diff --git a/README.md b/README.md
index 5b9508d..93571c3 100644
--- a/README.md
+++ b/README.md
@@ -1,25 +1,22 @@
 # Manual PIA VPN Connections
- __This project is "Work in Progress"__
 
-This repository contains documentation on how to create native WireGuard connections to our __NextGen network__, and also on how to enable Port Forwarding in case you require this feature. Documentation on OpenVPN will follow soon enough.
+This repository contains documentation on how to create native WireGuard and OpenVPN connections to our __NextGen network__, and also on how to enable Port Forwarding in case you require this feature. You will find a lot of information below. However if you prefer quick test, here is the __TL/DR__:
 
-You will find a lot of information bellow. However if you prefer a hands-on approach, here is the __TL/DR__:
- * clone this repo: `git clone https://github.com/pia-foss/manual-connections.git`
- * use `get_region_and_token.sh` to get the best region and a token
- * use `connect_to_wireguard_with_token.sh` to create a WireGuard connection with/without PF
-
-Here is a oneliner example:
 ```
-sudo PIA_AUTOCONNECT=wireguard PIA_USER=p0123456 PIA_PASS=xxxxxxxxxx ./get_region_and_token.sh
+git clone https://github.com/pia-foss/manual-connections.git
+cd manual-connections
+./run_setup.sh
 ```
 
+The scripts were written so that they are easy to read and to modify. We hope you will enjoy forking the repo and customizing the scripts for your setup!
+
 ### Dependencies
 
 In order for the scripts to work (probably even if you do a manual setup), you will need the following packages:
  * `curl`
  * `jq`
- * (only for WireGuard) `wireguard-tools` and wireguard kernel module
- * (only for OpenVPN) `openvpn` (however the script is not available yet)
+ * (only for WireGuard) `wg-quick` and `wireguard` kernel module
+ * (only for OpenVPN) `openvpn`
 
 ### Confirmed systems and distributions
 
@@ -45,13 +42,13 @@ This service can be used only AFTER establishing a VPN connection.
 
 ## Automated setup of VPN and/or PF
 
-In order to help you use VPN services and PF on any device, we have prepare a few bash scripts that should help you through the process of setting everything up. The scripts also contain a lot of comments, just in case you require detailed information regarding how the technology works.
+In order to help you use VPN services and PF on any device, we have prepared a few bash scripts that should help you through the process of setting everything up. The scripts also contain a lot of comments, just in case you require detailed information regarding how the technology works. The functionality is controlled via environment variables, so that you have an easy time automating your setup.
 
 Here is a list of scripts you could find useful:
- * [Get the best region and a token](get_region_and_token.sh): This script helps you to get the best region and also to get a token for VPN authentication. The script will extend it's functionality if you add extra environment variables. Adding your PIA credentials will allow the script to also get a VPN token. The script can also trigger the WireGuard script to create a connection, if you specify `PIA_AUTOCONNECT=wireguard`.
- * [Connect to WireGuard](connect_to_wireguard_with_token.sh): This script allow you to connect to the VPN server via WireGuard. You can specify `PIA_PF=true` if you also wish to get Port Forwarding for your connection.
- * Connect to OpenVPN: We are still working on this script.
- * [Enable Port Forwarding](port_forwarding.sh): Enables you to add Port Forwarding to an existing VPN connection.
+ * [Get the best region and a token](get_region_and_token.sh): This script helps you to get the best region and also to get a token for VPN authentication. Adding your PIA credentials to env vars `PIA_USER` and `PIA_PASS` will allow the script to also get a VPN token. The script can also trigger the WireGuard script to create a connection, if you specify `PIA_AUTOCONNECT=wireguard` or `PIA_AUTOCONNECT=openvpn_udp_standard`
+ * [Connect to WireGuard](connect_to_wireguard_with_token.sh): This script allows you to connect to the VPN server via WireGuard.
+ * [Connect to OpenVPN](connect_to_openvpn_with_token.sh): This script allows you to connect to the VPN server via OpenVPN.
+ * [Enable Port Forwarding](port_forwarding.sh): Enables you to add Port Forwarding to an existing VPN connection. Adding the environment variable `PIA_PF=true` to any of the previous scripts will also trigger this script.
 
