Port Forwarding with OpenVPN on Linux/Windows/PfSense (Advanced Users)
(work in progress)
Please DO NOT ask PIA support to assist with these guides or steps in any manner as they are all unofficial! Thank you!
Note: Please read the "Port Forwarding" section on the client-support page.
* It says "Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled."
If you have decided that you still want to use Port Forwarding anyway, continue reading...
Understanding how to request a port from PIA
- Four pieces of info are needed to request a port from PIA while connected to a PIA server that has port forwarding enabled
Here is a list of the PIA servers that are port forwarding enabled!
piauser="p1234567"
piapass="Hi3kF3g283"
client_id="d077f244def8a70e5ea758bd8352fcd8"
local_ip="10.115.1.6"
[code]
#!/bin/bash
# PIA VPN Linux port finder
######################################################
# Configuration Section
######################################################
# Set the path where this script is stored Ex. "/home/john/"
path_to_script="/home/john/"
# Enter you're PIA VPN username and password
piauser="p2099690"
piapass="Hi3kF2g284"
# The PIA port request URL (You should not need to change this)
pia_request_url="https://www.privateinternetaccess.com/vpninfo/port_forward_assignment"
######################################################
# End of Configuration Section
######################################################
# Warning!
# Warning! Do not edit anything below unless to intend to modify this script
# Required Dependancies * (likly that all are already installed on most Linux distrobutions)
# =====================
# /bin/bash
# /bin/echo
# /usr/bin/whoami
# /bin/date
# /dev/urandom
# /usr/bin/md5sum
# /usr/bin/tr
# /usr/bin/head
# /sbin/ifconfig
# /bin/grep
# /usr/bin/awk
# /usr/bin/curl
clear
echo "========================================================"
# Test if running at root or not
user=`whoami`
echo ""
if [ "$user" = "root" ]; then
echo "- User is root (Good!)"
chmod 700 $path_to_script"pia-port.bash" # Set persmissions for the user and root only!
else
echo "This script must be run as root! You are currently logged in as \"$user\""
echo ""
echo "Please switch to root and run the script again!"
echo ""
exit
fi
# Gather current time and date
date_now=$(/bin/date +"%Y-%m-%d_%H:%M:%S")
# Define path to pia_client_id
pia_client_id=$path_to_script"pia_client_id"
#echo "path for pia_client_id = "$pia_client_id # Uncomment for debugging
#echo "" # Uncomment for debugging
# Check for pia_client_id file
if [ -f $pia_client_id ]; then
echo "- pia_client_id file exists (Good!)"
else
echo "pia_client_id file does not exist!"
echo ""
echo "Generateing pia_client_id file now."
head -n 100 /dev/urandom | md5sum | tr -d " -" > $pia_client_id
chmod 600 $pia_client_id # Set persmissions for the user and root only!
echo ""
fi
# Check for tun0
tuncheck=$( { /sbin/ifconfig tun0; } 2>&1 )
#echo "tun check = "$tuncheck # Uncomment for debugging
#echo "" # Uncomment for debugging
# Display info about tunnel
#tunnelinfo=$( { /sbin/ip link show dev tun0; } 2>&1 ) # Uncomment for debugging
#echo "$tunnelinfo" # Uncomment for debugging
#echo "" # Uncomment for debugging
tunnotfound="not found"
if [ "${tuncheck/$tunnotfound}" = "$tuncheck" ] ; then
echo "- VPN tunnel appears to be up and connected (Good!)"
else
echo "Error detected! tun0 was \"not found\""
echo "Please make sure both internet and the VPN is connected!"
echo ""
echo "Then run this script again!"
echo ""
exit
fi
if [ $? -eq 0 ]; then
# Working on debian based bl-Hydrogen-rc1
local_ip=$(/sbin/ifconfig tun0 | /bin/grep inet | /usr/bin/awk -F: '{print $2}' | /usr/bin/awk '{print $1}')
if [ "$local_ip" = "" ]; then
# The following worked for Manjaro
echo "- local_ip pull failed! Attempting alternet pull!"
local_ip=$(/sbin/ifconfig tun0 | /bin/grep inet | awk '{print $2 }')
fi
else
# Inform user that the tunnel is not up! You are not connected to the VPN!
echo "tun0 not present - Please connect to the VPN and run this script again" >> $path_to_script"openvpn_pia_port_fwd.txt"
fi
# Pull client_id from path and file for var
client_id=$(cat $path_to_script"pia_client_id")
# Var output for reference
echo ""
echo "Requesting a port with the following information from..."
echo "... $pia_request_url"
echo "- Your PIA username and password (Example p1234567)"
echo "- client_id = $client_id"
echo "- local_ip = $local_ip"
echo ""
echo "Hint: Delete pia_client_id to cycle to a new port number with..."
