I've uploading this new script to my QNAP NAS, and re-connected to the VPN,
When I run the script I get the following output and error.
Loading port forward assignment information...
./port_forwarding.sh: line 41: sha256sum: command not found
{"error":"bad client_id"}
Any hints?
For the moment, I've gone back to the old script, which works fine still. I'm assuming I don't need to enter my username and password like I did on the old script?
Maybe add logging to the script, to print the port number to a log file, just for troubleshooting, once I know it works, I can easily use the $port variable in my scripts.
some peoples companies do not allow router access or even buying your own and using it (yes USA) I have killer net 100mbps standard pack 1GIG next level but we are not allowed via terms to use another router OR given access to admin/login to the routers but theirs and if they ping you and you are using can result in immediate termination of service without warning.
This is the only ISP we have in our county and few surrounding & they are spreading far out now to others but I prefer them now unlike past because it is just much simpler 1 comp and not having 5 other crew out jacking up the fiber lines etc for other services.
But I have used them all the top ones ours is Locally owned and best I have ever seen like I mentioned in another post google was hired to come in our major part of states and still cannot pull the speeds we have even for Aerospace corps lol
Very nice, a lot of improvement but we have 2 bad side-effects: 1)What I can do if I need 2 opened ports for the same connection/computer/router? 2)Therefore I must open the port even when I do not need to avoid reconnection?
I think there is a problem with the script at the moment, I've got two NAS boxes using this script that worked fine yesterday, and today both keep coming back with
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
I've tried switching from Netherlands to France, but I get the same problem either way. Hope it's fixed soon.
I take it back, it doesn't work either. It gives a port number but the port remains closed.
I've also tried with the Windows PIA app, and I can't see it giving me a port number when I hover over the icon, so I'm guessing port forwarding is totally knackered at the moment.
I can confirm that neither method for port forwarding is working at the moment. I had been using the 'old' method until today, when I noticed the port numbers I was getting were closed. Tried the 'new' api, but I haven't seen it work yet. I have tried Netherlands, Toronto, and Montreal servers.
Hope this gets fixed, as far as I can tell so far, the new api doesn't require username/password to be transmitted, which is nice. The script also seems to generate a new client_id everytime it's run, is that proper or is it meant to be an example script only?
i've created a vpn connection via pfsense and I have a script that runs to automatically create the port forward at startup. However, I sometimes miss the reply telling me what port has been allocated - what command do I run via command line to see the port that's been allocated?
I've uploading this new script to my QNAP NAS, and re-connected to the VPN,
When I run the script I get the following output and error.
Loading port forward assignment information...
./port_forwarding.sh: line 41: sha256sum: command not found
{"error":"bad client_id"}
Any hints?
For the moment, I've gone back to the old script, which works fine still. I'm assuming I don't need to enter my username and password like I did on the old script?
Me too same thing.. And not able to resolve that..
Hi, This is probably the wrong place to ask, but I just switched from the desktop client to installing ddwrt on my router so that all devices in my home are protected behind the vpn, but I would like to forward ports for a couple of private trackers, and am not a Linux programmer - is there an easy way/tutorial for getting the script installed on my router, or do I need to go back to using the windows client for port forwarding (I changed because I have more than 5 devices in my household)? Thanks
I'm still using the old polling method to get the port, and seems it's still working.
Also, I want to pass the port number and export that as a system variable so the next script will just pick it up from there. I should just do a sed on the $json and just export that as a variable?
I'm still using the old polling method to get the port, and seems it's still working.
Also, I want to pass the port number and export that as a system variable so the next script will just pick it up from there. I should just do a sed on the $json and just export that as a variable?
Sorry for the hassle, but could you provide a link with details/instructions of the old polling method so I can try that out. I only learned about the new method.
I'm still using the old polling method to get the port, and seems it's still working.
Also, I want to pass the port number and export that as a system variable so the next script will just pick it up from there. I should just do a sed on the $json and just export that as a variable?
Sorry for the hassle, but could you provide a link with details/instructions of the old polling method so I can try that out. I only learned about the new method.
