ishan/manual-connections
1
0
Fork 0
mirror of https://github.com/pia-foss/manual-connections.git synced 2025-02-05 14:08:29 +00:00
Code Issues Projects Releases Wiki Activity

Small fixes (#16)

Browse Source 
A lot of typo fixes.
This commit is contained in:
nurupo 2020-10-12 15:49:40 -04:00 committed by GitHub
parent 3e2091e009
commit 7a76a24a76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 51 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -36,7 +36,7 @@ The functionality of the scripts within this repository has been tested and conf
## PIA Port Forwarding ## PIA Port Forwarding
The PIA Port Forwarding service (a.k.a. PF) allows you run services on your own devices, and expose them to the internet by using the PIA VPN Network. The easiest way to set this up is by using a native PIA aplications. In case you require port forwarding on native clients, please follow this documentation in order to enable port forwarding for your VPN connection. The PIA Port Forwarding service (a.k.a. PF) allows you run services on your own devices, and expose them to the internet by using the PIA VPN Network. The easiest way to set this up is by using a native PIA aplication. In case you require port forwarding on native clients, please follow this documentation in order to enable port forwarding for your VPN connection.
This service can be used only AFTER establishing a VPN connection. This service can be used only AFTER establishing a VPN connection.
@ -54,7 +54,7 @@ Here is a list of scripts you could find useful:
To use port forwarding on the NextGen network, first of all establish a connection with your favorite protocol. After this, you will need to find the private IP of the gateway you are connected to. In case you are WireGuard, the gateway will be part of the JSON response you get from the server, as you can see in the [bash script](https://github.com/pia-foss/manual-connections/blob/master/wireguard_and_pf.sh#L119). In case you are using OpenVPN, you can find the gateway by checking the routing table with `ip route s t all`. To use port forwarding on the NextGen network, first of all establish a connection with your favorite protocol. After this, you will need to find the private IP of the gateway you are connected to. In case you are WireGuard, the gateway will be part of the JSON response you get from the server, as you can see in the [bash script](https://github.com/pia-foss/manual-connections/blob/master/wireguard_and_pf.sh#L119). In case you are using OpenVPN, you can find the gateway by checking the routing table with `ip route s t all`.
After connecting and finding out what the gateway is, get your payload and your signature by calling `getSignature` via HTTPS on port 19999. You will have to add your token as a GET var to proove you actually have an active account. After connecting and finding out what the gateway is, get your payload and your signature by calling `getSignature` via HTTPS on port 19999. You will have to add your token as a GET var to prove you actually have an active account.
Example: Example:
```bash ```bash

16
connect_to_openvpn_with_token.sh
View File

@ -34,14 +34,14 @@ check_tool curl
check_tool jq check_tool jq
check_tool openvpn check_tool openvpn
# Check if manual PIA OpenVPN connection is alread intitialized. # Check if manual PIA OpenVPN connection is already initialized.
# Multi-hop is out of the scope of this repo, but you should be able to # Multi-hop is out of the scope of this repo, but you should be able to
# get multi-hop running with both OpenVPN and WireGuard. # get multi-hop running with both OpenVPN and WireGuard.
adapter_check="$( ip a s tun06 )" adapter_check="$( ip a s tun06 )"
should_read="Device \"tun06\" does not exist" should_read="Device \"tun06\" does not exist"
pid_filepath="/opt/piavpn-manual/pia_pid" pid_filepath="/opt/piavpn-manual/pia_pid"
if [[ "$adapter_check" != "$should_read" ]]; then if [[ "$adapter_check" != "$should_read" ]]; then
echo The tun06 adapter already exists, that interface is required echo The tun06 adapter already exists, that interface is required
echo for this configuration. echo for this configuration.
if [ -f "$pid_filepath" ]; then if [ -f "$pid_filepath" ]; then
old_pid="$( cat "$pid_filepath" )" old_pid="$( cat "$pid_filepath" )"
@ -95,7 +95,7 @@ if [[ ! $OVPN_SERVER_IP ||
echo "PAYLOAD_AND_SIGNATURE - In case you already have a port." echo "PAYLOAD_AND_SIGNATURE - In case you already have a port."
