- apply pia_openvpn.patch to OpenVPN 2.2.2* (included in this archive) [ http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz ]
  - tar xf openvpn-2.2.2.tar.gz && cd openvpn-2.2.2 && patch < ../pia_openvpn.patch

- compile patched OpenVPN normally
  - ./configure --enable-password-save && make && sudo make install

- IMPORTANT: add the configuration option '--pia-signal-settings'

- to use a different cipher add the configuration option '--cipher CIPHER' 
  - supported ciphers are:
    - AES-128:       '--cipher aes-128-cbc'   << recommended
    - AES-256:       '--cipher aes-256-cbc'
    - Blowfish:      '--cipher bf-cbc'
    - No Encryption: '--cipher none'

- to use a different authentication digest add the configuration option '--auth DIGEST'
  - supported digests are: 
    - SHA1:              '--auth sha1'        << recommended
    - SHA256:            '--auth sha256'
    - No Authentication: '--auth none'

- to use differnet handshake encryption change the configuration option '--ca CERT'
  - supported handshake encryptions are:
    - RSA-2048:  '--ca ca_rsa2048.crt'        << recommended
    - RSA-3072:  '--ca ca_rsa3072.crt'
    - RSA-4096:  '--ca ca_rsa4096.crt'
    - ECC-256k1: '--ca ca_ecdsa256k1.crt'
    - ECC-256r1: '--ca ca_ecdsa256r1.crt'
    - ECC-521:   '--ca ca_ecdsa521.crt'

- for more information on vpn encryption choices see https://www.privateinternetaccess.com/pages/vpn-encryption

* our patch also includes a security patch which 2.2.2 requires 
  ( https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee )
