openvpn/ca.rsa.2096.crt: cannot open `/etc/openvpn/ca.rsa.2096.crt' (No such file or directory)

Simply manually changing the conf files to refer to the 2048 versions fixes this.

Oh and the non -dev version on the AUR is broken, might wanna update it.

How do you enable the VPN while specifying a specific host? Neither the docs nor wiki explain this, and seem to imply this package only generates configuration files, after which you just use OpenVPN manually to connect. Is this correct? I'm looking for a Python package to programmatically control PIA. Is that not the scope of this package?

Hi,
I am getting this error:
ERROR: Failure while creating working copy of python-pia git repo
during my arch install of aur/private-internet-access-vpn. I'm hoping you might be able to fix the problem.

Thanks

Issuing pia -r gives AttributeError: '_Parser' object has no attribute 'apps'

I know that there is already an issue for this, but the checksums in the PKGBUILD are still not correct.

==> Validating source files with sha256sums...
    ip-lport-3.3.3-6.zip ... FAILED
    default-3.3.3-6.zip ... FAILED
    strong-3.3.3-6.zip ... FAILED
    login-example.conf ... Passed
    pia-example.conf ... Passed
    restart.conf ... Passed
    vpn.sh ... Passed
    pia.8.gz ... Passed
    python-pia ... Skipped
    openvpn-update-resolv-conf ... Skipped
==> ERROR: One or more files did not pass the validity check!

Hi, this seems to be unable to be installed both from the AUR package (checksums are out of date) and also through doing a git clone of this repo and running the ez_setup.py script.

Using the default configuration, openvpn may use DNS servers that are not protected by the VPN, causing these DNS providers to possibly snoop on which sites you're browsing. Openvpn can mitigate this by adding the line "block-outside-dns" to the end of every file in /etc/openvpn/*.conf. This fixes the DNS leak and ensures nobody can snoop on you. You can test the leak and the fix using http://dnsleaktest.com

EDIT: This fix does not seem to work. I'm exploring other options. Will update.

When I

1. follow the wiki and I change the PKGBUILD to point to the new openvpn.zip from PIA
2. run pia -a
3. try to connect to a VPN through NetworkManager

Then:

• I get a notification "connection failed"
• I see this in journalctl:
  Jul 12 21:07:30 [..]: Options error: --ca fails with '/etc/openvpn/ca.crt': No such file or directory

Possible solutions

I think the NetworkManager template should point to ca.rsa.2048.crt

Also I set proto-tcp=yes and port=502 as described by nigeil in the AUR comment and added cipher=AES-128-CBC

The working NM config I have now is:

[connection]
id=UK Southampton
uuid=********************************
type=vpn

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=password
password-flags=0
remote=uk-southampton.privateinternetaccess.com
comp-lzo=yes
reneg-seconds=0
port=502
username=**********
remote-cert-tls=server
ca=/etc/openvpn/ca.rsa.2048.crt
dev=tun
cipher=AES-128-CBC
proto-tcp=yes

[ipv6]
method=auto

[ipv4]
method=auto

[vpn-secrets]
password=**********

EDIT: added info, it's now working

$ sudo pia -a
Traceback (most recent call last):
 File "/usr/bin/pia", line 9, in <module>
   load_entry_point('pia==2.5', 'console_scripts', 'pia')()
 File "/usr/lib/python3.5/site-packages/pia/command_line.py", line 23, in main
   pia.run.run()
 File "/usr/lib/python3.5/site-packages/pia/run.py", line 58, in run
   [globals()[k]() for k, v in props.commandline.__dict__.items() if
 File "/usr/lib/python3.5/site-packages/pia/run.py", line 59, in <listcomp>
   not k == 'hosts' and getattr(props.commandline, k, None)]
 File "/usr/lib/python3.5/site-packages/pia/run.py", line 108, in auto_configure
   app.config(*getattr(openvpn, config))
 File "/usr/lib/python3.5/site-packages/pia/applications/appstrategy.py", line 76, in config
   self.app.config(config_id, filename)
TypeError: 'Config' object is not callable

Reported by Bolwerk from https://wiki.archlinux.org/index.php/Talk:Private_Internet_Access_VPN.

