Port Forwarding Without The Application (Advanced Users)

1235715

Comments

  • I understand why PIA doesn't want to provide an updater for individual applications, but the built-in application should have some sort of scripting application for when the port changes.

    At the very least, let us make some REST calls w/ basic variable passing, that would cover 99% of your use cases.  Even an IFTTT call would be better than nothing.
  • edited April 2013
    Hi, it seems that no matter which port-forward enabled gateway I connect to, I get the following:

    {"error":"port forwarding not available for this region"}

    I am positive that my POST string is correct. Values I censored are enclosed in <> below. They only contain alphanumeric characters, by the way:

    [[email protected]<hostname> ~]# echo $user,$pass,$cid,$ip
    <username>,<password>,3be4b7ed749d87031841de95d8378b0b,10.163.1.6

    The local IP is for CA Toronto, and I get a port number with the PIA application just fine.

    However:

    [[email protected]<hostname> ~]# curl -d "user=$user&pass=$pass&client_id=$cid&local_ip=$ip" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment
    {"error":"port forwarding not available for this region"}

    What am I doing wrong here guys?

    Much appreciated.

    Edit: The only cause I can think of is that I changed the client_id string in the course of troubleshooting (and unfortunately lost the original one). Is there a way to reset it if my account somehow became associated with the original one I used?

    Also, thought I'd mention Support for a quicker response.

  • edited April 2013
    Edit: Removed
    UTHOST=`awk "/^host/ {print \\$2}" $CONF`
    UTPORT=`awk "/^port/ {print \\$2}" $CONF`
    UTUSER=`awk "/^user/ {print \\$2}" $CONF`
    UTPASSWD=`awk "/^passwd/ {print \\$2}" $CONF`
    UTTOKEN=`curl -s -u "$UTUSER:$UTPASSWD" "http://$UTHOST:$UTPORT/gui/token.html" | sed -e 's/<[^>][^>]*>//g' -e '/^ *$/d'`
    if [[ -z "$UTTOKEN" ]]; then
        logger "api.sh[18]: Get token failed. Is uTorrent Web UI enabled?"
        exit 1
    fi
    curl -s "http://$UTHOST:$UTPORT/gui/?action=setsetting&s=bind_port&v=$VPN_PORT&token=$UTTOKEN"
    logger "api.sh: http://$UTHOST:$UTPORT/gui/?action=setsetting&s=bind_port&v=$VPN_PORT&token=$UTTOKEN"
    Finally add a couple of configuration scripts. The first prevents any possibility of leaking packets from the LAN to WAN. All traffic must go through the VPN.

    Tomato >> Administration >> Scripts >> Firewall
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    The second script causes traffic from the VPN to be evaluated by the upnp prerouting rules. This assumes you have enabled NAT-PMP on the LAN as described below. The upnp forwarding rules are configured by the uTorrent application using the NAT-PMP protocol (must be enabled within uTorrent).

    Tomato >> Administration >> Scripts >> WAN Up
    iptables -t nat -A PREROUTING -i tun11 -j upnp
    @mornay I was able to get your script to determine the vpn port number working on my router, but I was woundering if it were possible to set a route from that port to a static port on my NAS.  The torrent client is Transmission, but there is not way to change the listening port remotely (at least to my knowledge).  My knowledge of iptables isn't that great so I woundering if you or someone else could provide some help?

    I found the below commands that implement forwarding to the same port number on my NAS, but I'm not sure how to modify them to forward to a static port number:
    iptables -t nat -A PREROUTING -p tcp --dport <your_port_number> -j DNAT --to-destination <your_destination_IP_address>
    iptables -A FORWARD -s <your_VPN_IP> -p tcp --dport <your_port_number> -j ACCEPT

    EDIT: it seems the --to-destination argument can also include a port number, this might be what I'm looking for!  The question is now, how can I flush only the existing rule while keeping my other iptable rules intact before specifying the new rule?
  • edited April 2013

    So, for Mac users with Viscosity and Transmission, here it is all in one script:
    This script is broken.

    A heavily modified version that binds all Transmission traffic to tun0 is at this gist.  Requires you to change username and password using Applescript.
    indolering,

    I assume this script needs to be run before launching Transmission (as you can't change the port, via the command line/plist while the application is running). That's cool as I already have a script that launches Transmission after I make the PIA connection, so I'll just run this script before launching Transmission.

