Yes I modified it a bit as I am using split tunnelling, to route request thru the VPN
#request new port echo 'Loading port forward assignment information...' client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` json=`curl --interface tun0 "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null` if [ "$json" == "" ]; then json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding' exit 1 fi
Also you must calculate $client_id the actual request will look something like
Yes I modified it a bit as I am using split tunnelling, to route request thru the VPN
#request new port echo 'Loading port forward assignment information...' client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` json=`curl --interface tun0 "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null` if [ "$json" == "" ]; then json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding' exit 1 fi
Also you must calculate $client_id the actual request will look something like
And dont forget you must make this request within 2 minutes of connecting to the VPN
Are you using split tunnelling to force torrent traffic through vpn? If so, and in case I'm so lucky that you're running Transmission as well, could you provide the steps you followed to get port forwarding working on that configuration?
It seems that if you re-use your client ID between requests to the API it will return the currently active port forward. When I read how to use the previous version of this API that was actually the recommended way to use it so I just gave it a go and it worked.
You can modify port_forward_assignment function in port_forwarding.sh to persist the client ID and only generate one if missing like below:
port_forward_assignment( )
{
echo 'Loading port forward assignment information...'
if [ ! -f ~/.pia_client_id ]; then
if [ "$(uname)" == "Linux" ]; then
head -n 100 /dev/urandom | sha256sum | tr -d " -" > ~/,pia_client_id
fi
if [ "$(uname)" == "Darwin" ]; then
head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > ~/.pia_client_id
fi
fi
client_id=`cat ~/.pia_client_id`
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
echo $json
}
I cannot figure this out. I keep getting the following when i try running the last command.
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
I am definitely using a gateway that has port forwarding (CA Toronto) and using the Viscosity OpenVPN. Connection works fine but i cannot locate the open pot for the life of me.
DO NOT port forward on self hosted media server it destroys connection wiping PIA leftovers and reg helps none reverting does not either.
Not everyone has router access or can use their own via providers TOS
I tried this killed my connect even closing PIA kept it killed, reinstalled OS tick Kill Switch and DNS leak bam doing it again vers 70 71 72 so it somehow blocks router signal to everything in house, kills it actually.
Use those over 1.5 years no problem and media servers been on system no issue ever
It seems that if you re-use your client ID between requests to the API it will return the currently active port forward. When I read how to use the previous version of this API that was actually the recommended way to use it so I just gave it a go and it worked.
You can modify port_forward_assignment function in port_forwarding.sh to persist the client ID and only generate one if missing like below:
port_forward_assignment( )
{
echo 'Loading port forward assignment information...'
if [ ! -f ~/.pia_client_id ]; then
if [ "$(uname)" == "Linux" ]; then
head -n 100 /dev/urandom | sha256sum | tr -d " -" > ~/,pia_client_id
fi
if [ "$(uname)" == "Darwin" ]; then
head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > ~/.pia_client_id
fi
fi
client_id=`cat ~/.pia_client_id`
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
echo $json
}
Hope this helps!
Q1 I tried what you recommended but i still receive a new port number after a reconnection. I tried to not touch it but transmission would show my previous port as being closed. Running the script you provided above gives me a new port.
Q2 Ok, i got it to work and it works great. Now i need to automate it. Oddly enough, if the script is part of the scripts to launch in Viscosity, it wont work. Yet if i run the command from apple script manually, it launches just fine. I have the script added to the sudo list to always run as admin and i even went the extra mile to add the "with admin privileges" code in the script.
Q3 Alright, managed to finally get the scripts to work. Now im having an issue with the port. It shows as open in transmission but closed in Plex. Im going to assume its running via tcp and not udp? But my VPN connection for CA Toronto is setup as UDP. How come its not allowing multiple apps to run through one port?
I made a minor improvement to port_forwarding.sh. It should be more cross-platform friendly, by checking directly for the sha256 utilities, rather than assuming based on the platform name. This should make it compatible out of the box with FreeBSD and others. PIA is welcome to adopt this as an official version.
Hey. Newbie here. PIA via openvpn on Linux with deluge.
How do I actually use the port_forwarding.sh script? Do I put it in the up.sh file?
Now some things I'm reading says it'll open the port for deluge. But what about the webui for deluge? How do I open a port for that? I'm unable to right now. And what about a port to ssh into Linux remotely? How do I get more ports? Or at least how do I implement this script? Thanks
I then get the error `{"error":"bad client_id"}`. However, if I then do `echo $client_id`, copy the result, and manually replace it when I call `curl` again, then everything works out.