echo echo
echo An easy solution is to just run get_region_and_token.sh echo An easy solution is to just run get_region_and_token.sh
echo as it will guide you through getting the best server and echo as it will guide you through getting the best server and
echo also a token. Detailed information can be found here: echo also a token. Detailed information can be found here:
echo https://github.com/pia-foss/manual-connections echo https://github.com/pia-foss/manual-connections
exit 1 exit 1
@ -139,7 +139,7 @@ fi
cat $prefix_filepath > /opt/piavpn-manual/pia.ovpn || exit 1 cat $prefix_filepath > /opt/piavpn-manual/pia.ovpn || exit 1
echo remote $OVPN_SERVER_IP $port $protocol >> /opt/piavpn-manual/pia.ovpn echo remote $OVPN_SERVER_IP $port $protocol >> /opt/piavpn-manual/pia.ovpn
# Copy the up/down scripts to /opt/piavpn-manual/ # Copy the up/down scripts to /opt/piavpn-manual/
# based upon use of PIA DNS # based upon use of PIA DNS
if [ "$PIA_DNS" != true ]; then if [ "$PIA_DNS" != true ]; then
cp openvpn_config/openvpn_up.sh /opt/piavpn-manual/ cp openvpn_config/openvpn_up.sh /opt/piavpn-manual/
@ -158,7 +158,7 @@ fi
# Start the OpenVPN interface. # Start the OpenVPN interface.
# If something failed, stop this script. # If something failed, stop this script.
# If you get DNS errors because you miss some packages, # If you get DNS errors because you miss some packages,
# just can hardcode /etc/resolv.conf to "nameserver 10.0.0.242". # just hardcode /etc/resolv.conf to "nameserver 10.0.0.242".
#rm -f /opt/piavpn-manual/debug_info #rm -f /opt/piavpn-manual/debug_info
echo " echo "
Trying to start the OpenVPN connection..." Trying to start the OpenVPN connection..."
@ -172,8 +172,8 @@ The OpenVPN connect command was issued.
Confirming OpenVPN connection state... " Confirming OpenVPN connection state... "
# Check if manual PIA OpenVPN connection is intitialized. # Check if manual PIA OpenVPN connection is initialized.
# Manually adjust the connectino_wait_time if needed # Manually adjust the connection_wait_time if needed
connection_wait_time=10 connection_wait_time=10
confirmation="Initialization Sequence Complete" confirmation="Initialization Sequence Complete"
for (( timeout=0; timeout <=$connection_wait_time; timeout++ )) for (( timeout=0; timeout <=$connection_wait_time; timeout++ ))
@ -203,7 +203,7 @@ At this point, internet should work via VPN.
echo "OpenVPN Process ID: $ovpn_pid echo "OpenVPN Process ID: $ovpn_pid
VPN route IP: $gateway_ip VPN route IP: $gateway_ip
To disconnect the VPN, run: To disconnect the VPN, run:
--> sudo kill $ovpn_pid <-- --> sudo kill $ovpn_pid <--
" "

6
connect_to_wireguard_with_token.sh
View File

@ -57,7 +57,7 @@ if [[ ! $WG_SERVER_IP || ! $WG_HOSTNAME || ! $PIA_TOKEN ]]; then
echo "PAYLOAD_AND_SIGNATURE - In case you already have a port." echo "PAYLOAD_AND_SIGNATURE - In case you already have a port."
echo echo
echo An easy solution is to just run get_region_and_token.sh echo An easy solution is to just run get_region_and_token.sh
echo as it will guide you through getting the best server and echo as it will guide you through getting the best server and
echo also a token. Detailed information can be found here: echo also a token. Detailed information can be found here:
echo https://github.com/pia-foss/manual-connections echo https://github.com/pia-foss/manual-connections
exit 1 exit 1
@ -126,8 +126,8 @@ echo OK!
