P.I.A. package their C.A. cert separate from the configuration file. I can’t see any way to add this via the web interface.
would you suggest modifying the P.I.A. config or adding the certificate via SSH?
I have had the Omnia for less than 24 hours already considering finding an alternative FW
This?
Interesting, since i was having the same question about PIA running from TO… So, if i do the above, this should work on the current TO with latest FW?
Yes, that should work.
well, maybe if got something wrong, but it gives me this in the end?
2023-05-11 10:50:08 OpenVPN 2.5.3 arm-openwrt-linux-muslgnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-05-11 10:50:08 library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
2023-05-11 10:50:08 OpenSSL: error:02001002:system library:fopen:No such file or directory
2023-05-11 10:50:08 OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
2023-05-11 10:50:08 Cannot load CA certificate file ca.rsa.4096.crt (no entries were read)
2023-05-11 10:50:08 Exiting due to fatal error
hmm,
Try to think. If you have the certificate inlined in the configuration file, you don’t have to load it from an external file, right? You have to edit the config file and update all directives that load external files.
Look for lines 9-11 in the example linked above.
uhm…total nOOb here if it comes to this kind of configs, . I can copy paste though 
And already had the PIA .ovpn file including the whole key part…but did not get that working and was hoping for a simple how-to.
oh well…
basically PIA itsef has almost ready Openvpn files, found here…
https://www.privateinternetaccess.com/helpdesk/kb/articles/where-can-i-find-your-ovpn-files
you ony need to make the user auth file, and tell the .ovpn the name of that file
So, i do get a connection, but no internets