 ## Manual setup of PF
 
diff --git a/connect_to_openvpn_with_token.sh b/connect_to_openvpn_with_token.sh
new file mode 100755
index 0000000..6aaa9ef
--- /dev/null
+++ b/connect_to_openvpn_with_token.sh
@@ -0,0 +1,234 @@
+#!/bin/bash
+# Copyright (C) 2020 Private Internet Access, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# This function allows you to check if the required tools have been installed.
+function check_tool() {
+  cmd=$1
+  if ! command -v $cmd &>/dev/null
+  then
+    echo "$cmd could not be found"
+    echo "Please install $cmd"
+    exit 1
+  fi
+}
+# Now we call the function to make sure we can use wg-quick, curl and jq.
+check_tool curl
+check_tool jq
+check_tool openvpn
+
+# Check if manual PIA OpenVPN connection is alread intitialized.
+# Multi-hop is out of the scope of this repo, but you should be able to
+# get multi-hop running with both OpenVPN and WireGuard.
+adapter_check="$( ip a s tun06 )"
+should_read="Device \"tun06\" does not exist"
+pid_filepath="/opt/piavpn-manual/pia_pid"
+if [[ "$adapter_check" != "$should_read" ]]; then
+  echo The tun06 adapter already exists, that interface is required 
+  echo for this configuration.
+  if [ -f "$pid_filepath" ]; then
+    old_pid="$( cat "$pid_filepath" )"
+    old_pid_name="$( ps -p "$old_pid" -o comm= )"
+    if [[ $old_pid_name == 'openvpn' ]]; then
+      echo
+      echo It seems likely that process $old_pid is an OpenVPN connection
+      echo that was established by using this script. Unless it is closed
+      echo you would not be able to get a new connection.
+      echo -n "Do you want to run $ kill $old_pid (Y/n): "
+      read close_connection
+    fi
+    if echo ${close_connection:0:1} | grep -iq n ; then
+      echo Closing script. Resolve tun06 adapter conflict and run the script again.
+      exit 1
+    fi
+    echo Killing the existing OpenVPN process and waiting 5 seconds...
+    kill $old_pid
+    sleep 5
+  fi
+fi
+
+# PIA currently does not support IPv6. In order to be sure your VPN
+# connection does not leak, it is best to disabled IPv6 altogether.
+if [ $(sysctl -n net.ipv6.conf.all.disable_ipv6) -ne 1 ] ||
+  [ $(sysctl -n net.ipv6.conf.default.disable_ipv6) -ne 1 ]
+then
+  echo 'You should consider disabling IPv6 by running:'
+  echo 'sysctl -w net.ipv6.conf.all.disable_ipv6=1'
+  echo 'sysctl -w net.ipv6.conf.default.disable_ipv6=1'
+fi
+
+#  Check if the mandatory environment variables are set.
+if [[ ! $OVPN_SERVER_IP ||
+  ! $OVPN_HOSTNAME ||
+  ! $PIA_PF ||
+  ! $PIA_TOKEN ||
+  ! $CONNECTION_SETTINGS ]]; then
+  echo 'This script requires 3 env vars:'
+  echo 'OVPN_SERVER_IP      - IP that you want to connect to'
+  echo 'OVPN_HOSTNAME       - name of the server, required for ssl'
+  echo 'CONNECTION_SETTINGS - the protocol and encryption specification'
+  echo '                    - available options for CONNECTION_SETTINGS are:'
+  echo '                        * openvpn_udp_standard'
+  echo '                        * openvpn_udp_strong'
+  echo '                        * openvpn_tcp_standard'
+  echo '                        * openvpn_tcp_strong'
+  echo
+  echo You can also specify optional env vars:
+  echo "PIA_PF                - enable port forwarding"
+  echo "PAYLOAD_AND_SIGNATURE - In case you already have a port."
+  echo
+  echo An easy solution is to just run get_region_and_token.sh
+  echo as it will guide you through getting the best server and 
+  echo also a token. Detailed information can be found here:
+  echo https://github.com/pia-foss/manual-connections
+  exit 1
+fi
+
+# Create a credentials file with the login token
+echo "Trying to write /opt/piavpn-manual/pia.ovpn...
+"
+mkdir -p /opt/piavpn-manual
+rm -f /opt/piavpn-manual/credentials /opt/piavpn-manual/route_info
+echo ${PIA_TOKEN:0:62}"
+"${PIA_TOKEN:62} > /opt/piavpn-manual/credentials || exit 1
+
+# Translate connection settings variable
+IFS='_'
+read -ra connection_settings <<< "$CONNECTION_SETTINGS"
