If I already requested port forwarding when it expires? I'd like to create script and already "spoiled" two regions.
Or how to retreive port number if I didn't write it down?
Reconnecting should be enough. You may end up with the same port number, or not, but that should work to test your script.
Basically when you connect to a server, it (presumably because I haven't checked, there's other ways to do the exact same thing) spins up a temporary server for 2 minutes that, when hit, assigns you a port number, sets up the forwarding, returns the port to you and then turns itself off. The port forwarding then lasts until you disconnect.
Im gonna be leaving PIA to when my subscription is up. I didnt think with a VPN provider u also needed to be some sort of code wizard in order to get port forwarding to work.
I installed the latest linux version v78, and I no longer get the port # in my tooltip. Is there a command I can run to get it for now? It was working fine in v76.
The Tooltip just says: "Private Internet Access - You are connected (CA Toronto)"
I am on Ubuntu 7.10
I have restarted machine, tried other servers, toggled settings on and off.
I'm really new to this stuff, so if someone could simplify things it would be much appreciated. I'm running Freenas with Transmission on it. I have Merlin firmware on a Asus AC5300 router, with PIA running on the router. How do I go about using the port forwarding script to open up the port for transmission. Do I run it from the Freenas shell, what is the full script? Thank you.
@pf1F Try connecting to another region or restarting the app a few times. There's some occasional issues with port forwarding still being investigated, but in the meantime just reconnecting and trying again usually works.
Also, this way of querying the VPN daemon unfortunately no longer works. It has moved to a subscription based event bus, so those are now streamed instead of polled.
@bigdog5000 For this to work you will need to run the script (or the curl command itself) on the router and then expand the script to also configure port forwarding on your router to redirect that forwarded port to the final destination, your Freenas. That tends to be somewhat messy and complicated and will be specific to Merlin in your case.
I usually recommend to set up the VPN directly to the freenas machine and set the VPN up there so you don't have to do all the configuration.
I'm connecting my Synology NAS to the Sweden node, but when running the script I'm getting the error "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding". Is it not possible to open ports on this region anymore? It worked with the old system.
I'm connecting my Synology NAS to the Sweden node, but when running the script I'm getting the error "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding". Is it not possible to open ports on this region anymore? It worked with the old system.
That's what Max is saying no longer works in response to my post. Max-P said:
@pf1F Try connecting to another region or restarting the app a few times. There's some occasional issues with port forwarding still being investigated, but in the meantime just reconnecting and trying again usually works.
Also, this way of querying the VPN daemon unfortunately no longer works. It has moved to a subscription based event bus, so those are now streamed instead of polled.
I've tried it all except downgrading to v77 which I'm going to try now.
Downgrading didn't work and I don't want to figure out why it doesn't launch right now or what I need to remove so v77 will work.
Ok I found the answer. There are TWO problems. The ubuntu tooltip isn't updating. AND Some of the servers are returning CONNECTION RESET BY PEER. If you turn on debugging logs and switch servers you'll find your port eventually by grepping the debug log:
grep -a "Forwarded port:" ~/.pia_manager/log/pia_manager.log
should be the last one if you got one.
It works for now! Hope this helps you fix the next build PIA.
This tooltip on unbuntu always seems to have troubles. I would suggest throwing it on the SETTINGS LOCKED screen as well as a backup since these tooltips have gotten broken twice now.
@machinemade Port forwarding has temporarily been disabled on the Sweden region due to it having some connectivity issues. PF will be enabled again on that region once the connectivity issue is resolved (likely by switching datacenter). Sorry for the inconvenience. Please use another region in the meantime.
null
Thank you for the feed back appreciated. I will try the router route. It's the reason I came to PIA. Trying to keep the main connection for streaming 4ks. These are on the local network using Plex. We have 3, tvs doing it. Goal is to try and keep our main resources for that. Once again thanks for the response.