Is there a definitive way to get the current forwarded port from the Windows PIA Client app (the one you see when hovering over the tray icon)? My computer sleeps after a while and when it wakes up it seems the port changes. Ideally I'd like to update my torrent client with the new port (and I can write a small app to do that as long as I can retrieve the port from the client app somehow)
Hey John,
I had the same error "{"error":"bad client_id"}". The code in the script doesn't work for Cygwin, because it doesn't parse the client_id the right way. I've ran echo `head -n 100 /dev/urandom | sha256sum | tr -d " -"` a few times and the sha256 string always ended in "[long string] *-". So I modified -d " -" with -d " *-" and voilá, it worked. If you also want to run this script in Windows, make sure you download wget and curl during installation/setup of Cygwin. Then simply execute with sh [scriptname].
As for you, in your 1st and 2nd quote, you have clientid vs client_id, notice the "_", hence it won't work, because $client_id is empty, which the error indicated.
As for your 3rd quote, you can use the same client_id (without generating a random new one). This way, the assigned forwarding port will remain unchanged I think. At least, it worked this way before the new api where you had to provide your username and password. Haven't tested it though. This is a great option if you do it manually, since setting forwarding port in program_server/router_firewall takes time, BUT, it will reduce privacy and security, so I'd advise to change it periodically. If you got a fully automated script, then it's okay to have a new forwarding port each time you connect. I'm doing it manually, since I can't get it to work automatically in pfSense (yet). Going the powershell route to only use it for a certain program, not on the firewall anymore, which was a very bad idea.
Hope this helps you and others with the same problem. This api is awesome, so is pia and its team.
Oh and by the way, when you get error "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding", simply break down the code until you narrow down where the actual error is. That's how I found out what was wrong and fixed it.
For me, it was only checking 2 lines of code (+2 to check its output): CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` echo $CLIENT_ID PORT=`curl "http://209.222.18.222:2000/?client_id=$CLIENT_ID"` echo $PORT
Do I need to run this script every time I connect, or is it a one time thing?
Every time you connect. While reconnecting, you may end up reconnecting to another server in the same region, or obtain a new IP on the same server as the server will still see you as a new session. So port forwarding also needs to be set again as well.
A good place to put this is your OpenVPN up script as it conveniently is run exactly at the right moment for that.
Do I need to run this script every time I connect, or is it a one time thing?
Every time you connect. While reconnecting, you may end up reconnecting to another server in the same region, or obtain a new IP on the same server as the server will still see you as a new session. So port forwarding also needs to be set again as well.
A good place to put this is your OpenVPN up script as it conveniently is run exactly at the right moment for that.
Thank you for that input.
But the port will change every time right? So now the question is, how can I automatically update my port forward in my NAT and tell my application which port to use, so I don't constantly have to monitor it...
Do I need to run this script every time I connect, or is it a one time thing?
Every time you connect. While reconnecting, you may end up reconnecting to another server in the same region, or obtain a new IP on the same server as the server will still see you as a new session. So port forwarding also needs to be set again as well.
A good place to put this is your OpenVPN up script as it conveniently is run exactly at the right moment for that.
Thank you for that input.
But the port will change every time right? So now the question is, how can I automatically update my port forward in my NAT and tell my application which port to use, so I don't constantly have to monitor it...
The port will change if you are forced to re-connect to another server, it may also change after reconnecting to the same server or after a reboot.
I made a minor improvement to port_forwarding.sh. It should be more cross-platform friendly, by checking directly for the sha256 utilities, rather than assuming based on the platform name. This should make it compatible out of the box with FreeBSD and others. PIA is welcome to adopt this as an official version.
thank you so much for this! The other script didn't work for me using Tomato on my Netgear router. I managed to install optware and the sha256sum utility along with bash that let me run it.
For some reason the previous script doesn't work for me, I assume because I am trying to run on such a closed platform.
Do you have any idea how I can combine your script with the part by @bozog that is used to automatically insert the given port into transmission?
I would use his entire script but it gives me errors in formatting.
port_forward_assignment( ) { client_id_file="/etc/openvpn/pia_client_id" if [ ! -f "$client_id_file" ]; then if hash shasum 2>/dev/null; then head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file" elif hash sha256sum 2>/dev/null; then head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file" else echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH" exit 1 fi fi client_id=`cat "$client_id_file"` json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null` if [ "$json" == "" ]; then json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding' fi echo $json } #trim VPN forwarded port from JSON PORT=$(echo $json | awk 'BEGIN{r=1;FS="{|:|}"} /port/{r=0; print $3} END{exit r}') #echo $PORT #change transmission port on the fly CURLOUT=$(curl -u $TRANSUSER:$TRANSPASS ${TRANSHOST}:9091/transmission/rpc 2>/dev/null) REGEX='X-Transmission-Session-Id\: (\w*)'
if [[ $CURLOUT =~ $REGEX ]]; then SESSIONID=${BASH_REMATCH[1]} else exit 1 fi DATA='{"method": "session-set", "arguments": { "peer-port" :'$port' } }'
Success! Working script below:
Dependencies:
transmission-remote - you can install the transmission-remote-openssl package through optware.
sha256sum - optware package coreutils-sha256sum
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
# script must be run within 2 mins of connecting to vpn server. Do not forget to reconnect/connect
# fill in your transmission username, password and hostname/ip below:
TRANSUSER=xxxxx
TRANSPASS=xxxxx
TRANSHOST=localhost
#now let the script do the work
Sleep 20
echo pausing to wait for vpn to connect and transmission to start
error( )
{
echo "$@ 1>&2
exit 1
}
error_and_usage( )
{
echo $@ 1>&2
usage_and_exit 1
}
usage( )
{
echo Usage: `dirname $0`/$PROGRAM"
}
usage_and_exit( )
{
usage
exit $1
}
version( )
{
echo "$PROGRAM version $VERSION"
}
port_forward_assignment( )
{
client_id_file="/etc/openvpn/pia_client_id"
if [ ! -f "$client_id_file" ]; then
if hash shasum 2>/dev/null; then
head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file"
elif hash sha256sum 2>/dev/null; then
head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file"
else
echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
exit 1
fi
fi
client_id=`cat "$client_id_file"`
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
echo server returned: $json
#trim VPN forwarded port from JSON
PORT=$(echo $json | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
echo if successful, trimmed port is:$PORT
#change transmission port on the fly
transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
echo here are your transmission credentials: host:$TRANSHOST username:$TRANSUSER password:$TRANSPASS
}
echo remember to run no longer than 2 mins after reconnecting/connecting to vpn server.
EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1
while test $# -gt 0
do
case $1 in
--usage | --help | -h )
usage_and_exit 0
;;
--version | -v )
version
exit 0
;;
*)
error_and_usage "Unrecognized option: $1"
;;
esac
shift
done
port_forward_assignment
exit 0
OpenVPN doesn't allow to pass external info whilst a script is being invoked so it wasn't possible to run this every time OpenVPN changed IP. As a result the dynamic port sharing feature is defunct for using transmission (or any torrent client for that matter) as there is no way to invoke the script automatically within 2mins of connection.
If PIA did what other providers did, have no NAT or at least a way to forward a static port manually online it wouldn't be an issue.
Even if they took away the 2 minute from connection limit when you initially reconnect.
It's working for 99%. The issue I've got is that when the script is called automatically, PIA does not allow calling the API (Curl HTTP://something). For now, I've left that part to an external monitor that will signal the VPN is UP and will react by calling the up.sh script.
Hmm, the OpenVPN up script should definitely be called every time the VPN connects and reconnects. I'm using a similar setup on my end (although more complicated because the machine that does VPN is not the same as the one that runs Transmission), but I've never had issues with it. Mine's been up for literally a month and a half now:
● [email protected] - OpenVPN tunnel for pia
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/[email protected]
└─override.conf
Active: active (running) since Tue 2017-09-19 10:45:49 EDT; 1 months 13 days ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPagehttps://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 26662 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn\x2dclient.slice/[email protected]
└─26662 /usr/sbin/openvpn --suppress-timestamps --nobind --config pia.conf
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private I
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: WARNING: 'link-mtu' is used inconsistently, local='link-mt
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: WARNING: 'cipher' is used inconsistently, local='cipher AE
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: WARNING: 'auth' is used inconsistently, local='auth SHA256
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: WARNING: 'keysize' is used inconsistently, local='keysize
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized wit
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: Data Channel Encrypt: Using 256 bit message hash 'SHA256'
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized wit
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: Data Channel Decrypt: Using 256 bit message hash 'SHA256'
nov 02 15:23:07 srv1.max-p.me openvpn[26662]: Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GC
OpenVPN does pass along a ton of information through environment variables. Try adding `env > /tmp/openvpn-env.txt` to your script and check the resulting file after connecting, you'll see that there's a lot of stuff!