+IFS=' '
+protocol="${connection_settings[1]}"
+encryption="${connection_settings[2]}"
+
+prefix_filepath="openvpn_config/standard.ovpn"
+if [[ $encryption == "strong" ]]; then
+  prefix_filepath="openvpn_config/strong.ovpn"
+fi
+
+if [[ $protocol == "udp" ]]; then
+  if [[ $encryption == "standard" ]]; then
+    port=1198
+  else
+    port=1197
+  fi
+else
+  if [[ $encryption == "standard" ]]; then
+    port=502
+  else
+    port=501
+  fi
+fi
+
+# Create the OpenVPN config based on the settings specified
+cat $prefix_filepath > /opt/piavpn-manual/pia.ovpn || exit 1
+echo remote $OVPN_SERVER_IP $port $protocol >> /opt/piavpn-manual/pia.ovpn
+
+# Copy the up/down scripts to /opt/piavpn-manual/ 
+# based upon use of PIA DNS
+if [ "$PIA_DNS" != true ]; then
+  cp openvpn_config/openvpn_up.sh /opt/piavpn-manual/
+  cp openvpn_config/openvpn_down.sh /opt/piavpn-manual/
+  echo This configuration will not use PIA DNS.
+  echo If you want to also enable PIA DNS, please start the script
+  echo with the env var PIA_DNS=true. Example:
+  echo $ OVPN_SERVER_IP=\"$OVPN_SERVER_IP\" OVPN_HOSTNAME=\"$OVPN_HOSTNAME\" \
+    PIA_TOKEN=\"$PIA_TOKEN\" CONNECTION_SETTINGS=\"$CONNECTION_SETTINGS\" \
+    PIA_PF=true PIA_DNS=true ./connect_to_openvpn_with_token.sh
+else
+  cp openvpn_config/openvpn_up_dnsoverwrite.sh /opt/piavpn-manual/openvpn_up.sh
+  cp openvpn_config/openvpn_down_dnsoverwrite.sh /opt/piavpn-manual/openvpn_down.sh
+fi
+
+# Start the OpenVPN interface.
+# If something failed, stop this script.
+# If you get DNS errors because you miss some packages,
+# just can hardcode /etc/resolv.conf to "nameserver 10.0.0.242".
+#rm -f /opt/piavpn-manual/debug_info
+echo "
+Trying to start the OpenVPN connection..."
+openvpn --daemon \
+  --config "/opt/piavpn-manual/pia.ovpn" \
+  --writepid "/opt/piavpn-manual/pia_pid" \
+  --log "/opt/piavpn-manual/debug_info" || exit 1
+
+echo "
+The OpenVPN connect command was issued.
+
+Confirming OpenVPN connection state... "
+
+# Check if manual PIA OpenVPN connection is intitialized.
+# Manually adjust the connectino_wait_time if needed
+connection_wait_time=10
+confirmation="Initialization Sequence Complete"
+for (( timeout=0; timeout <=$connection_wait_time; timeout++ ))
+do
+  sleep 1
+  if grep -q "$confirmation" /opt/piavpn-manual/debug_info; then
+    connected=true
+    break
+  fi
+done
+
+ovpn_pid="$( cat /opt/piavpn-manual/pia_pid )"
+gateway_ip="$( cat /opt/piavpn-manual/route_info )"
+
+# Report and exit if connection was not initialized within 10 seconds.
+if [ "$connected" != true ]; then
+  echo "The VPN connection was not established within 10 seconds."
+  kill $ovpn_pid
+  exit 1
+fi
+
+echo "Initialization Sequence Complete!
+
+At this point, internet should work via VPN.
+"
+
+echo "OpenVPN Process ID: $ovpn_pid
+VPN route IP: $gateway_ip
+
+To disconnect the VPN, run: 
+
+--> sudo kill $ovpn_pid <--
+"
+
+# This section will stop the script if PIA_PF is not set to "true".
+if [ "$PIA_PF" != true ]; then
+  echo
+  echo If you want to also enable port forwarding, please start the script
+  echo with the env var PIA_PF=true. Example:
+  echo $ OVPN_SERVER_IP=\"$OVPN_SERVER_IP\" OVPN_HOSTNAME=\"$OVPN_HOSTNAME\" \
+    PIA_TOKEN=\"$PIA_TOKEN\" CONNECTION_SETTINGS=\"$CONNECTION_SETTINGS\" \
+    PIA_PF=true ./connect_to_openvpn_with_token.sh
+  exit
+fi
+
+echo "
+This script got started with PIA_PF=true.
+Starting procedure to enable port forwarding by running the following command:
+$ PIA_TOKEN=\"$PIA_TOKEN\" \\
+  PF_GATEWAY=\"$gateway_ip\" \\
+  PF_HOSTNAME=\"$OVPN_HOSTNAME\" \\
+  ./port_forwarding.sh
+"
+
+PIA_TOKEN=$PIA_TOKEN \
+  PF_GATEWAY="$gateway_ip" \
+  PF_HOSTNAME="$OVPN_HOSTNAME" \
+  ./port_forwarding.sh
diff --git a/connect_to_wireguard_with_token.sh b/connect_to_wireguard_with_token.sh
index 6ae21a1..a86942f 100755
--- a/connect_to_wireguard_with_token.sh
+++ b/connect_to_wireguard_with_token.sh
@@ -46,11 +46,11 @@ then
 fi
 