Hello,

I came through several issues with python-pia through a firewall :

• some universities or dormitories (that's my user case, but I suppose some alike laws apply to a whole region too) block the git protocol, and I suggest you to move the sources of the Archlinux PKGBUILD to the https protocol,
• the same applies to the VPN handshakes : I can't connect to PIA, and I don't have the technical knowledge to build a conf file. I don't know which advantages the 1154 UDP port provides over TCP 443, but I'd suggest you to make at least one file to connect through HTTPS (TCP 443).

Thanks for your time, the Archlinux community is thankful.

We used to have the strong_encryption property under [pia] section in pia.conf, now it has no effect.

I found 73dc063, but I'm not sure anymore if removing the property was intentional, as I saw you referred to it on AUR a few months after that commit was made.

There is also no mention of this property on the wiki page.

The .conf files in /etc/openvpn referenced by "crl-verify" and "ca" are referencing "2096" for the .pem and .crt files. I suggest changing this to "2048" or "4096" for those using stronger encryption.

All connection configs for openvpn using pia -a error with

Authenticate/Decrypt packet error: packet HMAC authentication failed

[configure]
apps = openvpn, nm

breaks the application, whereas

[configure]
apps = openvpn,nm

works fine

OpenVPN configurations are not generated when you do pia -a without hosts configured. OpenVPN configurations are no long extracted due to the differences the normal and strong configurations.

I'm not sure if I'm the only one with this issue, but when using NetworkManager + OpenVPN and the configuration files provided by this package, I get regular disconnects every few hours after which OpenVPN doesn't manage to reconnect.

I suspect it is because NetworkManager thinks the VPN tunnel device is still connected and when OpenVPN attempts to reconnect to the VPN server it fails. This can happen for two reasons:

1. The resolved DNS address isn't cached and can't be resolved because there's no valid network configuration to talk to a DNS server.
2. The DNS can be resolved because a DNS resolver (such as Unbound) is running locally or the resolved address is still cached; however the connection to the VPN IP can not be made over the disconnected VPN tunnel.

I am pretty sure this is a NetworkManager-only issue. It might be worth considering using the pia Python script to automatically remove or comment out the "persist-tun" setting in case NetworkManager is used on the system it is running on.

To elaborate, "persist-tun" does the following:

Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts.
SIGUSR1 is a restart signal similar to SIGHUP, but which offers finer-grained control over reset options.

(Source: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage)

However closing and reopening the VPN tunnel would almost certainly work around this issue in NetworkManager. An alternative would be some custom scripts which monitors the log and is somehow able to tell NetworkManager over DBUS to drop the tunnel connection, although I'm not sure if this is really possible.

Alternatively, one might consider not using "dev tun" at all and let NetworkManager+OpenVPN configure the routing accordingly without using the VPN tunnel device (I haven't tested this at all!).

having issues installing

http://ix.io/EZO

Running pia -a on port 80 or 1197 in the pia.conf, standard certs and strong certs are not appearing in /etc/openvpn/client/. I had to manually download them from site and extract them to that directory.

Attempting to run pia --help throws the error:

Traceback (most recent call last):
  File "/myproject/.env/bin/pia", line 11, in <module>
    load_entry_point('pia==3.3.2', 'console_scripts', 'pia')()
  File "/myproject/.env/lib/python3.5/site-packages/pkg_resources/__init__.py", line 561, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/myproject/.env/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2649, in load_entry_point
    return ep.load()
  File "/myproject/.env/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2303, in load
    return self.resolve()
  File "/myproject/.env/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2309, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/__init__.py", line 21, in <module>
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/utils/__init__.py", line 1, in <module>
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/utils/log.py", line 21, in <module>
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/conf/__init__.py", line 19, in <module>
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/conf/properties.py", line 293, in <module>
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/conf/properties.py", line 116, in __init__
  File "/myproject/.env/lib/python3.5/site-packages/pia-3.3.2-py3.5.egg/pia/conf/properties.py", line 283, in get_default_hosts_list
FileNotFoundError: [Errno 2] No such file or directory: '/etc/private-internet-access/vpn-hosts.txt'

Where do I find or how do I generate this file?

I have PIA's OpenVPN script installed, and use it through Network Manager's OpenVPN plugging, which lists all the VPN hosts.

