From e956c57849a38f912e654e0357f5ae456dfd1742 Mon Sep 17 00:00:00 2001 From: RoboMagus <68224306+RoboMagus@users.noreply.github.com> Date: Mon, 6 Feb 2023 12:45:34 +0100 Subject: [PATCH] Add: Option to only generate WG config file (#171) See #171. --- README.md | 4 +- connect_to_wireguard_with_token.sh | 126 ++++++++++++++++------------- 2 files changed, 72 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 87cb360..e381007 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,8 @@ Here is a list of scripts you could find useful: * `DIP_TOKEN` - your PIA dedicated IP token (can be purchased in the client control panel) * `PIA_DNS` - true/false * `PIA_PF` - true/false + * `PIA_CONNECT` - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true. + * `PIA_CONF_PATH` - path of wireguard config file to be written. Used when only creating config file for wireguard. * `MAX_LATENCY` - numeric value, in seconds * `AUTOCONNECT` - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION * `PREFERRED_REGION` - the region ID for a PIA server @@ -102,7 +104,7 @@ Here is a list of scripts you could find useful: * [Get region details](get_region.sh): This script will provide server details, validate `PREFERRED_REGION` input, and can determine the lowest latency location. The script can also trigger VPN connections, if you specify `VPN_PROTOCOL=wireguard` or `VPN_PROTOCOL=openvpn`; doing so requires a token. This script can reference `get_token.sh` with use of `PIA_USER` and `PIA_PASS`. If called without specifying `PREFERRED_REGION` this script writes a list of servers within lower than `MAX_LATENCY` to a `/opt/piavpn-manual/latencyList` for reference. * [Get a token](get_token.sh): This script allows you to get an authentication token with a valid 'PIA_USER' and 'PIA_PASS'. It will write the token and its expiration date to `/opt/piavpn-manual/token` for reference. * [Get DIP details](get_dip.sh): This script will provide necessary connection details to use a dedicated IP. - * [Connect to WireGuard](connect_to_wireguard_with_token.sh): This script allows you to connect to the VPN server via WireGuard. + * [Connect to WireGuard](connect_to_wireguard_with_token.sh): This script allows you to connect to the VPN server via WireGuard, or create a WireGuard config file by setting environment variable `PIA_CONNECT=false`. * [Connect to OpenVPN](connect_to_openvpn_with_token.sh): This script allows you to connect to the VPN server via OpenVPN. * [Enable Port Forwarding](port_forwarding.sh): Enables you to add Port Forwarding to an existing VPN connection. Adding the environment variable `PIA_PF=true` to any of the previous scripts will also trigger this script. diff --git a/connect_to_wireguard_with_token.sh b/connect_to_wireguard_with_token.sh index 65ffdb2..7922892 100755 --- a/connect_to_wireguard_with_token.sh +++ b/connect_to_wireguard_with_token.sh @@ -49,6 +49,11 @@ if [[ -t 1 ]]; then fi fi +: "${PIA_CONNECT=true}" + +DEFAULT_PIA_CONF_PATH=/etc/wireguard/pia.conf +: "${PIA_CONF_PATH:=$DEFAULT_PIA_CONF_PATH}" + # PIA currently does not support IPv6. In order to be sure your VPN # connection does not leak, it is best to disabled IPv6 altogether. # IPv6 can also be disabled via kernel commandline param, so we must @@ -118,13 +123,17 @@ if [[ $(echo "$wireguard_json" | jq -r '.status') != "OK" ]]; then exit 1 fi -# Multi-hop is out of the scope of this repo, but you should be able to -# get multi-hop running with both WireGuard and OpenVPN by playing with -# these scripts. Feel free to fork the project and test it out. -echo -echo "Trying to disable a PIA WG connection in case it exists..." -wg-quick down pia && echo -e "${green}\nPIA WG connection disabled!${nc}" -echo +if [[ $PIA_CONNECT == "true" ]]; then + # Ensure config file path is set to default used for WG connection + PIA_CONF_PATH=$DEFAULT_PIA_CONF_PATH + # Multi-hop is out of the scope of this repo, but you should be able to + # get multi-hop running with both WireGuard and OpenVPN by playing with + # these scripts. Feel free to fork the project and test it out. + echo + echo "Trying to disable a PIA WG connection in case it exists..." + wg-quick down pia && echo -e "${green}\nPIA WG connection disabled!