iShark5060
commented
1 year ago yes you do
Closed FreakyBigFoot closed 1 year ago
iShark5060
commented
1 year ago yes you do
FreakyBigFoot
commented
1 year ago Ok testing now. How do I verify it's using the dedicated IP?
iShark5060
commented
1 year ago you can see the IP on the dashboard (if you have interfaces and gateways setup there). Or, to verify further, browser whatismyip.com or similar services with a device using the VPN.
FreakyBigFoot
commented
1 year ago But how would I know that I'm using a dedicated IP vs just getting a random one assigned? I guess just disconnect and reconnect and verify it's the same IP..?
iShark5060
commented
1 year ago Oh yes, right - PIA doesn't tell you their assigned IPs ... right. Uh yes, that'd be one way I guess. Not sure if there is a better one.
FreakyBigFoot
commented
1 year ago Yep that's how I had to do it. Seems to be working. Thanks!
MonkeyGoneWIld
commented
8 months ago I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like
{ "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null }
My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
FingerlessGlov3s
commented
8 months ago I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like
{ "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null }
My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
Hi,
I don't have DIP myself to test, if you could email the DIP token I can do some testing my end, if you like. Email is on my profile.
MonkeyGoneWIld
commented
8 months ago I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like { "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null } My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
Hi,
I don't have DIP myself to test, if you could email the DIP token I can do some testing my end, if you like. Email is on my profile.
I appreciate that you are trying to help resolve this issue but I dont think it's a good idea for me to share my DIP token.
FingerlessGlov3s
commented
8 months ago Without a DIP token myself, I can't really debug the problem too much. Best you can do currently is provide me the output of the script with the debug args.
bedub1
commented
8 months ago Don't post secrets to github. You need to change your PIA password, opensense secret, DIP token.
FingerlessGlov3s
commented
8 months ago Don't post secrets to github. You need to change your PIA password, opensense secret, DIP token.
I think he just put random strings for the values, not their actual values. 🤔
MonkeyGoneWIld
commented
8 months ago Here is the debug output
Force server change requested Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.9/ssl.py", line 501, in wrap_socket return self.sslsocket_class._create( File "/usr/local/lib/python3.9/ssl.py", line 1074, in _create self.do_handshake() File "/usr/local/lib/python3.9/ssl.py", line 1343, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 54] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 798, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/local/lib/python3.9/site-packages/urllib3/packages/six.py", line 769, in reraise raise value.with_traceback(tb) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.9/ssl.py", line 501, in wrap_socket return self.sslsocket_class._create( File "/usr/local/lib/python3.9/ssl.py", line 1074, in _create self.do_handshake() File "/usr/local/lib/python3.9/ssl.py", line 1343, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(54, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/conf/PIAWireguard.py", line 438, in
FingerlessGlov3s
commented
8 months ago From the looks of that trace, it sounds like your unable to make a POST request to PIA's API. Maybe you can't route too it?
Can you please try the below cURL request it make sure to fill in your username and password. For me it turns a auth token. Ran run this on your workstation or opnsense itself.
curl -s --location --request POST 'https://www.privateinternetaccess.com/api/client/v2/token' --form "username=usernamehere" --form "password=passhere"example response
{"token":"40fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b8540fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b85ddsadsada"From the looks of that trace, it sounds like your unable to make a POST request to PIA's API. Maybe you can't route too it?
Can you please try the below cURL request it make sure to fill in your username and password. For me it turns a auth token. Ran run this on your workstation or opnsense itself.
curl -s --location --request POST 'https://www.privateinternetaccess.com/api/client/v2/token' --form "username=usernamehere" --form "password=passhere"example response
{"token":"40fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b8540fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b85ddsadsada"
It timed out without a response
I do live in the UAE where VPN blocking is quite prevelant, which might be the issue.
FingerlessGlov3s
commented
8 months ago Unless you can make that web request the feature sadly won't work. You'll have to try workout why it's not working and see if you can find a workaround to it.
MonkeyGoneWIld
commented
8 months ago Would it be possible for me manually create a the Wireguard setup for DIP since it won't change? I could possibly run the script through another tunnel to get public and private key, and token
FingerlessGlov3s
commented
8 months ago You need to to the full login process every time you need to reconnect to the WireGuard server. If they restart/move the server with the DIP on it, you have to do a full reauthentication to add as a peer again to that server. If you are disconnected for a period of time they remove you as a peer for the server.
You could look at modifying the script to maybe proxy that web request using PIA's SOCKS proxy if you can connect to that. 🤔
EDIT: double check it's not a DNS issue, by changing the DNS OPNsense uses to like Quad9 or something.
I've filled out the json configuration to include my DIP key & set the flag to true. Do I need to make the piaRegionId match the region where my dedicated IP is supposed to be possibly?