In a nutshell getting which port to forward is the first problem. Pia says to
Code:
How to use it:
1. wget https://www.privateinternetaccess.com/installer/port_forward.sh
2. chmod +x port_forward.sh
3. Make sure you are connected in one of the gateways that supports port forwarding
3. ./port_forward.sh <user> <password>
It should return something like: { "port": 23423 }
wget: not an http or ftp url: https://www.privateinternetaccess.com/installer/port_forward.sh
Entering the script alone
Code:
root@DD-WRT:~# #! /bin/bash
#
# Enable port forwarding
#
# Requirements:
# your Private Internet Access user and password as arguments
#
# Usage:
# ./port_forward.sh <user> <password>
The IP of my host running the email and web server is excluded from the policy based routing.
so this means all traffic to and from that machine is over the wan? If so that is what I was trying to avoid. The script from PIA support is meant to give the port to forward (or not). Not able to get that to happen and what I have going on on the windows machine is working. I just do not like using windows.
However you need sha256sum for it to work, I just installed it via Entware ng: opkg install coreutils-sha256sum
and lo and behold it actually works. Mind you if you are using PBR you have to route their server adress: http://209.222.18.222 through the VPN
Also it only works the first 2 minutes the VPN is up!
I installed entware on usb. I believe I installed sha256sum, not sure how to know that worked.
Ran the install script from Pia.
pw@pw-MP8708:~$ ./port_forwarding.sh
Loading port forward assignment information...
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
However you need sha256sum for it to work, I just installed it via Entware ng: opkg install coreutils-sha256sum
and lo and behold it actually works. Mind you if you are using PBR you have to route their server adress: http://209.222.18.222 through the VPN
Also it only works the first 2 minutes the VPN is up!
Finally got that to return a port number.
egc wrote
Quote:
Besides the new API will get you the port number but from there on you have to write a script for port forwarding that particular port to your destined port I guess.
(If I ever need such a script I know where to find you)
However you need sha256sum for it to work, I just installed it via Entware ng: opkg install coreutils-sha256sum
and lo and behold it actually works. Mind you if you are using PBR you have to route their server adress: http://209.222.18.222 through the VPN
Also it only works the first 2 minutes the VPN is up!
Finally got that to return a port number.
egc wrote
Quote:
Besides the new API will get you the port number but from there on you have to write a script for port forwarding that particular port to your destined port I guess.
(If I ever need such a script I know where to find you)
Looks like this is what I need a little help with now.
Let me see what I can do. I have a pretty good idea what needs to be done. But I may have to rely on you guys to test since I'm not all that interested in opening a PIA account just for this. I wish these VPN providers offered developer accounts so we could easily address the problems of *their* customers.
I still say my existing PBR scripts are the better solution. Because either way, we're still dependent on scripting, user modifications to those scripts, and user installation. So it only makes sense to me to use the scripting option that offers the most bang for the buck. And which is already tested and proven.
But I'll still give it a go.
Glad you stepped in. I have scripting and programming skills but only for Windows.
The output of the PIA API is:
{"port":58636}
so my limited linux knowledge would use sed or tr to extract the numbers
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Sun Feb 11, 2018 10:50 Post subject:
I am interested, if only for learning some advanced scripting
For posterity:
Installation of Entware and coreutils-sha256sum is not necessary.
it is entirely possible to get an unique hash with windows:
Open a CMD prompt and issue:
Code:
certutil -hashfile myfile SHA256
For myfile use a unique personale file. This will give you a hash like: 0796bfb0c5c8565be79b337af2fc09ac9ecc0abe48ba25ede424c06d420ab78c
In the script use this hash like:
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Sun Feb 11, 2018 16:50 Post subject:
I have adapted the port forwarding PIA script:
1. To use the VPN tunnel (curl --interface VPNTUNNEL) this can be useful if PBR is used (Next step is to seek the actual VPN interface name, I now use tun1, I can AWK the routing table probably to automate this)
2. Incorporate code if a fixed client identifier is used, described in the previous post. The fixed identifier can be set in startup command. This fixed identifier returns the same port even after 2 minutes, but in order to work it has to be run a first time within 2 minutes of the start of the VPN.
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Mon Feb 12, 2018 7:07 Post subject:
Yes I have tested the hash can be reused.
It is only as a unique identifier relative to every other user. So static would be fine.
I have reworked my last script to use a static hash and that was working