${nc}" + echo +fi # Create the WireGuard config based on the JSON received from the API # In case you want this section to also add the DNS setting, please @@ -140,8 +149,8 @@ if [[ $PIA_DNS == "true" ]]; then echo dnsSettingForVPN="DNS = $dnsServer" fi -echo -n "Trying to write /etc/wireguard/pia.conf..." -mkdir -p /etc/wireguard +echo -n "Trying to write ${PIA_CONF_PATH}..." +mkdir -p "$(dirname "$PIA_CONF_PATH")" echo " [Interface] Address = $(echo "$wireguard_json" | jq -r '.peer_ip') @@ -152,56 +161,59 @@ PersistentKeepalive = 25 PublicKey = $(echo "$wireguard_json" | jq -r '.server_key') AllowedIPs = 0.0.0.0/0 Endpoint = ${WG_SERVER_IP}:$(echo "$wireguard_json" | jq -r '.server_port') -" > /etc/wireguard/pia.conf || exit 1 +" > ${PIA_CONF_PATH} || exit 1 echo -e "${green}OK!${nc}" -# Start the WireGuard interface. -# If something failed, stop this script. -# If you get DNS errors because you miss some packages, -# just hardcode /etc/resolv.conf to "nameserver 10.0.0.242". -echo -echo "Trying to create the wireguard interface..." -wg-quick up pia || exit 1 -echo -echo -e "${green}The WireGuard interface got created.${nc} -At this point, internet should work via VPN. - -To disconnect the VPN, run: - ---> ${green}wg-quick down pia${nc} <-- -" - -# This section will stop the script if PIA_PF is not set to "true". -if [[ $PIA_PF != "true" ]]; then - echo "If you want to also enable port forwarding, you can start the script:" - echo -e "$ ${green}PIA_TOKEN=$PIA_TOKEN" \ - "PF_GATEWAY=$WG_SERVER_IP" \ - "PF_HOSTNAME=$WG_HOSTNAME" \ - "./port_forwarding.sh${nc}" +if [[ $PIA_CONNECT == "true" ]]; then + # Start the WireGuard interface. + # If something failed, stop this script. + # If you get DNS errors because you miss some packages, + # just hardcode /etc/resolv.conf to "nameserver 10.0.0.242". echo - echo "The location used must be port forwarding enabled, or this will fail." - echo "Calling the ./get_region script with PIA_PF=true will provide a filtered list." - exit 1 + echo "Trying to create the wireguard interface..." + wg-quick up pia || exit 1 + echo + echo -e "${green}The WireGuard interface got created.${nc} + + At this point, internet should work via VPN. + + To disconnect the VPN, run: + + --> ${green}wg-quick down pia${nc} <-- + " + + # This section will stop the script if PIA_PF is not set to "true". + if [[ $PIA_PF != "true" ]]; then + echo "If you want to also enable port forwarding, you can start the script:" + echo -e "$ ${green}PIA_TOKEN=$PIA_TOKEN" \ + "PF_GATEWAY=$WG_SERVER_IP" \ + "PF_HOSTNAME=$WG_HOSTNAME" \ + "./port_forwarding.sh${nc}" + echo + echo "The location used must be port forwarding enabled, or this will fail." + echo "Calling the ./get_region script with PIA_PF=true will provide a filtered list." + exit 1 + fi + + echo -ne "This script got started with ${green}PIA_PF=true${nc}. + + Starting port forwarding in " + for i in {5..1}; do + echo -n "$i..." + sleep 1 + done + echo + echo + + echo -e "Starting procedure to enable port forwarding by running the following command: + $ ${green}PIA_TOKEN=$PIA_TOKEN \\ + PF_GATEWAY=$WG_SERVER_IP \\ + PF_HOSTNAME=$WG_HOSTNAME \\ + ./port_forwarding.sh${nc}" + + PIA_TOKEN=$PIA_TOKEN \ + PF_GATEWAY=$WG_SERVER_IP \ + PF_HOSTNAME=$WG_HOSTNAME \ + ./port_forwarding.sh fi - -echo -ne "This script got started with ${green}PIA_PF=true${nc}. - -Starting port forwarding in " -for i in {5..1}; do - echo -n "$i..." - sleep 1 -done -echo -echo - -echo -e "Starting procedure to enable port forwarding by running the following command: -$ ${green}PIA_TOKEN=$PIA_TOKEN \\ - PF_GATEWAY=$WG_SERVER_IP \\ - PF_HOSTNAME=$WG_HOSTNAME \\ - ./port_forwarding.sh${nc}" - -PIA_TOKEN=$PIA_TOKEN \ - PF_GATEWAY=$WG_SERVER_IP \ - PF_HOSTNAME=$WG_HOSTNAME \ - ./port_forwarding.sh