 # Check if the mandatory environment variables are set.
-if [[ ! $WG_SERVER_IP || ! $WG_HOSTNAME || ! $WG_TOKEN ]]; then
+if [[ ! $WG_SERVER_IP || ! $WG_HOSTNAME || ! $PIA_TOKEN ]]; then
   echo This script requires 3 env vars:
   echo WG_SERVER_IP - IP that you want to connect to
   echo WG_HOSTNAME  - name of the server, required for ssl
-  echo WG_TOKEN     - your authentication token
+  echo PIA_TOKEN    - your authentication token
   echo
   echo You can also specify optional env vars:
   echo "PIA_PF                - enable port forwarding"
@@ -79,7 +79,7 @@ echo Trying to connect to the PIA WireGuard API on $WG_SERVER_IP...
 wireguard_json="$(curl -s -G \
   --connect-to "$WG_HOSTNAME::$WG_SERVER_IP:" \
   --cacert "ca.rsa.4096.crt" \
-  --data-urlencode "pt=${WG_TOKEN}" \
+  --data-urlencode "pt=${PIA_TOKEN}" \
   --data-urlencode "pubkey=$pubKey" \
   "https://${WG_HOSTNAME}:1337/addKey" )"
 export wireguard_json
@@ -91,19 +91,31 @@ if [ "$(echo "$wireguard_json" | jq -r '.status')" != "OK" ]; then
   exit 1
 fi
 
+# Multi-hop is out of the scope of this repo, but you should be able to
+# get multi-hop running with both WireGuard and OpenVPN by playing with
+# these scripts. Feel free to fork the project and test it out.
+echo
+echo Trying to disable a PIA WG connection in case it exists...
+wg-quick down pia && echo Disconnected!
+echo
+
 # Create the WireGuard config based on the JSON received from the API
-# The config does not contain a DNS entry, since some servers do not
-# have resolvconf, which will result in the script failing.
-# We will enforce the DNS after the connection gets established.
+# In case you want this section to also add the DNS setting, please
+# start the script with PIA_DNS=true.
 echo -n "Trying to write /etc/wireguard/pia.conf... "
 mkdir -p /etc/wireguard
+if [ "$PIA_DNS" == true ]; then
+  dnsServer="$(echo "$wireguard_json" | jq -r '.dns_servers[0]')"
+  echo Trying to set up DNS to $dnsServer. In case you do not have resolvconf,
+  echo this operation will fail and you will not get a VPN. If you have issues,
+  echo start this script without PIA_DNS.
+  dnsSettingForVPN="DNS = $dnsServer"
+fi
 echo "
 [Interface]
 Address = $(echo "$wireguard_json" | jq -r '.peer_ip')
 PrivateKey = $privKey
-## If you want wg-quick to also set up your DNS, uncomment the line below.
-# DNS = $(echo "$wireguard_json" | jq -r '.dns_servers[0]')
-
+$dnsSettingForVPN
 [Peer]
 PublicKey = $(echo "$wireguard_json" | jq -r '.server_key')
 AllowedIPs = 0.0.0.0/0
@@ -129,22 +141,22 @@ if [ "$PIA_PF" != true ]; then
   echo
   echo If you want to also enable port forwarding, please start the script
   echo with the env var PIA_PF=true. Example:
-  echo $ WG_SERVER=10.0.0.3 WG_HOSTNAME=piaserver401 \
-    WG_TOKEN=\"\$token\" PIA_PF=true \
-    ./sort_regions_by_latency.sh
+  echo $ WG_SERVER_IP=10.0.0.3 WG_HOSTNAME=piaserver401 \
+    PIA_TOKEN=\"\$token\" PIA_PF=true \
+    ./connect_to_wireguard_with_token.sh
   exit
 fi
 