echo "rm pia_client_id & ./pia-port.bash"
echo ""
echo "One moment..."
echo ""
# The magic part! PIA don't let me down!
# Post a request for a port to PIA's https://www.privateinternetaccess.com/vpninfo/port_forward_assignment
pia_response=$(/usr/bin/curl -d "user=$piauser&pass=$piapass&client_id=$client_id&local_ip=$local_ip" $pia_request_url 2>/dev/null)
# Check if PIA actually responded or not
if [ ${#pia_response} -gt 0 ]; then
echo "PIA has responded as of $date_now"
# Remove this part or fix ?
# Code that might work for /usr/bin/transmission-remote
# Seperate only the port number from PIA's resonce with grep and put into var
#transmission_port=`echo $pia_response | /bin/grep -oE '[0-9]+'`
# If the response is within the range (link with transmission torrent app)
# if [ $transmission_port -gt 1024 ] && [ $transmission_port -lt 65535 ]; then
# echo "transmission_port: $transmission_port" >> /root/test-scripts/openvpn_pia_port_fwd.txt
# sudo /usr/bin/transmission-remote -p $transmission_port | tee -a /root/test-scripts/openvpn_pia_port_fwd.txt
# else
# echo "transmission_port: error" >> /root/test-scripts/openvpn_pia_port_fwd.txt
# fi
else
# Inform user that the pia server failed to respond in an expected manner
echo "Failed to get response from PIA with request sent."
echo ""
exit
fi
echo "PIA's Response: $pia_response"
echo ""
echo "========================================================"
[/code]
Please DO NOT ask PIA support to assist with these guides or steps in any manner as they are all unofficial! Thank you!
Note: Please read the "Port Forwarding" section on the client-support page.
* It says "Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled."
If you have decided that you still want to use Port Forwarding anyway, continue reading...
Understanding how to request a port from PIA
- Four pieces of info are needed to request a port from PIA while connected to a PIA server that has port forwarding enabled
1) Your PIA VPN username - Ex. p1234567
2) Your PIA VPN password - Ex. Hi3kF3g283
3) Your current PIA tunnel LAN IP - Ex. 10.115.1.6
4) A unique 32 character hash - Ex. d077f244def8a70e5ea758bd8352fcd8
3) Your current PIA tunnel LAN IP - Ex. 10.115.1.6
4) A unique 32 character hash - Ex. d077f244def8a70e5ea758bd8352fcd8
Here is a list of the PIA servers that are port forwarding enabled!
CA Toronto
CA North York
Netherlands
Sweden
Switzerland
France
Germany
Russia
Romania
Israel
CA North York
Netherlands
Sweden
Switzerland
France
Germany
Russia
Romania
Israel
piauser="p1234567"
piapass="Hi3kF3g283"
client_id="d077f244def8a70e5ea758bd8352fcd8"
local_ip="10.115.1.6"
[code]
#!/bin/bash
# PIA VPN Linux port finder
######################################################
# Configuration Section
######################################################
# Set the path where this script is stored Ex. "/home/john/"
path_to_script="/home/john/"
# Enter you're PIA VPN username and password
piauser="p2099690"
piapass="Hi3kF2g284"
# The PIA port request URL (You should not need to change this)
pia_request_url="https://www.privateinternetaccess.com/vpninfo/port_forward_assignment"
######################################################
# End of Configuration Section
######################################################
# Warning!
# Warning! Do not edit anything below unless to intend to modify this script
# Required Dependancies * (likly that all are already installed on most Linux distrobutions)
# =====================
# /bin/bash
# /bin/echo
# /usr/bin/whoami
# /bin/date
# /dev/urandom
# /usr/bin/md5sum
# /usr/bin/tr
# /usr/bin/head
# /sbin/ifconfig
# /bin/grep
# /usr/bin/awk
# /usr/bin/curl
clear
echo "========================================================"
# Test if running at root or not
user=`whoami`
echo ""
if [ "$user" = "root" ]; then
echo "- User is root (Good!)"
chmod 700 $path_to_script"pia-port.bash" # Set persmissions for the user and root only!
else
echo "This script must be run as root! You are currently logged in as \"$user\""
echo ""
echo "Please switch to root and run the script again!"
echo ""
exit
fi
# Gather current time and date
date_now=$(/bin/date +"%Y-%m-%d_%H:%M:%S")
# Define path to pia_client_id
pia_client_id=$path_to_script"pia_client_id"
#echo "path for pia_client_id = "$pia_client_id # Uncomment for debugging
#echo "" # Uncomment for debugging
# Check for pia_client_id file
if [ -f $pia_client_id ]; then
echo "- pia_client_id file exists (Good!)"
