Closed FreakyBigFoot closed 1 year ago
yes you do
Ok testing now. How do I verify it's using the dedicated IP?
you can see the IP on the dashboard (if you have interfaces and gateways setup there). Or, to verify further, browser whatismyip.com or similar services with a device using the VPN.
But how would I know that I'm using a dedicated IP vs just getting a random one assigned? I guess just disconnect and reconnect and verify it's the same IP..?
Oh yes, right - PIA doesn't tell you their assigned IPs ... right. Uh yes, that'd be one way I guess. Not sure if there is a better one.
Yep that's how I had to do it. Seems to be working. Thanks!
I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like
{ "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null }
My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like
{ "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null }
My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
Hi,
I don't have DIP myself to test, if you could email the DIP token I can do some testing my end, if you like. Email is on my profile.
I am unable to get the DIP to work regardless of what I change, This is what my PIAWireguard.json file look like { "opnsenseURL": "https://192.534.123.231", "opnsenseKey": "Mv345u908u0yc894weny89yescf98uv0549f", "opnsenseSecret": "p8w9547uboiv68hw8vhsycneauioyuiyuixdcgfkuse4oh5L", "opnsenseWGName": "PIA", "opnsenseWGPort": "51815", "piaUsername": "puisernhuioh34h0897", "piaPassword": "vw47890nscwe897890", "piaRegionId": "uk", "piaDipToken": "DIPncvstiuyuisyukgcyviumysiruodgy8948cyniuysnwc879", "piaPortForward": false, "piaUseDip": true, "tunnelGateway": null } My dedicated IP is in London, I have tried all of the UK servers but it doesn't seem to work.
Hi,
I don't have DIP myself to test, if you could email the DIP token I can do some testing my end, if you like. Email is on my profile.
I appreciate that you are trying to help resolve this issue but I dont think it's a good idea for me to share my DIP token.
Without a DIP token myself, I can't really debug the problem too much. Best you can do currently is provide me the output of the script with the debug
args.
Don't post secrets to github. You need to change your PIA password, opensense secret, DIP token.
Don't post secrets to github. You need to change your PIA password, opensense secret, DIP token.
I think he just put random strings for the values, not their actual values. 🤔
Here is the debug output
Force server change requested Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.9/ssl.py", line 501, in wrap_socket return self.sslsocket_class._create( File "/usr/local/lib/python3.9/ssl.py", line 1074, in _create self.do_handshake() File "/usr/local/lib/python3.9/ssl.py", line 1343, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 54] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 798, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/local/lib/python3.9/site-packages/urllib3/packages/six.py", line 769, in reraise raise value.with_traceback(tb) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.9/ssl.py", line 501, in wrap_socket return self.sslsocket_class._create( File "/usr/local/lib/python3.9/ssl.py", line 1074, in _create self.do_handshake() File "/usr/local/lib/python3.9/ssl.py", line 1343, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(54, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/conf/PIAWireguard.py", line 438, in
From the looks of that trace, it sounds like your unable to make a POST request to PIA's API. Maybe you can't route too it?
Can you please try the below cURL request it make sure to fill in your username and password. For me it turns a auth token. Ran run this on your workstation or opnsense itself.
curl -s --location --request POST 'https://www.privateinternetaccess.com/api/client/v2/token' --form "username=usernamehere" --form "password=passhere"
example response
{"token":"40fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b8540fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b85ddsadsada"
From the looks of that trace, it sounds like your unable to make a POST request to PIA's API. Maybe you can't route too it?
Can you please try the below cURL request it make sure to fill in your username and password. For me it turns a auth token. Ran run this on your workstation or opnsense itself.
curl -s --location --request POST 'https://www.privateinternetaccess.com/api/client/v2/token' --form "username=usernamehere" --form "password=passhere"
example response
{"token":"40fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b8540fe23f7eeafd61f22ba09c6d7a3dce7aefd01ff45ed74a686b6b85ddsadsada"
It timed out without a response
I do live in the UAE where VPN blocking is quite prevelant, which might be the issue.
Unless you can make that web request the feature sadly won't work. You'll have to try workout why it's not working and see if you can find a workaround to it.
Would it be possible for me manually create a the Wireguard setup for DIP since it won't change? I could possibly run the script through another tunnel to get public and private key, and token
You need to to the full login process every time you need to reconnect to the WireGuard server. If they restart/move the server with the DIP on it, you have to do a full reauthentication to add as a peer again to that server. If you are disconnected for a period of time they remove you as a peer for the server.
You could look at modifying the script to maybe proxy that web request using PIA's SOCKS proxy if you can connect to that. 🤔
EDIT: double check it's not a DNS issue, by changing the DNS OPNsense uses to like Quad9 or something.
I've filled out the json configuration to include my DIP key & set the flag to true. Do I need to make the piaRegionId match the region where my dedicated IP is supposed to be possibly?