 echo "
 This script got started with PIA_PF=true.
 Starting procedure to enable port forwarding by running the following command:
-$ PIA_TOKEN=$WG_TOKEN \\
+$ PIA_TOKEN=$PIA_TOKEN \\
   PF_GATEWAY=\"$(echo "$wireguard_json" | jq -r '.server_vip')\" \\
   PF_HOSTNAME=\"$WG_HOSTNAME\" \\
   ./port_forwarding.sh
 "
 
-PIA_TOKEN=$WG_TOKEN \
+PIA_TOKEN=$PIA_TOKEN \
   PF_GATEWAY="$(echo "$wireguard_json" | jq -r '.server_vip')" \
   PF_HOSTNAME="$WG_HOSTNAME" \
   ./port_forwarding.sh
diff --git a/get_region_and_token.sh b/get_region_and_token.sh
index 7ffc64b..d428a32 100755
--- a/get_region_and_token.sh
+++ b/get_region_and_token.sh
@@ -155,6 +155,7 @@ echo "$generateTokenResponse"
 
 if [ "$(echo "$generateTokenResponse" | jq -r '.status')" != "OK" ]; then
   echo "Could not get a token. Please check your account credentials."
+  echo
   echo "You can also try debugging by manually running the curl command:"
   echo $ curl -vs -u "$PIA_USER:$PIA_PASS" --cacert ca.rsa.4096.crt \
     --connect-to "$bestServer_meta_hostname::$bestServer_meta_IP:" \
@@ -166,31 +167,62 @@ token="$(echo "$generateTokenResponse" | jq -r '.token')"
 echo "This token will expire in 24 hours.
 "
 
-if [ "$PIA_AUTOCONNECT" != wireguard ]; then
-  echo If you wish to automatically connect to WireGuard after detecting the best
-  echo region, please run the script with the env var PIA_AUTOCONNECT=wireguard.
-  echo You can echo also specify the env var PIA_PF=true to get port forwarding.
-  echo Example:
-  echo $ PIA_USER=p0123456 PIA_PASS=xxx \
-    PIA_AUTOCONNECT=true PIA_PF=true ./sort_regions_by_latency.sh
-  echo
-  echo You can also connect now by running this command:
-  echo $ WG_TOKEN=\"$token\" WG_SERVER_IP=$bestServer_WG_IP \
-    WG_HOSTNAME=$bestServer_WG_hostname ./connect_to_wireguard_with_token.sh
-  exit
-fi
-
+# just making sure this variable doesn't contain some strange string
 if [ "$PIA_PF" != true ]; then
   PIA_PF="false"
 fi
 