I needed to change my VPN hosts to include CA_Toronto so I could port forward on my arch linux machine, but when I changed my pia.conf and used the tool, I got the following output:

sudo pia -a
[sudo] password for averagejoey2000:
Traceback (most recent call last):
  File "/usr/bin/pia", line 11, in <module>
    load_entry_point('pia==3.3b0', 'console_scripts', 'pia')()
  File "/usr/lib/python3.5/site-packages/pia/command_line.py", line 23, in main
    pia.run.run()
  File "/usr/lib/python3.5/site-packages/pia/run.py", line 53, in run
    properties.parse_conf_file()
  File "/usr/lib/python3.5/site-packages/pia/conf/properties.py", line 271, in parse_conf_file
    props.port = getattr(configure_section, "port", [props.default_port])[0]
  File "/usr/lib/python3.5/site-packages/pia/conf/properties.py", line 160, in port
    self._cipher = config['cipher']
KeyError: 'cipher'

/etc/private-internet-access/pia.conf

[pia]
openvpn_auto_login = True

[configure]
apps = openvpn,nm
hosts = CA Toronto, Japan, UK London, US California, US Chicago, US East, US Seattle, US Silicon Valley
port = 1198

Tried using dev branch and master branch, neither works.

Lines containing the issue:

crl-verify /etc/openvpn/crl.rsa.2096.pem
crl-ca /etc/openvpn/ca.rsa.2096.crt

This occurs in all of the openvpn conf files. crl.rsa.2096.pem and ca.rsa.2096.crt do not exist, and it is probably intended that these are supposed to be 2048, as that file does exist.

For example, if openvpn is not installed, the pia -a command returns success, but does not create any configuration files. Investigating this behaviour is further masked by the fact that the Arch package creates the /etc/openvpn directory, making it seem as if OpenVPN is installed.

Since the OpenVPN configuration files are supposed to always be created, it seems illogical for the command to fail silently if this is not done.

Similarly, if networkmanager-openvpn is not installed, the command does not create the NetworkManager configuration files and again reports no error. This is more understandable, but perhaps a warning message might be in order that the NetworkManager configuration files will not be created because it is not installed.

AUR PACKAGE:

openvpn-ip-lport.zip ... FAILED
openvpn.zip ... FAILED
openvpn-strong.zip ... FAILED
login-example.conf ... Passed
pia-example.conf ... Passed
restart.conf ... Passed
vpn.sh ... Passed
pia.8.gz ... Passed
python-pia ... Skipped
openvpn-update-resolv-conf ... Skipped

Hi I am getting this rror when running pia -a or pia -r
Traceback (most recent call last): File "/usr/bin/pia", line 33, in <module> sys.exit(load_entry_point('pia==3.4', 'console_scripts', 'pia')()) File "/usr/lib/python3.9/site-packages/pia/command_line.py", line 23, in main pia.run.run() File "/usr/lib/python3.9/site-packages/pia/run.py", line 53, in run properties.parse_conf_file() File "/usr/lib/python3.9/site-packages/pia/conf/properties.py", line 237, in parse_conf_file props.port = getattr(configure_section, "port", [props.default_port])[0] File "/usr/lib/python3.9/site-packages/pia/conf/properties.py", line 124, in port config = self._config_lookup[self._port_lookup[value]['config']] KeyError: '80'
Any ideas on a fix?
Python --version = 3.9.4
PIA --version = 3.3.2
private-internet-access-vpn installed by yay

cryzed@arch ~ sudo pia -a
[sudo] password for cryzed: 
Traceback (most recent call last):
  File "/usr/bin/pia", line 9, in <module>
    load_entry_point('pia==2.6', 'console_scripts', 'pia')()
  File "/usr/lib/python3.5/site-packages/pia/command_line.py", line 23, in main
    pia.run.run()
  File "/usr/lib/python3.5/site-packages/pia/run.py", line 60, in run
    [globals()[k]() for k, v in props.commandline.__dict__.items() if
  File "/usr/lib/python3.5/site-packages/pia/run.py", line 61, in <listcomp>
    not k == 'hosts' and getattr(props.commandline, k, None)]
  File "/usr/lib/python3.5/site-packages/pia/run.py", line 110, in auto_configure
    app.config(*getattr(openvpn, config))
  File "/usr/lib/python3.5/site-packages/pia/applications/appstrategy.py", line 74, in config
    self.app.config(config_id, filename)
  File "/usr/lib/python3.5/site-packages/pia/applications/hooks.py", line 153, in config
    "##port##": properties.props.port.split('/')[1],
IndexError: list index out of range

I am using NetworkManager and previously had an older PKGBUILD of private-internet-access-vpn installed.