    My question though—will this work (for testing purposes) with the PIA client (I use Viscosity, but for port forwarding, I've been testing with the PIA client so I can see what the port should be, etc.). Anyway, if I run this script, it does update the peer listening port in Transmission, but the port number that it's populating it with is different than the port listed in the PIA client?

    The thing is, Transmission is reporting both ports (the PIA indicated port, when I enter it manually) and the port that results from your script, as "open". Does that mean there's more than one port being forwarded to my IP and the PIA client sees one and your script sees another?

    Any insight would be appreciated (as I'd love to go back to using Viscosity and stop having to manually enter the port).

    Thanks,
    k.
  • Here is a modification of @mornay 's script to work with transmission.  Thanks for everyone's help!

    #!/bin/sh
    CONF="/opt/pia/api.conf"
    PIAURL="https://www.privateinternetaccess.com/vpninfo/port_forward_assignment"
    USER=`head -n 1 /etc/openvpn/client1/up`
    PASSWD=`tail -n 1 /etc/openvpn/client1/up`
    CLIENT_ID=`awk "/^apikey/ {print \\$2}" $CONF`
    VPN_IP=`ifconfig tun11 | grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+" | tr -d "a-z :"`
    VPN_PORT=`curl -s -d "user=$USER&pass=$PASSWD&client_id=$CLIENT_ID&local_ip=$VPN_IP" $PIAURL | grep -o "[0-9]*"`
    if [[ -z "$VPN_PORT" ]]; then
    logger "api.sh[8]: Failed to determine PIA VPN port."
    exit 1
    else
    logger "api.sh[8]: The PIA VPN port is $VPN_PORT"
    fi

    BTHOST=`awk "/^host/ {print \\$2}" $CONF`
    BTPORT=`awk "/^port/ {print \\$2}" $CONF`
    BTUSER=`awk "/^user/ {print \\$2}" $CONF`
    BTPASSWD=`awk "/^passwd/ {print \\$2}" $CONF`

    curlout=`curl -u $BTUSER:$BTPASSWD $BTHOST:$BTPORT/transmission/rpc 2>/dev/null`
    SESSIONID=`echo $curlout | awk -F"X-Transmission-Session-Id\: " '{print substr($2,0,48)}'`

    data='{"method": "session-set", "arguments": { "peer-port" :'
    data="$data $VPN_PORT } }"

    CURLRSP=`curl -u $BTUSER:$BTPASSWD http://$BTHOST:$BTPORT/transmission/rpc -d "$data" -H "X-Transmission-Session-Id: $SESSIONID"`
    logger "api.sh[28]: $CURLRSP"
  • I apologize to everyone who might be impatient with this request, but I'm not as familiar with port forwarding as everyone else. I can set it up on my router, but with an AT&T router, I'm not able to install something like DD-WRT on it. So, port forwarding with PIA is impossible at the router level.

    I'm on Ubuntu running Transmission. Can anyone direct me to a step-by-step instruction to set this up? Thank you in advance.
  • I'd like to second that request. There are plenty of other VPN providers that allow for a range of ports to be forwarded and I was under the impression that this would as well only to find out after signing up for a year that it isn't the case. It's 2013. People run multiple services. This service need to accommodate these needs. 
    I know these are shared IPs, but is there any chance we could eventually make a handful of requests with a small set of randomizer strings (instead of only one such string per system now), in order to open up multiple port forwarding s?  The unprivileged ports (or even just the high-numbered ports for short-lived connections) number in the tens of thousands so I hope they are not a scant resource. :-P

    I ask because with only one, I have to select a single one of my desktop's services to enable at a time when on the VPN, but that means seeding and backing up my system are mutually exclusive, not to mention blocking inbound SSH connections (which I use very regularly) if I forget to switch back to that before I leave my apartment.

    In short: the new port forwarding mechanism is awesome, thanks!  (And can we eventually use it to open a few more application's inbound ports?)