-echo "The ./get_region_and_token.sh script got started with
-PIA_AUTOCONNECT=wireguard, so we will automatically connect to WireGuard,
-by running this command:
-$ WG_TOKEN=\"$token\" \\
-  WG_SERVER_IP=$bestServer_WG_IP WG_HOSTNAME=$bestServer_WG_hostname \\
-  PIA_PF=$PIA_PF ./connect_to_wireguard_with_token.sh
-"
+if [[ $PIA_AUTOCONNECT == wireguard ]]; then
+  echo The ./get_region_and_token.sh script got started with
+  echo PIA_AUTOCONNECT=wireguard, so we will automatically connect to WireGuard,
+  echo by running this command:
+  echo $ WG_TOKEN=\"$token\" \\
+  echo WG_SERVER_IP=$bestServer_WG_IP WG_HOSTNAME=$bestServer_WG_hostname \\
+  echo PIA_PF=$PIA_PF ./connect_to_wireguard_with_token.sh
+  echo
+  PIA_PF=$PIA_PF PIA_TOKEN="$token" WG_SERVER_IP=$bestServer_WG_IP \
+    WG_HOSTNAME=$bestServer_WG_hostname ./connect_to_wireguard_with_token.sh
+  exit 0
+fi
 
-PIA_PF=$PIA_PF WG_TOKEN="$token" WG_SERVER_IP=$bestServer_WG_IP \
+if [[ $PIA_AUTOCONNECT == openvpn* ]]; then
+  serverIP=$bestServer_OU_IP
+  serverHostname=$bestServer_OU_hostname
+  if [[ $PIA_AUTOCONNECT == *tcp* ]]; then
+    serverIP=$bestServer_OT_IP
+    serverHostname=$bestServer_OT_hostname
+  fi
+  echo The ./get_region_and_token.sh script got started with
+  echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT, so we will automatically
+  echo connect to OpenVPN, by running this command:
+  echo PIA_PF=$PIA_PF PIA_TOKEN=\"$token\" \\
+  echo   OVPN_SERVER_IP=$serverIP \\
+  echo   OVPN_HOSTNAME=$serverHostname \\
+  echo   CONNECTION_SETTINGS=$PIA_AUTOCONNECT \\
+  echo   ./connect_to_openvpn_with_token.sh
+  echo
+  PIA_PF=$PIA_PF PIA_TOKEN="$token" \
+    OVPN_SERVER_IP=$serverIP \
+    OVPN_HOSTNAME=$serverHostname \
+    CONNECTION_SETTINGS=$PIA_AUTOCONNECT \
+    ./connect_to_openvpn_with_token.sh
+  exit 0
+fi
+
+echo If you wish to automatically connect to the VPN after detecting the best
+echo region, please run the script with the env var PIA_AUTOCONNECT.
+echo 'The available options for PIA_AUTOCONNECT are (from fastest to slowest):'
+echo  - wireguard
+echo  - openvpn_udp_standard
+echo  - openvpn_udp_strong
+echo  - openvpn_tcp_standard
+echo  - openvpn_tcp_strong
+echo You can also specify the env var PIA_PF=true to get port forwarding.
+echo
+echo Example:
+echo $ PIA_USER=p0123456 PIA_PASS=xxx \
+  PIA_AUTOCONNECT=wireguard PIA_PF=true ./get_region_and_token.sh
+echo
+echo You can also connect now by running this command:
+echo $ WG_TOKEN=\"$token\" WG_SERVER_IP=$bestServer_WG_IP \
   WG_HOSTNAME=$bestServer_WG_hostname ./connect_to_wireguard_with_token.sh
diff --git a/openvpn_config/openvpn_down.sh b/openvpn_config/openvpn_down.sh
new file mode 100755
index 0000000..175ad43
--- /dev/null
+++ b/openvpn_config/openvpn_down.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Remove process and route information when connection closes
+rm -rf /opt/piavpn-manual/pia_pid /opt/pia-manual/route_info
diff --git a/openvpn_config/openvpn_down_dnsoverwrite.sh b/openvpn_config/openvpn_down_dnsoverwrite.sh
new file mode 100755
index 0000000..44cb2d3
--- /dev/null
+++ b/openvpn_config/openvpn_down_dnsoverwrite.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Remove process and route information when connection closes
+rm -rf /opt/piavpn-manual/pia_pid /opt/pia-manual/route_info
+
+# Replace resolv.conf with original stored as backup
+cat /opt/piavpn-manual/resolv_conf_backup > /etc/resolv.conf
diff --git a/openvpn_config/openvpn_up.sh b/openvpn_config/openvpn_up.sh
new file mode 100755
index 0000000..98399b0
--- /dev/null
+++ b/openvpn_config/openvpn_up.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Write gateway IP for reference
+echo $route_vpn_gateway > /opt/piavpn-manual/route_info
diff --git a/openvpn_config/openvpn_up_dnsoverwrite.sh b/openvpn_config/openvpn_up_dnsoverwrite.sh
new file mode 100755
index 0000000..90f2a5b
--- /dev/null
+++ b/openvpn_config/openvpn_up_dnsoverwrite.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Write gateway IP for reference
+echo $route_vpn_gateway > /opt/piavpn-manual/route_info
+
+# Back up resolv.conf and create new on with PIA DNS
+cat /etc/resolv.conf > /opt/piavpn-manual/resolv_conf_backup
+echo "# Generated by /connect_to_openvpn_with_token.sh
+nameserver 10.0.0.241" > /etc/resolv.conf
diff --git a/openvpn_config/standard.ovpn b/openvpn_config/standard.ovpn
new file mode 100644
index 0000000..1f4fefd
--- /dev/null
+++ b/openvpn_config/standard.ovpn
@@ -0,0 +1,56 @@
+client
+dev tun06
+resolv-retry infinite 
+nobind 
+persist-key 
+persist-tun 
+cipher aes-128-cbc 
+auth sha1 
+tls-client 
+remote-cert-tls server
+	
+auth-user-pass /opt/piavpn-manual/credentials 