Hey there. This thread was recommended to me as the best place to post my question. Can anyone provide simple, step-by-step instructions for how to enable port forwarding, using Viscosity (for Mac) to connect to PIA servers? PIA's client is pretty glitchy with my system. And, Viscosity has been a godsend, allowing PIA to wake and sleep with my OS. But, since running PIA through Viscosity, I miss the port forwarding capabilities. Neither PIA's nor Viscosity's support staff have been able to assist. Thx.
@Max-P is it not a good idea to be certain (with user confirmation) the basic VPN system is functioning before moving on to a more advanced issue? this condition is not presently in evidence.
I wanted to share with you all my solution for automatically querying the PIA new port forward API, because I think it's much better than all these bash scripts. The idea is really simple: leverage systemd to query the API as soon as the VPN network interface comes up, and write the result to a text file.
There's only one requirement, in your OpenVPN config file, name the VPN interface tun_pia. Then drop this unit file in /etc/systemd/system/pia-port.service and enable it! Now, every time your PIA connection will be up, you'll find your port forward number in the /run/pia_port text file.
Comments
Also you must calculate $client_id the actual request will look something like
And dont forget you must make this request within 2 minutes of connecting to the VPNYou can modify port_forward_assignment function in port_forwarding.sh to persist the client ID and only generate one if missing like below:
port_forward_assignment( ) { echo 'Loading port forward assignment information...' if [ ! -f ~/.pia_client_id ]; then if [ "$(uname)" == "Linux" ]; then head -n 100 /dev/urandom | sha256sum | tr -d " -" > ~/,pia_client_id fi if [ "$(uname)" == "Darwin" ]; then head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > ~/.pia_client_id fi fi client_id=`cat ~/.pia_client_id` json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null` if [ "$json" == "" ]; then json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding' fi echo $json }Hope this helps!
I am definitely using a gateway that has port forwarding (CA Toronto) and using the Viscosity OpenVPN. Connection works fine but i cannot locate the open pot for the life of me.
Not everyone has router access or can use their own via providers TOS
I tried this killed my connect even closing PIA kept it killed, reinstalled OS tick Kill Switch and DNS leak bam doing it again vers 70 71 72 so it somehow blocks router signal to everything in house, kills it actually.
Use those over 1.5 years no problem and media servers been on system no issue ever
Q1
I tried what you recommended but i still receive a new port number after a reconnection. I tried to not touch it but transmission would show my previous port as being closed. Running the script you provided above gives me a new port.
Q2
Ok, i got it to work and it works great. Now i need to automate it. Oddly enough, if the script is part of the scripts to launch in Viscosity, it wont work. Yet if i run the command from apple script manually, it launches just fine. I have the script added to the sudo list to always run as admin and i even went the extra mile to add the "with admin privileges" code in the script.
Q3
Alright, managed to finally get the scripts to work. Now im having an issue with the port. It shows as open in transmission but closed in Plex. Im going to assume its running via tcp and not udp? But my VPN connection for CA Toronto is setup as UDP. How come its not allowing multiple apps to run through one port?
It's available here: https://gist.github.com/robmathers/d22f1e501644051eea64068ff2427581
How do I actually use the port_forwarding.sh script? Do I put it in the up.sh file?
Now some things I'm reading says it'll open the port for deluge. But what about the webui for deluge? How do I open a port for that? I'm unable to right now. And what about a port to ssh into Linux remotely? How do I get more ports? Or at least how do I implement this script? Thanks
I had the same error "{"error":"bad client_id"}". The code in the script doesn't work for Cygwin, because it doesn't parse the client_id the right way. I've ran echo `head -n 100 /dev/urandom | sha256sum | tr -d " -"` a few times and the sha256 string always ended in "[long string] *-". So I modified -d " -" with -d " *-" and voilá, it worked. If you also want to run this script in Windows, make sure you download wget and curl during installation/setup of Cygwin. Then simply execute with sh [scriptname].
As for you, in your 1st and 2nd quote, you have clientid vs client_id, notice the "_", hence it won't work, because $client_id is empty, which the error indicated.
As for your 3rd quote, you can use the same client_id (without generating a random new one). This way, the assigned forwarding port will remain unchanged I think. At least, it worked this way before the new api where you had to provide your username and password. Haven't tested it though.
This is a great option if you do it manually, since setting forwarding port in program_server/router_firewall takes time, BUT, it will reduce privacy and security, so I'd advise to change it periodically. If you got a fully automated script, then it's okay to have a new forwarding port each time you connect.
I'm doing it manually, since I can't get it to work automatically in pfSense (yet). Going the powershell route to only use it for a certain program, not on the firewall anymore, which was a very bad idea.
Hope this helps you and others with the same problem. This api is awesome, so is pia and its team.