  • moomoo
    edited May 2013
    So, for Mac users with Viscosity and Transmission, here it is all in one script:

    # Set up a client ID and tuck it in a file in your home directory

    # NOTE: Only do this once, to create the initial file, PIA wants us to reuse this value

    # head -n 100 /dev/urandom | md5 > ~/.pia_client_id


    # Substitue USERNAME and PASSWORD with your own account info in the command below

    set vpn_ip to do shell script "ifconfig tun0 | grep inet | awk '{print $2}'" # get current ip of vpn interface

    set vpn_port to do shell script "curl -d \"user=USERNAME&pass=PASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=" & vpn_ip & "\" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment&nbsp;2>/dev/null|grep -oE \"[0-9]+\""

    do shell script "defaults delete org.m0k.transmission BindPort" # delete previous port value

    do shell script "defaults write org.m0k.transmission BindPort " & vpn_port & ""

    do shell script "defaults delete org.m0k.transmission BindAddressIPv4" #delete previously written ipv4binding value

    do shell script "defaults write org.m0k.transmission BindAddressIPv4 " & vpn_ip & "" #write current vpn ip into transmission.plist

    Save this as an AppleScript and use Viscosity to run it when the VPN tunnel is established. Configure Transmission with "randomize port on launch" UNchecked and "automatically map port" checked in the Network preferences.



    Thanks for the AppleScript to get Viscosity / Transmission connecting to ports. 

    I'm not an advanced user but I generally get by with a bit of assistance. I have saved the AppleScript as both a script and application. I have assosciated the script with my VPN connection (Thanks to this guide for Viscosity: http://www.sparklabs.com/support/running_applescripts_when_conn/) and the VPN connects however port is still closed (is there a specific port I should use?)

    How can I rectify this and get the AppleScript working with Viscosity so I can port forward with Transmission?

    I'm new to this, apologies.
  • edited May 2013
    I ask because with only one, I have to select a single one of my desktop's services to enable at a time when on the VPN, but that means seeding and backing up my system are mutually exclusive, not to mention blocking inbound SSH connections (which I use very regularly) if I forget to switch back to that before I leave my apartment.



    Why not configure your iptables (-t mangle) to forward your ssh listening port out your wan ip and then use your wan ip for ssh while the rest of the ports continue to use the vpn?  I did this on my router running tomato.

    See here: http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/ Post #9 & #35
  • How would someone port forward on freebsd?
  • So I have this as my AppleScript for Transmission/Viscosity on a mac:

    set

    vpn_ip to do shell script "ifconfig tun0 | grep inet | awk '{print $2}'" # get current ip of vpn interface


    set

    vpn_port to do shell script "curl -d \"user=PIAUSERNAME&pass=PIAPASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=" & vpn_ip & "\" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment&nbsp;2>/dev/null|grep -oE \"[0-9]+\""


    do shell script

    "defaults delete org.m0k.transmission BindPort" # delete previous port value


    do shell script

    "defaults write org.m0k.transmission BindPort " & vpn_port & ""


    do shell script

    "defaults delete org.m0k.transmission BindAddressIPv4" #delete previously written ipv4binding value


    do shell script

    "defaults write org.m0k.transmission BindAddressIPv4 " & vpn_ip & "" #write current vpn ip into transmission.plist

    Obviously I have removed my PIA username and password. I am getting the following result from AppleScript when I "run" the script to test it:

    error

    "sh: nbsp: command not found

      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                     Dload  Upload   Total   Spent    Left  Speed


      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

    100    92    0     0  100    92      0     63  0:00:01  0:00:01 --:--:--    98

    100   149  100    57  100    92     27     43  0:00:02  0:00:02 --:--:--    58

    100   149  100    57  100    92     27     43  0:00:02  0:00:02 --:--:--    58" number 1


    What am I doing wrong? Any help is appreciated. 
  • I was advised by PIA support my code has a slight error, (the "&nbsp;" part of the https link was wrong).

