search

binhex / arch-rtorrentvpn

Docker build script for Arch Linux base with ruTorrent, rTorrent, autodl-irssi, Privoxy and OpenVPN
GNU General Public License v3.0
238 stars 35 forks source link

PIA Port Forwarding no longer working #171

Closed mikemulhearn closed 3 years ago

mikemulhearn commented 3 years ago

It looks like PIA changed over their port forwarding API in recent months.. Any chance that an update to the PIA port forwarding script in the container is already way or possible in the near future?

Here's a link to their GitHub repo with some instructions for curl integration: https://github.com/pia-foss/manual-connections/tree/v1.0.0#manual-setup-of-pf

binhex commented 3 years ago

the port forwarding has been completely reworked in this image months ago, are you using 'latest' tagged image?

mikemulhearn commented 3 years ago

I'm using the base image -- "image: binhex/arch-rtorrentvpn"

is that not the same as latest? I can add the latest tag if necessary

mikemulhearn commented 3 years ago

The getvpnport.sh script I have is trying to get the port from 209.2222.18.222, but that seems to be the old way of getting the port that is no longer working -- I get stuck in the curly.sh retry loop.

####
# get dynamically assigned port number
####

echo "[info] Attempting to get dynamically assigned port..."

# pia api url for getting dynamically assigned port number
pia_vpnport_api_host="209.222.18.222"
pia_vpnport_api_port="2000"
pia_vpnport_api="http://${pia_vpnport_api_host}:${pia_vpnport_api_port}"

# create pia client id (randomly generated)
client_id=$(head -n 100 /dev/urandom | sha256sum | tr -d " -")

# run curly to grab api result
rm -f "/tmp/piaportassignapi"
curly.sh -ct 10 -rc 12 -rw 10 -of "/tmp/piaportassignapi" -url "${pia_vpnport_api}/?client_id=${client_id}"

I turned off port binding for now to let rTorrent run, but obviously the performance is severely degraded.

It looks like the new way for the "next-gen" VPN servers is by sending a token to the VPN server you are connected to to get a payload and signature back, which are used to bind a port in a subsequent "bindPort" API call (details in link in OP). That same bindPort call must be run every 15 mins as well, and expires after 2 months fwiw.

binhex commented 3 years ago

not sure what image you are runnign there or where you got the old version of getvpnport.sh, but this is the current up to date script that is included in all my vpn images:- https://github.com/binhex/arch-int-vpn/blob/master/run/root/getvpnport.sh

i can only assume the image you have on disk is out of date, try doing a docker pull to force the latest image to be pulled down.

mikemulhearn commented 3 years ago

hmm not sure either. I just ran a manual pull and it definitely pulled down the latest image. Now I'm getting errors trying to initiate the wireguard interface:

2021-01-12 14:46:37,331 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2021-01-12 14:46:37,341 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2021-01-12 14:46:37,351 DEBG 'start-script' stderr output:
RTNETLINK answers: Operation not supported

2021-01-12 14:46:37,359 DEBG 'start-script' stderr output:
Unable to access interface: Protocol not supported

2021-01-12 14:46:37,359 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0

2021-01-12 14:46:37,368 DEBG 'start-script' stderr output:
Cannot find device "wg0"

2021-01-12 14:46:37,368 DEBG 'start-script' stdout output:
[warn] WireGuard interface failed to come 'up', exit code is '1'

Do I have to clear out any configs?

rtorrent-openvpn: container_name: rtorrent-vpn image: binhex/arch-rtorrentvpn:latest

cap_add:

  #- NET_ADMIN
sysctls:
  - "net.ipv4.conf.all.src_valid_mark=1"
privileged: true
#devices:
restart: always
ports:
  - "11080:9080"
  - "10443:9443"
  - "8118:8118"
dns:
  - 1.1.1.1
  - 1.0.0.1
  - 209.222.18.222
  - 84.200.69.80
  - 37.235.1.174
  - 209.222.18.218
  - 37.235.1.177
  - 84.200.70.40
volumes:
  - /etc/localtime:/etc/localtime:ro
  - /windows/k/data:/data
  #- /windows/i/config:/config
  - ${USERDIR}/docker/rtorrent/config:/config
environment:
  - VPN_ENABLED=yes
  #- VPN_CONFIG=France
  - VPN_USER=*redacted*
  - VPN_PASS=*redacted*
  - VPN_PROV=pia
  #- VPN_CLIENT=openvpn
  - VPN_CLIENT=wireguard
  - STRICT_PORT_FORWARD=yes
  #- STRICT_PORT_FORWARD=no
  - ENABLE_PRIVOXY=yes
  - ENABLE_PRIVOXY=no
  - ENABLE_AUTODL_IRSSI=yes
  - ENABLE_RPC2=yes
  - ENABLE_RPC2_AUTH=yes
  - RPC2_USER=*redacted*
  - RPC2_PASS=*redacted*
  - ENABLE_WEBUI_AUTH=yes
  - WEBUI_USER=*redacted*
  - WEBUI_PASS=*redacted*
  - LAN_NETWORK=172.22.1.0/24,127.0.0.1/24,172.17.0.1/24,172.18.0.1/24
  - NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1
  - DEBUG=false
  - PHP_TZ=America/New_York
  - UMASK=000
  - PUID=${PUID}
  - PGID=${PGID}
mikemulhearn commented 3 years ago

I updated CentOS 7 and installed WireGuard, and now I'm good to go.

Thanks for all your hard work on this project.. I finally started migrating from a Transmission OpenVPN container to this one and I'll never look back