Back on the topic of the original thread, I still can't get this working. I checked the permissions and everything, but seems like it still refuses to run the script as the route-up script.
I then get the error `{"error":"bad client_id"}`. However, if I then do `echo $client_id`, copy the result, and manually replace it when I call `curl` again, then everything works out.
Is there a definitive way to get the current forwarded port from the Windows PIA Client app (the one you see when hovering over the tray icon)? My computer sleeps after a while and when it wakes up it seems the port changes. Ideally I'd like to update my torrent client with the new port (and I can write a small app to do that as long as I can retrieve the port from the client app somehow)
PM4JI, but it doesn't seem this approach has been thoroughly reviewed by skeptical engineers looking for corner cases and implementation problems. Why can't the random number be reused? Why is a random number required if it cannot be reused? Why only 2 minutes? What exactly is the point of this? Is it to improve privacy by making it difficult to associate ports with accounts? Is 4k SSL not enough to protect the tunnel? And if the tunnel can be breached, the user's IP address will be known anyhow.
The previous method, though requiring the sending of credentials, worked without significant issues in all use cases. My script ran on a 5 minute timer, which was required to keep my forwarded port active, and by getting the port number each time it ran I could also make a sound to alert me if my connection was knackered.
The same cannot be said for this new approach. It introduces timing issues at startup and doesn't allow the re-retrieval of the port. This new method will still require me to constantly run my script and no longer provide me with a useful indication that PIA is still up. Worse yet, I can't set it on a 5 minute timer anymore, it will have to be on a 1 minute timer so it will get the port in the case I have to restart OpenVPN. This means more queries for PIA to handle, and I'm sure I'm not the only one so multiply that by many.
Here is my suggestion: rather than the client generating the random key, PIA will supply a random key upon request at any time without time limit. That key can then be used at any time to retrieve the port number. If the client requests the key again, a new key is returned without affecting the port in use. If an attempt is made using the old key, the client gets a warning that something fishy has happened.
This solves the following issues: key collision (you know it's going to happen from time to time), credentials presentation (also solved by this bad attempt), user driven key expiration (which is just good idea), and repeated port requests (which some people find useful).
Or you could just use the old approach and not require credentials. The new method doesn't need credentials, and the use of a key is just noise.
This is broken again for endpoint netherlands, getting the following output (multiple retries up to 2 minute limit) PLEASE can somebody take a look at this:- @doaks
[warn] Response code 000 from curl != 2xx
[warn] Exit code 52 from curl != 0
[info] Retrying in 10 secs...
[warn] Response code 000 from curl != 2xx
[warn] Exit code 52 from curl != 0
[info] Retrying in 10 secs...
[warn] Response code 000 from curl != 2xx
[warn] Exit code 52 from curl != 0
[info] Retrying in 10 secs...
[warn] Response code 000 from curl != 2xx, exausted retries exiting script...
I opened a ticket asking for them to review this thread. I'm having problems, June 23. I get the error message that I've already got a port, expired, or server doesn't support (yes it does). Running on Debian 9.
I am getting a different port number each time I restart openvpn and run the script, but I cannot get anything to connect to it for the life of me! Running Debian 9 too
curl: (7) Failed to connect to 209.222.18.222 port 2000: Connection refused
Forgot to explain. I always seems to get the error message, and it doesn't give me a port. I've been redirecting output to a file to try and manually capture the port to update until I figure this out, but apparently I'm not allowed to connect even though my vpn is up?
Comments
When I run the script I get the following output and error.
Any hints?
For the moment, I've gone back to the old script, which works fine still. I'm assuming I don't need to enter my username and password like I did on the old script?
This probably came from me installing entware-ng on my qnap which broke ipkg packages i had installed previously.
Issuing the command
opkg install coreutils-sha256sum
Installed the required package, and I am now able to run the new script on QNAP NAS.
https://www.privateinternetaccess.com/forum/discussion/comment/19419/#Comment_19419
however it seems it never got implemented which is a pity as it means so much mucking around with disconnecting/connecting again and again.