else
echo "pia_client_id file does not exist!"
echo ""
echo "Generateing pia_client_id file now."
head -n 100 /dev/urandom | md5sum | tr -d " -" > $pia_client_id
chmod 600 $pia_client_id # Set persmissions for the user and root only!
echo ""
fi
# Check for tun0
tuncheck=$( { /sbin/ifconfig tun0; } 2>&1 )
#echo "tun check = "$tuncheck # Uncomment for debugging
#echo "" # Uncomment for debugging
# Display info about tunnel
#tunnelinfo=$( { /sbin/ip link show dev tun0; } 2>&1 ) # Uncomment for debugging
#echo "$tunnelinfo" # Uncomment for debugging
#echo "" # Uncomment for debugging
tunnotfound="not found"
if [ "${tuncheck/$tunnotfound}" = "$tuncheck" ] ; then
echo "- VPN tunnel appears to be up and connected (Good!)"
else
echo "Error detected! tun0 was \"not found\""
echo "Please make sure both internet and the VPN is connected!"
echo ""
echo "Then run this script again!"
echo ""
exit
fi
if [ $? -eq 0 ]; then
# Working on debian based bl-Hydrogen-rc1
local_ip=$(/sbin/ifconfig tun0 | /bin/grep inet | /usr/bin/awk -F: '{print $2}' | /usr/bin/awk '{print $1}')
if [ "$local_ip" = "" ]; then
# The following worked for Manjaro
echo "- local_ip pull failed! Attempting alternet pull!"
local_ip=$(/sbin/ifconfig tun0 | /bin/grep inet | awk '{print $2 }')
fi
else
# Inform user that the tunnel is not up! You are not connected to the VPN!
echo "tun0 not present - Please connect to the VPN and run this script again" >> $path_to_script"openvpn_pia_port_fwd.txt"
fi
# Pull client_id from path and file for var
client_id=$(cat $path_to_script"pia_client_id")
# Var output for reference
echo ""
echo "Requesting a port with the following information from..."
echo "... $pia_request_url"
echo "- Your PIA username and password (Example p1234567)"
echo "- client_id = $client_id"
echo "- local_ip = $local_ip"
echo ""
echo "Hint: Delete pia_client_id to cycle to a new port number with..."
echo "rm pia_client_id & ./pia-port.bash"
echo ""
echo "One moment..."
echo ""
# The magic part! PIA don't let me down!
# Post a request for a port to PIA's https://www.privateinternetaccess.com/vpninfo/port_forward_assignment
pia_response=$(/usr/bin/curl -d "user=$piauser&pass=$piapass&client_id=$client_id&local_ip=$local_ip" $pia_request_url 2>/dev/null)
# Check if PIA actually responded or not
if [ ${#pia_response} -gt 0 ]; then
echo "PIA has responded as of $date_now"
# Remove this part or fix ?
# Code that might work for /usr/bin/transmission-remote
# Seperate only the port number from PIA's resonce with grep and put into var
#transmission_port=`echo $pia_response | /bin/grep -oE '[0-9]+'`
# If the response is within the range (link with transmission torrent app)
# if [ $transmission_port -gt 1024 ] && [ $transmission_port -lt 65535 ]; then
# echo "transmission_port: $transmission_port" >> /root/test-scripts/openvpn_pia_port_fwd.txt
# sudo /usr/bin/transmission-remote -p $transmission_port | tee -a /root/test-scripts/openvpn_pia_port_fwd.txt
# else
# echo "transmission_port: error" >> /root/test-scripts/openvpn_pia_port_fwd.txt
# fi
else
# Inform user that the pia server failed to respond in an expected manner
echo "Failed to get response from PIA with request sent."
echo ""
exit
fi
echo "PIA's Response: $pia_response"
echo ""
echo "========================================================"
[/code]
To donate, please scan the QR code to the left or send bitcoins to the following address:
17ioPjLoCLDsUKwNpGV9dGtnLmpM8ioyUn
Comments
Ref: https://technet.microsoft.com/en-us/library/ee176961.aspx
Open your text editor and name the file this - "pia-port.ps1"
Put in the file the following and save it.
clear
echo ""
echo "PIA PowerShell Script"
echo ""
# Configuration Section
$USERNAME="p1234567"
$PASS="Hi3kF5g284"
$CLIENT_ID="8765ac58012872ab237333bac10f2c63"
$ip="10.119.1.6"
# End of configuration section
$web = New-Object System.Net.WebClient
echo "Waiting for responce from PIA..."
echo ""
$web.UploadString("https://www.privateinternetaccess.com/vpninfo/port_forward_assignment","user=$USERNAME&pass=$PASS&client_id=$CLIENT_ID&local_ip=$ip")
echo ""