For me, it was only checking 2 lines of code (+2 to check its output):
CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
echo $CLIENT_ID
PORT=`curl "http://209.222.18.222:2000/?client_id=$CLIENT_ID"`
echo $PORT
A good place to put this is your OpenVPN up script as it conveniently is run exactly at the right moment for that.
But the port will change every time right? So now the question is, how can I automatically update my port forward in my NAT and tell my application which port to use, so I don't constantly have to monitor it...
The port will change if you are forced to re-connect to another server, it may also change after reconnecting to the same server or after a reboot.
thank you so much for this! The other script didn't work for me using Tomato on my Netgear router. I managed to install optware and the sha256sum utility along with bash that let me run it.
For some reason the previous script doesn't work for me, I assume because I am trying to run on such a closed platform.
Do you have any idea how I can combine your script with the part by @bozog that is used to automatically insert the given port into transmission?
I would use his entire script but it gives me errors in formatting.
awk: bad regex '{|:|}': Invalid preceding regular expression{"arguments":{},"result":"success"}
{"port":37482}
#!/usr/bin/env bash # # Enable port forwarding when using Private Internet Access # # Usage: # ./port_forwarding.sh # script must be run within 2 mins of connecting to vpn server. Do not forget to reconnect/connect # fill in your transmission username, password and hostname/ip below: TRANSUSER=xxxxx TRANSPASS=xxxxx TRANSHOST=localhost #now let the script do the work Sleep 20 echo pausing to wait for vpn to connect and transmission to start error( ) { echo "$@ 1>&2 exit 1 } error_and_usage( ) { echo $@ 1>&2 usage_and_exit 1 } usage( ) { echo Usage: `dirname $0`/$PROGRAM" } usage_and_exit( ) { usage exit $1 } version( ) { echo "$PROGRAM version $VERSION" } port_forward_assignment( ) { client_id_file="/etc/openvpn/pia_client_id" if [ ! -f "$client_id_file" ]; then if hash shasum 2>/dev/null; then head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file" elif hash sha256sum 2>/dev/null; then head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file" else echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH" exit 1 fi fi client_id=`cat "$client_id_file"` json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null` if [ "$json" == "" ]; then json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding' fi echo server returned: $json #trim VPN forwarded port from JSON PORT=$(echo $json | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}') echo if successful, trimmed port is:$PORT #change transmission port on the fly transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT" echo here are your transmission credentials: host:$TRANSHOST username:$TRANSUSER password:$TRANSPASS } echo remember to run no longer than 2 mins after reconnecting/connecting to vpn server. EXITCODE=0 PROGRAM=`basename $0` VERSION=2.1 while test $# -gt 0 do case $1 in --usage | --help | -h ) usage_and_exit 0 ;; --version | -v ) version exit 0 ;; *) error_and_usage "Unrecognized option: $1" ;; esac shift done port_forward_assignment exit 0
OpenVPN doesn't allow to pass external info whilst a script is being invoked so it wasn't possible to run this every time OpenVPN changed IP. As a result the dynamic port sharing feature is defunct for using transmission (or any torrent client for that matter) as there is no way to invoke the script automatically within 2mins of connection.
If PIA did what other providers did, have no NAT or at least a way to forward a static port manually online it wouldn't be an issue.
Even if they took away the 2 minute from connection limit when you initially reconnect.
For now, I've left that part to an external monitor that will signal the VPN is UP and will react by calling the up.sh script.
OpenVPN does pass along a ton of information through environment variables. Try adding `env > /tmp/openvpn-env.txt` to your script and check the resulting file after connecting, you'll see that there's a lot of stuff!
note you'll need to check the "use Username/Password authentication" box below "Authentication: Type:"
next refer to https://www.privateinternetaccess.com/forum/discussion/comment/49610/#Comment_49610
@p4830932 Have you tried just setting this script from the first post of this thread in Viscosity, and if yes what's the issue with it? https://www.privateinternetaccess.com/installer/port_forwarding.sh
I wanted to share with you all my solution for automatically querying the PIA new port forward API, because I think it's much better than all these bash scripts. The idea is really simple: leverage systemd to query the API as soon as the VPN network interface comes up, and write the result to a text file.
There's only one requirement, in your OpenVPN config file, name the VPN interface tun_pia. Then drop this unit file in /etc/systemd/system/pia-port.service and enable it! Now, every time your PIA connection will be up, you'll find your port forward number in the /run/pia_port text file.
I made a complete recipe for setting up PIA, OpenVPN, rTorrent and ruTorrent, so if you're interested take a look: https://gitlab.com/jcharaoui/rtorrent_pia