PIA is this still possible to be implemented as per the promise
This is the only ISP we have in our county and few surrounding & they are spreading far out now to others but I prefer them now unlike past because it is just much simpler 1 comp and not having 5 other crew out jacking up the fiber lines etc for other services.
But I have used them all the top ones ours is Locally owned and best I have ever seen like I mentioned in another post google was hired to come in our major part of states and still cannot pull the speeds we have even for Aerospace corps lol
1)What I can do if I need 2 opened ports for the same connection/computer/router?
2)Therefore I must open the port even when I do not need to avoid reconnection?
Any suggestion?
After some time this turns into
# curl "http://209.222.18.222:2000/?client_id=$client_id"
which presumably means that the 2 minutes window is over.
A call without the client_id returns a JSON message: {"error":"bad client_id"}
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
I've tried switching from Netherlands to France, but I get the same problem either way. Hope it's fixed soon.
I take it back, it doesn't work either. It gives a port number but the port remains closed.
I've also tried with the Windows PIA app, and I can't see it giving me a port number when I hover over the icon, so I'm guessing port forwarding is totally knackered at the moment.
I can confirm that neither method for port forwarding is working at the moment. I had been using the 'old' method until today, when I noticed the port numbers I was getting were closed. Tried the 'new' api, but I haven't seen it work yet. I have tried Netherlands, Toronto, and Montreal servers.
Hope this gets fixed, as far as I can tell so far, the new api doesn't require username/password to be transmitted, which is nice. The script also seems to generate a new client_id everytime it's run, is that proper or is it meant to be an example script only?
Thanks
Me too same thing.. And not able to resolve that..
curl: (56) Recv failure: Connection reset by peer
This is probably the wrong place to ask, but I just switched from the desktop client to installing ddwrt on my router so that all devices in my home are protected behind the vpn, but I would like to forward ports for a couple of private trackers, and am not a Linux programmer - is there an easy way/tutorial for getting the script installed on my router, or do I need to go back to using the windows client for port forwarding (I changed because I have more than 5 devices in my household)? Thanks
Also, I want to pass the port number and export that as a system variable so the next script will just pick it up from there. I should just do a sed on the $json and just export that as a variable?
Back on the topic of the original thread, I still can't get this working. I checked the permissions and everything, but seems like it still refuses to run the script as the route-up script.
After connecting, if I run
clientid=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
curl "http://209.222.18.222:2000/\?client_id=$client_id"
I then get the error `{"error":"bad client_id"}`. However, if I then do `echo $client_id`, copy the result, and manually replace it when I call `curl` again, then everything works out.
Any ideas?
url=$(printf '%s%s' "http://209.222.18.222:2000/\?client_id=" `head -n 100 /dev/urandom | sha256sum | tr -d " -"`)
curl $url
The previous method, though requiring the sending of credentials, worked without significant issues in all use cases. My script ran on a 5 minute timer, which was required to keep my forwarded port active, and by getting the port number each time it ran I could also make a sound to alert me if my connection was knackered.
The same cannot be said for this new approach. It introduces timing issues at startup and doesn't allow the re-retrieval of the port. This new method will still require me to constantly run my script and no longer provide me with a useful indication that PIA is still up. Worse yet, I can't set it on a 5 minute timer anymore, it will have to be on a 1 minute timer so it will get the port in the case I have to restart OpenVPN. This means more queries for PIA to handle, and I'm sure I'm not the only one so multiply that by many.
Here is my suggestion: rather than the client generating the random key, PIA will supply a random key upon request at any time without time limit. That key can then be used at any time to retrieve the port number. If the client requests the key again, a new key is returned without affecting the port in use. If an attempt is made using the old key, the client gets a warning that something fishy has happened.
This solves the following issues: key collision (you know it's going to happen from time to time), credentials presentation (also solved by this bad attempt), user driven key expiration (which is just good idea), and repeated port requests (which some people find useful).
Or you could just use the old approach and not require credentials. The new method doesn't need credentials, and the use of a key is just noise.
Are you guys going to fix the new port forwarding method, or should we go back to the old one for now?
Success: I can see your service on 212.**.107.** on port (3**71)
Your ISP is not blocking port 3**71
I was missing some iptables rules