@machinemade Port forwarding has temporarily been disabled on the Sweden region due to it having some connectivity issues. PF will be enabled again on that region once the connectivity issue is resolved (likely by switching datacenter). Sorry for the inconvenience. Please use another region in the meantime.
I've tried Norway, Denmark and Finland, and I'm getting the same error on all of them. Are none of the nordic regions open to port forwarding?
@machinemade Port forwarding has temporarily been disabled on the Sweden region due to it having some connectivity issues. PF will be enabled again on that region once the connectivity issue is resolved (likely by switching datacenter). Sorry for the inconvenience. Please use another region in the meantime.
I've tried Norway, Denmark and Finland, and I'm getting the same error on all of them. Are none of the nordic regions open to port forwarding?
@machinemade Nope none of those support port forwarding, take a look here for an up to date list:-
@Max-P ; what i would REALLY like is a way of getting an up to date list of endpoints that support port forwarding in a programmatic fashion (API request ideally), is this possible? if not any chance of the API being enhanced to support this?, having to monitor some randomly posted FAQ squirreled away on the PIA website is NOT fun.
Gives me the error message: Loading port forward assignment information... Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
This is all within a script that stops OpenVPN, starts it again, then straight away (within 2 minutes) checks the forwarded IP. I'm connecting to Switzerland server. Why is this so difficult? Why does it have to be in 2 minutes? Why not just give me the port number whether I ask once, twice, or fifty times? I don't need a new port each time, I'd just like to be able to port forward.
@machinemade Port forwarding has temporarily been disabled on the Sweden region due to it having some connectivity issues. PF will be enabled again on that region once the connectivity issue is resolved (likely by switching datacenter). Sorry for the inconvenience. Please use another region in the meantime.
I've tried Norway, Denmark and Finland, and I'm getting the same error on all of them. Are none of the nordic regions open to port forwarding?
@machinemade Nope none of those support port forwarding, take a look here for an up to date list:-
Netherlands also, and a lot of other europeans countries seem to be unavailable for port forwarding since 2 days? Please confirm it is a temporary situation ; those regions were the favorite ones for most of europeans VPN customers.
We've recently introduced a new port forwarding API. This one's simpler, more reliable, and will be replacing the port forwarding API all of you fine folks currently use.
To run this script, simply download, make sure it has the correct permissions, and then you should be free to run it. Or, these commands in your terminal:
For an easy way to calculate the client ID, take a look at the script above.
Once you've sent this request, the API should return json containing the port number:
{"port":49645}
Then, this port should be available for you to use!
Keep in mind that this new API will be replacing the old one, and that the old API located at vpninfo/port_forward_assignment will be discontinued sometime soon.
I've also got some considerations to remember while using this API:
This request is handled locally by the gateway you're connected to.
You can only request one port per connection.
With the new API, you no longer need to 'poll' the API periodically to keep the forwarded port open. As such, you only need to query the API once to open up the port.
When a port is forwarded, you will not be able to connect to that port from the public IP that initiated the OpenVPN connection. To confirm port forwarding is working, retrieve a port using the API and run a command like this to listen on it:
ncat -l <port>
After this, you can use an online testing site to confirm that port's open on your VPN gateway.
Hopefully this lets you update your scripts to use the new API and interoperate nicely with it! For more guidance on error-handling, feel free to dig into the script above, and if there are any issues feel free to post in here and I can take a look.
Netherlands stoppd working for port forward, came here, checked the list. Seems Netherlands is not on the port forward list anymore. Fair enough, Switzerland is on there, downloaded everything agian. New openvpn files and the .sh. Still cant port forward for any location. "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
[EDIT] I got Germany to work, maybe you need to update your port forward list again. Cant connect to Switzerland
I have been unable to get this working properly. I run the script and get a response back providing the port that is supposedly forwarded, however when trying to access that port over the IP address provided by PIA, it cannot get through. I have no problem validating the open port when using my ISP provided IP address.