+compress 
+verb 1 
+reneg-sec 0 
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
+BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
+dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
+IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
+FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
+MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
+EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
+QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
+AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
+ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
+bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
+L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
+lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
+cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
+8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
+/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
+OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
+y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
+sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
+b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
+A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
+SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
+czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
+b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
+a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
+ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
+7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
+GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
+1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
+YDQ8z9v+DMO6iwyIDRiU
+-----END CERTIFICATE-----
+</ca>
+
+disable-occ
+script-security 2
+up /opt/piavpn-manual/openvpn_up.sh
+down /opt/piavpn-manual/openvpn_down.sh
diff --git a/openvpn_config/strong.ovpn b/openvpn_config/strong.ovpn
new file mode 100644
index 0000000..91d344a
--- /dev/null
+++ b/openvpn_config/strong.ovpn
@@ -0,0 +1,66 @@
+client
+dev tun06
+resolv-retry infinite 
+nobind 
+persist-key 
+persist-tun 
+cipher aes-256-cbc 
+auth sha256 
+tls-client 
+remote-cert-tls server
+	
+auth-user-pass /opt/piavpn-manual/credentials 
+compress 
+verb 1 
+reneg-sec 0 
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
+BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
+dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
+IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
+FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
+MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
+EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
+QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
+AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
+ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
+bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
+hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
+De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
+V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
+25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
+fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
+p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
+Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
+tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
+jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
+meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
+1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
+HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
+yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
+cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
+HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
+ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
+aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
+pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
+Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
+tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
+LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
+6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
+5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
+JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
+iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
+8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
++no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
+-----END CERTIFICATE-----
+</ca>
+
+disable-occ
+script-security 2
+up /opt/piavpn-manual/openvpn_up.sh
+down /opt/piavpn-manual/openvpn_down.sh
diff --git a/port_forwarding.sh b/port_forwarding.sh
index 32ffe32..598bd19 100755
--- a/port_forwarding.sh
+++ b/port_forwarding.sh
@@ -21,7 +21,7 @@
 