    I have now amended my code to the following: 

    set

    vpn_ip to do shell script "ifconfig tun0 | grep inet | awk '{print $2}'" # get current ip of vpn interface


    set

    vpn_port to do shell script "curl -d \"user=PIAUSERNAME&pass=PIAPASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=" & vpn_ip & "\"https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2> /dev/null|grep -oE \"[0-9]+\""


    do shell script

    "defaults delete org.m0k.transmission BindPort" # delete previous port value


    do shell script

    "defaults write org.m0k.transmission BindPort " & vpn_port & ""


    do shell script

    "defaults delete org.m0k.transmission BindAddressIPv4" #delete previously written ipv4binding value


    do shell script

    "defaults write org.m0k.transmission BindAddressIPv4 " & vpn_ip & "" #write current vpn ip into transmission.plist

    I now get the following error status in AppleScript when I try to "run" the script: 

    error "The command exited with a non-zero status." number 1 
     
    Any ideas?
  • Why not configure your iptables (-t mangle) to forward your ssh listening port out your wan ip and then use your wan ip for ssh while the rest of the ports continue to use the vpn?  I did this on my router running tomato.
    See here: http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/ Post #9 & #35
    Thanks for the reply, but SSH wasn't really the point. The fact remains that PIA only allows for a single forwarded port, no matter how many services you run. Even within a torrent client like Azureus/Vuze, it may require listening on two distinct TCP ports and a UDP port for good measure. And that's only one application. I also want to run a Tor relay. This policy is extremely limiting, in my opinion. 
  • Hi all,
    For those who are interested in, I adapt the powershell script for Vuze TCP port update.
    You could find it here : http://forum.vuze.com/thread.jspa?messageID=274658&#274658
    Thanks to the developers of the firsts versions.
    Regards.
  • edited May 2013
    Edit: Removed
  • Hey, I have been trying to accomplish port forwarding from my Pfsense 2.1 (beta) box which runs my
    PIA openvpn client. Hopefully someone can help me out a bit.

    The following command worked, to create the client ID:
    head -n 100 /dev/urandom | md5 > ~/.pia_client_id

    The following command needed to be changed:
    ifconfig tun0 | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip
    works when changed to:
    ifconfig OPT1  | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip

    The following command would not work when entered into Pfsene:
    curl ifconfig.me/ip|tee /tmp/vpn_external_ip
    My work around was to simply add the VPN IP address im connected to into

    a file named "vpn_external_ip" located in /tmp. I only connect to an individual

    IP. I do not use "us-east.privateinternetaccess.com" for example.

     

    Last and not least, is the Curl command:
    curl -d "user=USERNAME&pass=PASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment

    When I enter this final command, I get no output or confirmation. I am unsure whether or not
    this command can be used with Pfsense, or how to change it to make it work??

    Any insight would be great, as I would like to type up a Pfsense tutorial soon to help others

    as this is being requested more daily.
    Thank you very much :D
  • pfsense is not built on linux, as such some commands would be different.

    The curl command involves transmitting information to the PIA servers, and should return a port assignment. If you are absolutely sure that you transmit the correct information AND your selected server supports port forwards, you should file a bug report.
  • Thank you "VPN" for your insight. That is what I am specifically asking, is what would be the equivlant command in a bsd/pfsense environment. For example, if I enter IFCONFIG into the pfsense shell comand box, I will get the results directly under where it is entered, much like a mini terminal. When I enter the curl commands, It shows just what I have entered with no return. Im assuming that there are likely some quotations or slashes in the wrong places, but am unsure how to modify the scipt to work inside of bsd/pfsense?

  • I set up a debian box with transmission-daemon and a privateinternetaccess VPN.

    Here's an hourly cron script I came up with that does a lot of nice things:

    #!/bin/sh

    #This stores the current IP address assigned to the tunnel
    address=$(ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee)

    #This grabs the port number freed up for the tunnel
    #Things to change: USERNAME, PASSWORD, CLIENT_ID
    port=$(curl -d "user=USERNAME&pass=PASSWORD&client_id=CLIENT_ID&local_ip=$address" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null | grep -o '[0-9]*')

    #This changes the listening port for transmission-daemon
    #Things to change: TRANSMISSIONLOGIN, TRANSMISSIONPASSWORD
    transmission-remote --auth=TRANSMISSIONLOGIN:TRANSMISSIONPASSWORD -p $port