So far, I have tried both Toronto and Montreal gateways. Has anybody been able to get this to work properly via these gateways ?
for anyone having trouble d4rkcat's script works perfectly -- either with the built in -p option (for port forwarding) or through PIAs new script.
I believe it has something to do with us directly running openvpn from console -- as his script drops to a daemon at the end and stays running in the background with an option to kill it from the terminal it ran from. I believe that is why, for some reason, the new port forwading doesnt work unless we all write scripts similar to d4rkcat.
Im not sure exactly the reason for it -- my reasoning was a guess and nothing more (not even an educated one really) -- but it DEFINITELY has something to do with directly running openvpn from console to connect. there is a very specific reason we had this problem, but his script works.
Im gonna be leaving PIA to when my subscription is up. I didnt think with a VPN provider u also needed to be some sort of code wizard in order to get port forwarding to work.
Im off to NordVPN soon.
I dont think it willl be much different no matter where you go on linux. quite simply, there are too many distros for PIA to provide a client (unless they make a minimal script one like d4rkcat) -- binaries simply cannot be compatible from distro-to-distro like windows...
so your gonna be stuck scripting stuff no matter what.
if you dont like writing scripts then perhaps linux is not really the right OS for you... sure, today we have easy distros -- but the easiest of them (ubuntu/debian) support proprietary clients.
otherwise, if your using any other distro your pretty much assumed to be an IT pro, hobbyist, or otherwise educated individual. the power of linux comes not because its free, but because its flexible and lets you do anything you want as long as you know how to do it.
Im not trying to be an elitist prick, but I doubt even nordVPN is going to have a good offering for port forwarding and client settings across all linux distributions. its pretty much impossible, and im very thankful they dont hide all the openvpn settings under proprietary software -- otherwise there would be no way at all to access them even if you connected via openvpn directly.
Netherlands stoppd working for port forward, came here, checked the list. Seems Netherlands is not on the port forward list anymore. Fair enough, Switzerland is on there, downloaded everything agian. New openvpn files and the .sh. Still cant port forward for any location. "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
[EDIT] I got Germany to work, maybe you need to update your port forward list again. Cant connect to Switzerland
Ok so I am trying to run a script that gets the port number and the ip after openvpn connects. But I always get an error ! Many here are having the same problem. I found the reason here. Openvpn DOESN'T ALLOW ANY CONNECTION OUT UNTIL THE UP SCRIPT FINISH RUNNING ! For security, but headache for me !
The solution is using nohup ! Here are my configs :
I also had trouble that the rc.local wasn't run before openvpn.service started, resulting in the tun0 device not beeing created and vpn not connecting. Was ok on Ubuntu 16, but stopped working on 17. so I disabled openvpn : systemctl disable openvpn
In Viscosity I’m running PIA’s Toronto connection, which allows port forwarding.
The result I get in Script Editor is:
"Loading port forward assignment information...
{\"port\":23422}"
I’m psyched to have gotten this far. I can now go into Transmission, enter 23422 into the Peer listening port, and I see the Port is open.
So, what I’d love to do next is have the port forwarding be more automated. What I like about Viscosity is that it’s way more stable than PIA’s client. And it’s a real plug and play. It comes on automatically and my browsers work great with it (not always the case with PIA’s client). What I don’t like about Viscosity is that, without port forwarding, my torrent client doesn’t seed effectively.
What do I do next with Viscosity? I see that under the connection in the Advanced tab I can point the app to “Before Connect Script” or “Connected Script.” I’m assuming I could use one of these to point to the script I saved in Script Editor. But, then I’m not sure where to find the port path that seems to be different each time I connect.
The only way this script works for me is to escape the question mark, "/\?client_id" and connect using the PIA app. If I try to use Viscosity I get this message every time:
Loading port forward assignment information... Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
Is there something I missed that allows this script to work with other applications?
This might not necessary be a specific problem related to this script, but I cant get my script to work with "up" command in the conf.