 
 # Check if the mandatory environment variables are set.
-if [[ ! $PF_GATEWAY || ! $PIA_TOKEN ]]; then
+if [[ ! $PF_GATEWAY || ! $PIA_TOKEN || ! $PF_HOSTNAME ]]; then
   echo This script requires 3 env vars:
   echo PF_GATEWAY  - the IP of your gateway
   echo PF_HOSTNAME - name of the host used for SSL/TLS certificate verification
diff --git a/run_setup.sh b/run_setup.sh
new file mode 100755
index 0000000..254f752
--- /dev/null
+++ b/run_setup.sh
@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Copyright (C) 2020 Private Internet Access, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# Only allow script to run as 
+if [ "$(whoami)" != "root" ]; then
+  echo "This script needs to be run as root. Try again with 'sudo $0'"
+  exit 1
+fi
+
+echo
+echo -n "PIA username (pNNNNNNN): "
+read PIA_USER
+
+if [ -z "$PIA_USER" ]; then
+  echo Username is required, aborting.
+  exit 1
+fi
+echo
+export PIA_USER
+
+echo -n "PIA password: "
+read -s PIA_PASS
+echo
+
+if [ -z "$PIA_PASS" ]; then
+  echo Password is required, aborting.
+  exit 1
+fi
+echo
+export PIA_PASS
+
+# This section asks for user connection preferences
+# this is hard coded for now, but will become an input
+# variable in the future.
+echo -n "Connection method ([W]ireguard/[o]penvpn): "
+read connection_method
+echo
+
+PIA_AUTOCONNECT="wireguard"
+if echo ${connection_method:0:1} | grep -iq o; then
+  echo -n "Connection method ([U]dp/[t]cp): "
+  read protocolInput
+  echo
+  
+  protocol="udp"
+  if echo ${protocolInput:0:1} | grep -iq t; then
+    protocol="tcp"
+  fi
+  
+  echo "Higher levels of encryption trade performance for security. "
+  echo -n "Do you want to use strong encryption ([N]o/[y]es): "
+  read strongEncryption
+  echo
+  
+  encryption="standard"
+  if echo ${strongEncryption:0:1} | grep -iq y; then
+    encryption="strong"
+  fi
+
+  PIA_AUTOCONNECT="openvpn_${protocol}_${encryption}"
+fi
+export PIA_AUTOCONNECT
+echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT"
+"
+
+# Check for the required presence of resolvconf for settnig DNS on wireguard connections.
+setDNS="yes"
+if ! command -v resolvconf &>/dev/null && [ "$PIA_AUTOCONNECT" == wireguard ]; then
+  echo The resolvconf package could not be found.
+  echo This script can not set DNS for you and you will
+  echo need to invoke DNS protection some other way.
+  echo
+  setDNS="no"
+fi
+
+if [ "$setDNS" != no ]; then
+  echo Using third party DNS could allow DNS monitoring.
+  echo -n "Do you want to force PIA DNS ([Y]es/[n]o): "
+  read setDNS
+  echo
+fi
+  
+PIA_DNS="true"
+if echo ${setDNS:0:1} | grep -iq n; then
+  PIA_DNS="false"
+fi
+
+PIA_DNS="true"
+if  echo ${setDNS:0:1} | grep -iq n; then
+  PIA_DNS="false"
+fi
+export PIA_DNS
+echo PIA_DNS=$PIA_DNS"
+"
+
+echo -n "Do you want a forwarding port assigned ([N]o/[y]es): "
+read portForwarding
+echo
+
+PIA_PF="false"
+if echo ${portForwarding:0:1} | grep -iq y; then
+  PIA_PF="true"
+fi
+export PIA_PF
+echo PIA_PF=$PIA_PF
+
+# Set this to the maximum allowed latency in seconds.
+# All servers that repond slower than this will be ignored.
+echo -n "
+With no input, the maximum allowed latency will be set to 0.05s (50ms).
+If your connection has high latency, you may need to increase this value.
+For example, you can try 0.2 for 200ms allowed latency.
+Custom latency (no input required for 50ms): "
+read customLatency
+echo
+
+MAX_LATENCY=0.05
+if [[ $customLatency != "" ]]; then
+  MAX_LATENCY=$customLatency
+fi
+export MAX_LATENCY
+echo "MAX_LATENCY=\"$MAX_LATENCY\"
+"
+
+echo "Having active IPv6 connections might compromise security by allowing"
+echo "split tunnel connections that run outside the VPN tunnel."
+echo -n "Do you want to disable IPv6? (Y/n): "
+read disable_IPv6
+echo
+
+if echo ${disable_IPv6:0:1} | grep -iq n; then
+  echo "IPv6 settings have not been altered.
+  "
+else
+  sysctl -w net.ipv6.conf.all.disable_ipv6=1
+  sysctl -w net.ipv6.conf.default.disable_ipv6=1
+  echo
+  echo "IPv6 has been disabled, you can enable it again with: "
+  echo "sysctl -w net.ipv6.conf.all.disable_ipv6=0"
+  echo "sysctl -w net.ipv6.conf.default.disable_ipv6=0
+  "
+fi
+
+./get_region_and_token.sh