    #This changes the permission of items in my watch directory.  I use dropbox to queue file transfers when I'm away from home.  What this does is to change the owner/group of the *.torrent files to debian-transmission and moves the files to the local watch directory
    #Things to change: PATH-TO-DROPBOX-WATCH-DIR, LOCAL-WATCH-DIR
    chown debian-transmission /PATH-TO-DROPBOX-WATCH-DIR/*
    chgrp debian-transmission /PATH-TO-DROPBOX-WATCH-DIR/*
    mv /PATH-TO-DROPBOX-WATCH-DIR/* /LOCAL-WATCH-DIR/

    #This creates a temporary file that lists all transfers in transmission-daemon.  I run this cron job as root so I just put it in the root home folder.
    #Things to change: TRANSMISSIONLOGIN, TRANSMISSIONPASSWORD
    transmission-remote --auth=TRANSMISSIONLOGIN:TRANSMISSIONPASSWORD -l > /root/.transmission-output

    #This checks each line of the .transmission-output file to see whether the download is complete AND the seeding is finished.
    #If seeding is finished, it removes the file from the queue (but keeps the file locally)
    #Things to change: TRANSMISSIONLOGIN, TRANSMISSIONPASSWORD
    while read line
    do
        out=$(echo $line | grep 100\% | grep "Done" | grep "Finished" | awk '{ print $1 }')
    if [ $(echo "$out > 0" | bc 2>/dev/null) ]
    then
     transmission-remote --auth=TRANSMISSIONLOGIN:TRANSMISSIONPASSWORD -t$out --remove
    fi
    done < /root/.transmission-output

    rm /root/.transmission-output

  • edited May 2013
    @moo
    1) (If you haven't done this already... also do this once and once only as it won't open the ports with a different clientID) open terminal and copy/paste the following and press enter:

    head -n 100 /dev/urandom | md5 > ~/.pia_WHATEVERyouWANTtoNAMEthis

    2) Open AppleScript Editor. Only replace what is highlighted. Copy/Paste exactly as it is written only replacing w/the variables above. Also, I don't think you can put special characters like & and ! in you PW, change your PW if that's true(not sure).

    set Username to "USERNAME"
    set PW to "PASSWORD"

    set vpn_ip to do shell script "ifconfig tun0 | grep inet | awk '{print $2}'" # get current ip of vpn interface

    set vpn_port to do shell script "curl -d \"user=" & Username & "&pass=" & PW & "&client_id=$(cat ~/.pia_IDname)&local_ip=" & vpn_ip & "\" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE \"[0-9]+\""

    do shell script "defaults delete org.m0k.transmission BindPort" # delete previous port value

    do shell script "defaults write org.m0k.transmission BindPort " & vpn_port & ""

    do shell script "defaults delete org.m0k.transmission BindAddressIPv4" #delete previously written ipv4binding value

    do shell script "defaults write org.m0k.transmission BindAddressIPv4 " & vpn_ip & "" #write current vpn ip into transmission.plistUsername

    3a)If the end result isn't """ and you still have errors. Open Terminal and copy/paste/enter this:

    defaults write org.m0k.transmission BindPort "45678"

    3b) More copy/pasta:

    defaults write org.m0k.transmission BindAddressIPv4 "192.168.0.123"

    4) Run the script from Step 2 again. you shouldn't get the 'error "The command exited with a non-zero status." number 1'. you should be good at this point

    5) if you get get something along the lines of Domain (org.m0k.transmission) could not be found; do an application Reset aka delete the following file/folders:

    a. ~/Library/Caches/org.m0k.transmission
    b. ~/Library/Saved Application State/org.m0k.transmission.savedState
    c. ~/Library/Preferences/org.m0k.transmission.plist
    d. ~/Library/Preferences/org.m0k.transmission.LSSharedFileList.plist

    6) Open Transmission then quit Transmission and follow steps 2-3a+b. If it still shows an error then there's probably a typo or too many spaces. I've tested myself copy/pasting from the format it displays when I submit this and it works perfectly if you only replace what's highlighted, nothing more and nothing less.

    7) This is how you set it up to run though Viscosity after the connection to the VPN has been made. image
     
    8) After you click save make sure transmission is not running and disconnect and reconnect to the PIA server you just modified.
  • @bigbudd911: curl should be available for pfsense, maybe google how to install it.
    If it already is installed, maybe you do not get any output because the requested port assignment cannot be made, e.g. when using a PIA server which does not support port forwarding.