# Start the WireGuard interface. # Start the WireGuard interface.
# If something failed, stop this script. # If something failed, stop this script.
# If you get DNS errors because you miss some packages, # If you get DNS errors because you miss some packages,
# just can hardcode /etc/resolv.conf to "nameserver 10.0.0.242". # just hardcode /etc/resolv.conf to "nameserver 10.0.0.242".
echo echo
echo Trying to create the wireguard interface... echo Trying to create the wireguard interface...
wg-quick up pia || exit 1 wg-quick up pia || exit 1
echo "The WireGuard interface got created. echo "The WireGuard interface got created.

10
get_region_and_token.sh
View File

@ -35,7 +35,7 @@ check_tool curl curl
check_tool jq jq check_tool jq jq
# This allows you to set the maximum allowed latency in seconds. # This allows you to set the maximum allowed latency in seconds.
# All servers that repond slower than this will be ignored. # All servers that respond slower than this will be ignored.
# You can inject this with the environment variable MAX_LATENCY. # You can inject this with the environment variable MAX_LATENCY.
# The default value is 50 milliseconds. # The default value is 50 milliseconds.
MAX_LATENCY=${MAX_LATENCY:-0.05} MAX_LATENCY=${MAX_LATENCY:-0.05}
@ -63,11 +63,11 @@ printServerLatency() {
export -f printServerLatency export -f printServerLatency
echo -n "Getting the server list... " echo -n "Getting the server list... "
# Get all region data since we will need this on multiple ocasions # Get all region data since we will need this on multiple occasions
all_region_data=$(curl -s "$serverlist_url" | head -1) all_region_data=$(curl -s "$serverlist_url" | head -1)
# If the server list has less than 1000 characters, it means curl failed. # If the server list has less than 1000 characters, it means curl failed.
if [[ ${#all_region_data} < 1000 ]]; then if [[ ${#all_region_data} -lt 1000 ]]; then
echo "Could not get correct region data. To debug this, run:" echo "Could not get correct region data. To debug this, run:"
echo "$ curl -v $serverlist_url" echo "$ curl -v $serverlist_url"
echo "If it works, you will get a huge JSON as a response." echo "If it works, you will get a huge JSON as a response."
@ -109,9 +109,9 @@ regionData="$( echo $all_region_data |
'.regions[] | select(.id==$REGION_ID)')" '.regions[] | select(.id==$REGION_ID)')"
echo -n The closest region is "$(echo $regionData | jq -r '.name')" echo -n The closest region is "$(echo $regionData | jq -r '.name')"
if echo $regionData | jq -r '.geo' | grep true > /dev/null; then if echo $regionData | jq -r '.geo' | grep true > /dev/null; then
echo " (geolocated region)." echo " (geolocated region)."
else else
echo "." echo "."
fi fi
echo echo

24
openvpn_config/standard.ovpn
View File

@ -1,18 +1,18 @@
client client
dev tun06 dev tun06
resolv-retry infinite resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
cipher aes-128-cbc cipher aes-128-cbc
auth sha1 auth sha1
tls-client tls-client
remote-cert-tls server remote-cert-tls server
auth-user-pass /opt/piavpn-manual/credentials auth-user-pass /opt/piavpn-manual/credentials
compress compress
verb 1 verb 1
reneg-sec 0 reneg-sec 0
<ca> <ca>
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----

24
openvpn_config/strong.ovpn
View File

@ -1,18 +1,18 @@
client client
dev tun06 dev tun06
resolv-retry infinite resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
cipher aes-256-cbc cipher aes-256-cbc
auth sha256 auth sha256
tls-client tls-client
remote-cert-tls server remote-cert-tls server
auth-user-pass /opt/piavpn-manual/credentials auth-user-pass /opt/piavpn-manual/credentials
compress compress
verb 1 verb 1
reneg-sec 0 reneg-sec 0
<ca> <ca>
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----

4
port_forwarding.sh
View File

@ -28,7 +28,7 @@ if [[ ! $PF_GATEWAY || ! $PIA_TOKEN || ! $PF_HOSTNAME ]]; then
echo PIA_TOKEN - the token you use to connect to the vpn services echo PIA_TOKEN - the token you use to connect to the vpn services
echo echo
echo An easy solution is to just run get_region_and_token.sh echo An easy solution is to just run get_region_and_token.sh
echo as it will guide you through getting the best server and echo as it will guide you through getting the best server and
echo also a token. Detailed information can be found here: echo also a token. Detailed information can be found here:
echo https://github.com/pia-foss/manual-connections echo https://github.com/pia-foss/manual-connections
exit 1 exit 1
@ -80,7 +80,7 @@ fi
signature="$(echo "$payload_and_signature" | jq -r '.signature')" signature="$(echo "$payload_and_signature" | jq -r '.signature')"
# The payload has a base64 format. We need to extract it from the # The payload has a base64 format. We need to extract it from the
# previous reponse and also get the following information out: # previous response and also get the following information out:
# - port: This is the port you got access to # - port: This is the port you got access to
# - expires_at: this is the date+time when the port expires # - expires_at: this is the date+time when the port expires
payload="$(echo "$payload_and_signature" | jq -r '.payload')" payload="$(echo "$payload_and_signature" | jq -r '.payload')"

19
run_setup.sh
View File

@ -20,7 +20,7 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE. # SOFTWARE.
