As far as i know you get the key files (RSA-4096) from PIA. You might want to ask there.
And right from the OpenVPN
wiki:
In the example config file from the link i sent you:
Just a FYI, none of those cyphers work with the version of TLS that comes with openvpn. These are all SHA1. (on freenas)
These are the ones that are available.
[root@customplugin_1 /]# openvpn --show-tls
Available TLS Ciphers,
listed in order of preference:
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
TLS-RSA-WITH-3DES-EDE-CBC-SHA
DES-CBC3-MD5 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-DSS-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
RC2-CBC-MD5 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-RSA-WITH-RC4-128-SHA
TLS-RSA-WITH-RC4-128-MD5
TLS-RSA-WITH-RC4-128-MD5
TLS-DHE-RSA-WITH-DES-CBC-SHA
TLS-DHE-DSS-WITH-DES-CBC-SHA
TLS-RSA-WITH-DES-CBC-SHA
DES-CBC-MD5 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA
TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA
TLS-RSA-EXPORT-WITH-DES40-CBC-SHA
TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5
TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5
TLS-RSA-EXPORT-WITH-RC4-40-MD5
TLS-RSA-EXPORT-WITH-RC4-40-MD5
I was able to get AES-128-CBC working but it also required changing the server port number to 1196. I can't find any reference to a AES-256 port number, I've contacted PIA about it.