    You can try the port forwarding api from a browser to check if it works!

  • VPN - Thank you very much for the advice :D I will be giving this a shot again today when I get home from work.

    MacAir - Also thank you for that working script. In the event that I cannot get pfsense working, I would like to switch to a full Debian install as you have done. I have heard that running a full OS will slow things down a lot, is there any truth to this? Currently I have a 100mbit line, and can get 97mbps without my VPN running, and about 92-94mbps with pfsense running the VPN client. May be a stupid question, but I am assuming Debian could handle this? I have heard numerous times that a full linux distro can significantly slow things down (which was my entire reason for sellecting pfsense in the first place!)

     

    Thanks for the advice guys, it is greatly appreciated!

  • While pfsense is optimized for the exact scenario you use it for, a few more background services with a generic distro should not cause significant problems. Throughput on the VPN depends mainly on crypto speed and the hardware's ability to handle interrupts, at a fast enough rate so saturate a network link with small packets. If your hardware manages now, it will most likely manage with other operating systems.

    I'd probably have used pfsense myself if it came with decent IPv6 support.
  • edited May 2013
    I've got OpenVPN setup on a headless 12.04 LTS headless server. When I run the curl line it provides me with a port number. However that port number is not forwarding and any testing I do shows that the port is not open. Earlier in my troubleshooting i deleted the pia_client_id and am trying to determine if PIAs system is providing me the wrong port number or if there is another issue.

    Edit: Scratch that it was a configuration issue with Deluge not being able to set the port through the UI. Running it through the CLI fixed the issue.

  • Okay so good news. Lots of progress this week, havent had too much time to update. VPN - as it turns out, you were correct. The "curl" commands would not do anything, and I eventually found out that my pfsense install was corrupted. Did a clean install, and now I have progress. I can get the commands to entere successfully from shell. I get the correct port. However, now I am trying to get this to work with "Cron" so that the commands are run on a schedule.

    1st script, located in /etc/


    #!/bin/sh
    /sbin/ifconfig ovpnc1  | /usr/bin/grep "inet " | /usr/bin/cut -d\  -f2|/usr/bin/tee /tmp/vpn_ip

    And my Cron entry looks as follows:

    1   *   *   *   *   root   /usr/bin/nice -n20 /etc/script1

    It is set to run every minute. However, I enter the entry and reboot, and it still never outputs the file. I made this post on the pfsene board which has lots more info about my setup:

    http://forum.pfsense.org/index.php/topic,62771.0.html

    Any ideas guys? I am pretty sure that it is simply a syntax mixup that cron is having difficulty processing ( a space or slash). Thanks for everyhting so far guys, I am nearly there :D

  • I've been using port forwarding with Debian and openvpn using the Canadian gateways without issue for months.  However, for the past week or so, I've been unable to retrieve the forwarded port number using the scripts outlined in this thread.  Has something changed?  Is there some way I can reset my client ID or something?

    Thanks for any assistance...

  • @LarksTongue: The ClientID is just generated randomly. You should be able to just generate a new one.
  • I have the script working in applescript, but everytime I run it, it gives me a different port. Any of these ports that insert into transmission are "closed." I thought that the port lasted up to an hour?

    Thanks
  • good news, almost got this fully working in Pfsense with cron on a timer. First 2 of 3 commands work perfect. Just trying to figure out the syntax for the last command. Running the command in shell gives {port#} in that format. running the script in cron gives empty {} . This is on the command i am talking about:

    curl -d "user=USERNAME&pass=PASSWORD&client_id=$(cat ~/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment



    When this is done, I will be making a tutorial for anyone trying to get this working in Pfsense.


  • @bugbudd911: The command uses a subcommand (in "$(cat ~/.pia_client_id)") which references a variable. The "~" character stands for $HOME, which is likely unset in Cron execution. Replace "~" with the full directory of the file, maybe like so: "$(cat /home/username/.pia_client_id)". You could also directly replace that subcommand with the actual client-id, maybe like so: "...&client_id=RaNdOmStRiNg&local_ip=...".


Sign In or Register to comment.