Seems, I have hit a road block and I can find that only the following Protocols/Ports work:

default => TCP/502, UDP/1198
strong encryption configs => TCP/501, UDP/1197

Any other combination gives the error: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed => Points to a mismatched certification on that port.

One user on the AUR page, posted this log as well:

$ east
Tue Sep 27 17:42:57 2016 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 24 2016
Tue Sep 27 17:42:57 2016 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Tue Sep 27 17:42:57 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 27 17:42:57 2016 Attempting to establish TCP connection with [AF_INET]209.222.18.35:80 [nonblock]
Tue Sep 27 17:42:58 2016 TCP connection established with [AF_INET]209.222.18.35:80
Tue Sep 27 17:42:58 2016 TCPv4_CLIENT link local: [undef]
Tue Sep 27 17:42:58 2016 TCPv4_CLIENT link remote: [AF_INET]209.222.18.35:80
Tue Sep 27 17:42:58 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Tue Sep 27 17:42:58 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Sep 27 17:42:58 2016 TLS_ERROR: BIO read tls_read_plaintext error
Tue Sep 27 17:42:58 2016 TLS Error: TLS object -> incoming plaintext read error
Tue Sep 27 17:42:58 2016 TLS Error: TLS handshake failed
Tue Sep 27 17:42:58 2016 Fatal TLS error (check_tls_errors_co), restarting
Tue Sep 27 17:42:58 2016 SIGUSR1[soft,tls-error] received, process restarting
Tue Sep 27 17:43:03 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 27 17:43:03 2016 Attempting to establish TCP connection with [AF_INET]108.61.68.154:80 [nonblock]
Tue Sep 27 17:43:04 2016 TCP connection established with [AF_INET]108.61.68.154:80
Tue Sep 27 17:43:04 2016 TCPv4_CLIENT link local: [undef]
Tue Sep 27 17:43:04 2016 TCPv4_CLIENT link remote: [AF_INET]108.61.68.154:80
Tue Sep 27 17:43:05 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Tue Sep 27 17:43:05 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Sep 27 17:43:05 2016 TLS_ERROR: BIO read tls_read_plaintext error
Tue Sep 27 17:43:05 2016 TLS Error: TLS object -> incoming plaintext read error
Tue Sep 27 17:43:05 2016 TLS Error: TLS handshake failed
Tue Sep 27 17:43:05 2016 Fatal TLS error (check_tls_errors_co), restarting
Tue Sep 27 17:43:05 2016 SIGUSR1[soft,tls-error] received, process restarting

Until I can figure something out, all other ports will have to be removed.

When using pia -r it only checks pia.conf for configured hosts. If you have run pia -a then modificed pia.conf to customize the host list, then pia will leave behind old configurations when you re-run pia -a.

I can't find this package on https://pypi.python.org. There exists a package there by a similar name, but that's obviously not the same.

Could you please upload this package there so it can be installed by pip? That's the standard way of distributing and installing Python packages.

I noticed that the configuration files for NetworkManager were not being generated. I tracked the possible problem down to the hooks.py file. The command binary for the NM strategy lists /usr/lib/networkmanager/nm-openvpn-service. If I look for this file on my system, it can be found in /usr/lib/NetworkManager (notice the camel case). I haven't found out if Network Manager has recently changed this path, because I never had this problem before.

ps: I also found a little indentation error in run.py r178, which printed "List of OpenVPN configurations" inside the previous loop.

Install the aur/private-internet-access-vpn-dev package.

Put the following configuration in /etc/private-internet-access/pia.conf:

[pia]
openvpn_auto_login = True
strong_encryption = True

[configure]
apps = nm
hosts = France

Run sudo pia -a, then look at the file /etc/NetworkManager/system-connections/France:

1. port=1198, but should be port=1197.
2. cipher=aes-128-cbc, but should be cipher=AES-256-CBC (case is irrelevant for the connection, but GUI of NetworkManager understands only capitalized version, so better use capitalized).
3. auth=SHA256 is missing.

With the configuration generated by pia the connection is not even being established. When I manually make the adjustments named above, everything works as expected.

Small things to improve, irrelevant for the primary issue:

• When installing aur/private-internet-access-vpn-dev, the installation ends with the following (though everything works afterwards):

:: Running post-transaction hooks...
(1/2) Updating manpage index...
(2/2) Updating VPN configuations...
error: unable to run hook pia-install.hook: could not satisfy dependencies

• When running sudo pia -a, the following is printed:

WARNING Strong encryption enabled! Ignoring manual cipher settings!
WARNING Strong encryption enabled! Ignoring manual cipher settings!
WARNING Strong encryption enables! Ignoring manual authentication settings!

Note the first message is duplicated, and note the typo in the word "enabled" in the last line.

You have not fixed what I have already tell you in a comment the 2017-04-15 on AUR

There is a typo. Systemd files should be in /usr/lib/systemd/system not in /usr/lib/system/systemd

the patch to the PKGBUILD

--- PKGBUILD	2016-10-16 02:39:08.000000000 +0200 
+++ PKGBUILD.new	2017-04-05 23:39:35.878484391 +0200
@@ -64,8 +64,8 @@
package() {
cd "${srcdir}"

- install -D -m 644 restart.conf "${pkgdir}/usr/lib/system/[email protected]/restart.conf"
- install -D -m 755 vpn.sh "${pkgdir}/usr/lib/system/systemd/system-sleep/vpn.sh"
+ install -D -m 644 restart.conf "${pkgdir}/usr/lib/systemd/[email protected]/restart.conf"
+ install -D -m 755 vpn.sh "${pkgdir}/usr/lib/systemd/system/system-sleep/vpn.sh"
install -D -m 644 pia.8.gz "${pkgdir}/usr/share/man/man8/pia.8.gz"

ca rsa certs not in directory sourced by openvpn.

openvpn-client@CA_Toronto.service - OpenVPN tunnel for CA_Toronto
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-01-04 17:12:31 PST; 7s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 4740 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf (code=exited, status=1/FAILURE)
 Main PID: 4740 (code=exited, status=1/FAILURE)

Jan 04 17:12:31 Mjolnir4 systemd[1]: Starting OpenVPN tunnel for CA_Toronto...
Jan 04 17:12:31 Mjolnir4 openvpn[4740]: Options error: --ca fails with '/etc/openvpn/client/ca.rsa.2048.crt': No such file or directory
Jan 04 17:12:31 Mjolnir4 openvpn[4740]: Options error: --crl-verify fails with '/etc/openvpn/client/crl.rsa.2048.pem': No such file or directory
Jan 04 17:12:31 Mjolnir4 openvpn[4740]: Options error: Please correct these errors.
Jan 04 17:12:31 Mjolnir4 openvpn[4740]: Use --help for more information.
Jan 04 17:12:31 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Main process exited, code=exited, status=1/FAILURE
Jan 04 17:12:31 Mjolnir4 systemd[1]: Failed to start OpenVPN tunnel for CA_Toronto.
Jan 04 17:12:31 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Unit entered failed state.
Jan 04 17:12:31 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Failed with result 'exit-code'.

It would be nice to allow changing the port, either through allowing customization of the base template, or an additional parameter.

"We support connections on a variety of ports, TCP 80/443/110, as well as a number of UDP ports: 53, 1194, 8080, 9201" - https://www.privateinternetaccess.com/forum/discussion/comment/5168/#Comment_5168

After uninstalling pia (installed via AUR), network manager can connect to LAN but not the internet

Upon updating openvpn the following message is displayed:

This upgrade from openvpn 2.3.14-1 to openvpn 2.4.0-2 made changes that require administrative interaction:
-> Configuration is expected in sub directories now. Move your files from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/.
-> The plugin lookup path changed, remove extra 'plugins/' from relative paths.
-> The systemd unit [email protected] was replaced with [email protected] and [email protected]. Restart and reenable accordingly.

Please update python-pia to follow these changes. Everything seems to still work as is, but better to follow the new conventions sooner rather than later. And thanks for the package, works great!