My script IS launched but can´t call the port_forwarding script.. If I run the script manually it works like a charm.. but when launched from openvpn... not so good.. I have tried with absolute path, but still no luck. The script it self works, but not getting the result from port_forward (kind of the whole idea).. Im banging my head here.. can anyone point me in the right direction?
Script as follow (don´t judge me.. Im not a coder!)
#!/bin/sh -e
log=/etc/openvpn/pia_script/log.txt
sleep 5
-- THIS PART IS NOT WORKING (when launched from openvpn) --
port=$(/bin/sh -c /etc/openvpn/pia_script/port_forwarding.sh| /usr/bin/grep -o '[[:digit:]]*') -- END --
echo $port
echo "" >> $log
echo "------------------------" >> $log
date -u >> $log
if [ "$port" -eq "$port" ] 2>/dev/null; then
echo $port > /etc/openvpn/pia_script/pia_port.txt
echo "Got the following port: $port" >> $log
echo "Reconfiguring and restarting ruTorrent" >> $log
sed -i "s/\(port_range =\)\(.*\)/\1 $port-$port /" /config/rtorrent/rtorrent.rc
-- THIS PART IS NOT WORKING (when launched from openvpn) --
port=$(/bin/sh -c /etc/openvpn/pia_script/port_forwarding.sh| /usr/bin/grep -o '[[:digit:]]*') -- END --
Think I found the problem.. OpenVPN option "up" is triggered before you actually get the IP from PIA Hence the script wont work.. solution is quite simple.. get the script to wait.. I just put: (sleep 10 SCRIPT_GOES_HERE ) &
Comments
Or how to retreive port number if I didn't write it down?
Basically when you connect to a server, it (presumably because I haven't checked, there's other ways to do the exact same thing) spins up a temporary server for 2 minutes that, when hit, assigns you a port number, sets up the forwarding, returns the port to you and then turns itself off. The port forwarding then lasts until you disconnect.
Im off to NordVPN soon.
The Tooltip just says: "Private Internet Access - You are connected (CA Toronto)"
I am on Ubuntu 7.10
I have restarted machine, tried other servers, toggled settings on and off.
Also
echo '{"cmd": "status"}' | nc 127.0.0.1 31743just hangs and never returns.I'm really new to this stuff, so if someone could simplify things it would be much appreciated. I'm running Freenas with Transmission on it. I have Merlin firmware on a Asus AC5300 router, with PIA running on the router. How do I go about using the port forwarding script to open up the port for transmission. Do I run it from the Freenas shell, what is the full script? Thank you.
Also, this way of querying the VPN daemon unfortunately no longer works. It has moved to a subscription based event bus, so those are now streamed instead of polled.
@bigdog5000 For this to work you will need to run the script (or the curl command itself) on the router and then expand the script to also configure port forwarding on your router to redirect that forwarded port to the final destination, your Freenas. That tends to be somewhat messy and complicated and will be specific to Merlin in your case.
I usually recommend to set up the VPN directly to the freenas machine and set the VPN up there so you don't have to do all the configuration.
Is it not possible to open ports on this region anymore? It worked with the old system.
Max-P said: I've tried it all except downgrading to v77 which I'm going to try now.
Downgrading didn't work and I don't want to figure out why it doesn't launch right now or what I need to remove so v77 will work.
should be the last one if you got one.
It works for now! Hope this helps you fix the next build PIA.
This tooltip on unbuntu always seems to have troubles. I would suggest throwing it on the SETTINGS LOCKED screen as well as a backup since these tooltips have gotten broken twice now.
Thank you for the feed back appreciated. I will try the router route. It's the reason I came to PIA. Trying to keep the main connection for streaming 4ks. These are on the local network using Plex. We have 3, tvs doing it. Goal is to try and keep our main resources for that. Once again thanks for the response.
Are none of the nordic regions open to port forwarding?