# Only allow script to run as # Only allow script to run as
if [ "$(whoami)" != "root" ]; then if [ "$(whoami)" != "root" ]; then
echo "This script needs to be run as root. Try again with 'sudo $0'" echo "This script needs to be run as root. Try again with 'sudo $0'"
exit 1 exit 1
@ -60,17 +60,17 @@ if echo ${connection_method:0:1} | grep -iq o; then
echo -n "Connection method ([U]dp/[t]cp): " echo -n "Connection method ([U]dp/[t]cp): "
read protocolInput read protocolInput
echo echo
protocol="udp" protocol="udp"
if echo ${protocolInput:0:1} | grep -iq t; then if echo ${protocolInput:0:1} | grep -iq t; then
protocol="tcp" protocol="tcp"
fi fi
echo "Higher levels of encryption trade performance for security. " echo "Higher levels of encryption trade performance for security. "
echo -n "Do you want to use strong encryption ([N]o/[y]es): " echo -n "Do you want to use strong encryption ([N]o/[y]es): "
read strongEncryption read strongEncryption
echo echo
encryption="standard" encryption="standard"
if echo ${strongEncryption:0:1} | grep -iq y; then if echo ${strongEncryption:0:1} | grep -iq y; then
encryption="strong" encryption="strong"
@ -82,7 +82,7 @@ export PIA_AUTOCONNECT
echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT" echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT"
" "
# Check for the required presence of resolvconf for settnig DNS on wireguard connections. # Check for the required presence of resolvconf for setting DNS on wireguard connections.
setDNS="yes" setDNS="yes"
if ! command -v resolvconf &>/dev/null && [ "$PIA_AUTOCONNECT" == wireguard ]; then if ! command -v resolvconf &>/dev/null && [ "$PIA_AUTOCONNECT" == wireguard ]; then
echo The resolvconf package could not be found. echo The resolvconf package could not be found.
@ -98,14 +98,9 @@ if [ "$setDNS" != no ]; then
read setDNS read setDNS
echo echo
fi fi
PIA_DNS="true"
if echo ${setDNS:0:1} | grep -iq n; then
PIA_DNS="false"
fi
PIA_DNS="true" PIA_DNS="true"
if echo ${setDNS:0:1} | grep -iq n; then if echo ${setDNS:0:1} | grep -iq n; then
PIA_DNS="false" PIA_DNS="false"
fi fi
export PIA_DNS export PIA_DNS
@ -124,7 +119,7 @@ export PIA_PF
echo PIA_PF=$PIA_PF echo PIA_PF=$PIA_PF
# Set this to the maximum allowed latency in seconds. # Set this to the maximum allowed latency in seconds.
# All servers that repond slower than this will be ignored. # All servers that respond slower than this will be ignored.
echo -n " echo -n "
With no input, the maximum allowed latency will be set to 0.05s (50ms). With no input, the maximum allowed latency will be set to 0.05s (50ms).
If your connection has high latency, you may need to increase this value. If your connection has high latency, you may need to increase this value.