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219460187-How-do-I-enable-port-forwarding-on-my-VPN-
@Max-P ; what i would REALLY like is a way of getting an up to date list of endpoints that support port forwarding in a programmatic fashion (API request ideally), is this possible? if not any chance of the API being enhanced to support this?, having to monitor some randomly posted FAQ squirreled away on the PIA website is NOT fun.
Gives me the error message: Loading port forward assignment information... Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
This is all within a script that stops OpenVPN, starts it again, then straight away (within 2 minutes) checks the forwarded IP. I'm connecting to Switzerland server. Why is this so difficult? Why does it have to be in 2 minutes? Why not just give me the port number whether I ask once, twice, or fifty times? I don't need a new port each time, I'd just like to be able to port forward.
Please confirm it is a temporary situation ; those regions were the favorite ones for most of europeans VPN customers.
Still cant port forward for any location.
"Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
[EDIT]
I got Germany to work, maybe you need to update your port forward list again. Cant connect to Switzerland
So far, I have tried both Toronto and Montreal gateways. Has anybody been able to get this to work properly via these gateways ?
I believe it has something to do with us directly running openvpn from console -- as his script drops to a daemon at the end and stays running in the background with an option to kill it from the terminal it ran from. I believe that is why, for some reason, the new port forwading doesnt work unless we all write scripts similar to d4rkcat.
Im not sure exactly the reason for it -- my reasoning was a guess and nothing more (not even an educated one really) -- but it DEFINITELY has something to do with directly running openvpn from console to connect. there is a very specific reason we had this problem, but his script works.
But I always get an error ! Many here are having the same problem. I found the reason here. Openvpn DOESN'T ALLOW ANY CONNECTION OUT UNTIL THE UP SCRIPT FINISH RUNNING ! For security, but headache for me !
The solution is using nohup !
Here are my configs :
#End of /etc/openvpn/client.conf :
#UFW RULES
mkdir /etc/pia -p
touch /etc/pia/forwarded.port
touch /etc/pia/public.ip
chmod g+w /etc/pia/forwarded.port
chmod g+w /etc/pia/public.ip
I also had trouble that the rc.local wasn't run before openvpn.service started, resulting in the tun0 device not beeing created and vpn not connecting. Was ok on Ubuntu 16, but stopped working on 17.
so I disabled openvpn :
systemctl disable openvpn
And start it from rc.local after tun is created.
After all that, IT WORKS LIKE A CHARM !!
Here’s what I’ve been able to do (with admittedly little understanding of what I’m doing).
[Here's a link to Viscosity's instructions: http://www.sparklabs.com/support/kb/article/running-applescripts-when-connected-disconnected/]
3. I set up Viscosity to connect automatically to PIA's port forwarding enabled Toronto connection
5. I changed my notification settings not to notify me when Viscosity connects, and to notify me when a script is active
So, now what happens is every time Viscosity connects to PIA Toronto I see a notification with a new port forwarding ID.
This seems to be a decent solution to the problem.
Anyone have something that's better (and that you can explain clearly to a novice).
Is there something I missed that allows this script to work with other applications?
Really could use some help here. Thanks.
This might not necessary be a specific problem related to this script, but I cant get my script to work with "up" command in the conf.
My script IS launched but can´t call the port_forwarding script..
If I run the script manually it works like a charm.. but when launched from openvpn... not so good..
I have tried with absolute path, but still no luck. The script it self works, but not getting the result from port_forward (kind of the whole idea)..
Im banging my head here.. can anyone point me in the right direction?
Script as follow (don´t judge me.. Im not a coder!)
-- THIS PART IS NOT WORKING (when launched from openvpn) --
-- END --
OpenVPN option "up" is triggered before you actually get the IP from PIA
Hence the script wont work..
solution is quite simple.. get the script to wait..
I just put:
(sleep 10
SCRIPT_GOES_HERE
) &
problem solved!