bolemo
commented
11 months ago Hi @mitsu98 I will look into that, but not having a dedicated IP myself, I won't be able to test.
Open mitsu98 opened 11 months ago
bolemo
commented
11 months ago Hi @mitsu98 I will look into that, but not having a dedicated IP myself, I won't be able to test.
bolemo
commented
11 months ago Is it possible to generate by specified IP or dedicated IP? Thank you
Could you test something for me? I suppose you have a dedicated IP?
After running the script on your OpenWrt router and connected to any region at least once, can you run this and post the result here (after hiding your token and private ip information for privacy reasons):
PIA_TOKEN=$(uci get pia_wg.@token[0].hash)
DIP_TOKEN="YOUR_DEDICATED_IP_TOKEN_FROM_PIA"
curl -s -L -X POST 'https://www.privateinternetaccess.com/api/client/v2/dedicated_ip' --header 'Content-Type: application/json' --header "Authorization: Token $PIA_TOKEN" -d '{ "tokens":["'"$DIP_TOKEN"'"] }'Thank you!
QuiteBitter
commented
5 months ago [{"id":"de-frankfurt","dip_token":"XXXXXXXXXXXXXXXXXXXXXXX","dip_expire":1714262400,"groups":["ovpntcp","ovpnudp","wg","ikev2"],"ip":"XXXXXXXXXXXX","cn":"frankfurt412","status":"active"}]
bolemo
commented
4 months ago [{"id":"de-frankfurt","dip_token":"XXXXXXXXXXXXXXXXXXXXXXX","dip_expire":1714262400,"groups":["ovpntcp","ovpnudp","wg","ikev2"],"ip":"XXXXXXXXXXXX","cn":"frankfurt412","status":"active"}]
Thank you 🙏 I will look into that when I find some time.
QuiteBitter
commented
4 months ago i tried it myself, but had no luck... hope you can work on it soon :-)
bolemo
commented
4 months ago i tried it myself, but had no luck... hope you can work on it soon :-)
I am not forgetting this. I just did not have time to work on it yet. I will see if I can look at it this week. I will need you to beta test as I don’t have a dedicated IP myself.
QuiteBitter
commented
4 months ago i tried it myself, but had no luck... hope you can work on it soon :-)
I am not forgetting this. I just did not have time to work on it yet. I will see if I can look at it this week. I will need you to beta test as I don’t have a dedicated IP myself.
great, yes im in for it. Just contact me when youre ready
bolemo
commented
4 months ago [{"id":"de-frankfurt","dip_token":"XXXXXXXXXXXXXXXXXXXXXXX","dip_expire":1714262400,"groups":["ovpntcp","ovpnudp","wg","ikev2"],"ip":"XXXXXXXXXXXX","cn":"frankfurt412","status":"active"}]
Ok @QuiteBitter
Could you try this for me?
Like last time (with the extra PUB_KEY variable):
PIA_TOKEN=$(uci get pia_wg.@token[0].hash)
PUB_KEY=$(uci -q get pia_wg.@keys[0].pub)
DIP_TOKEN="YOUR_DEDICATED_IP_TOKEN_FROM_PIA"
curl -s -L -X POST 'https://www.privateinternetaccess.com/api/client/v2/dedicated_ip' --header 'Content-Type: application/json' --header "Authorization: Token $PIA_TOKEN" -d '{ "tokens":["'"$DIP_TOKEN"'"] }'Then, using the data in the json result you have, replacing ##CN## by frankfurt412 (or whatever your new result is), and ##IP## by the IP given to you ("ip":"XXXXXXXXXXXX"), run the following command:
curl -s -k -G --connect-to "##CN##::##IP##" --user "dedicated_ip_$DIP_TOKEN:##IP##" --data-urlencode "pubkey=$PUB_KEY" "https://##CN##:1337/addKey"And sharing the result (without sensitive information) ?
QuiteBitter
commented
3 months ago Hey,I will do it tomorrow:) I’m thrilled because I was not able to get the pubkey for the peer. Got problems with the give certificate.I will give you the results in 10 hours from now.Sleep wellAm 10.05.2024 um 19:09 schrieb hELLO wORLD @.***>:
[{"id":"de-frankfurt","dip_token":"XXXXXXXXXXXXXXXXXXXXXXX","dip_expire":1714262400,"groups":["ovpntcp","ovpnudp","wg","ikev2"],"ip":"XXXXXXXXXXXX","cn":"frankfurt412","status":"active"}]
Ok @QuiteBitter Could you try this for me? Like last time (with the extra PUB_KEY variable): PIA_TOKEN=$(uci get @.[0].hash) PUB_KEY=$(uci -q get @.[0].pub) DIP_TOKEN="YOUR_DEDICATED_IP_TOKEN_FROM_PIA" curl -s -L -X POST 'https://www.privateinternetaccess.com/api/client/v2/dedicated_ip' --header 'Content-Type: application/json' --header "Authorization: Token $PIA_TOKEN" -d '{ "tokens":["'"$DIP_TOKEN"'"] }'
Then, using the data in the json result you have, replacing ##CN## by frankfurt412 (or whatever your new result is), and ##IP## by the IP given to you ("ip":"XXXXXXXXXXXX"), run the following command: curl -s -k -G --connect-to "##CN##::##IP##" --user "dedicatedip$DIP_TOKEN:##IP##" --data-urlencode "pubkey=$PUB_KEY" "https://##CN##:1337/addKey"
And sharing the result (without sensitive information) ?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
QuiteBitter
commented
3 months ago @bolemo
I successfully configured the WireGuard interface with a dedicated IP on OpenWrt.
First, I executed your script response.sh to retrieve the server's dynamic IP configuration. Here's the crucial output that enabled the setup:
root@OpenWrt:~/scripts# ./response.sh
[{"id":"de-frankfurt","dip_token":"GIR3KXIlkGM9UneuDZqw2t7ISsnZjuNR","dip_expire":1716854400,"groups":["ovpntcp","ovpnudp","wg","ikev2"],"ip":"115.162.124.213","cn":"frankfurt415","status":"active"}]Next, I used curl to set up the WireGuard key with the server. It is important to get the user right: dedicated_ip_GIR3KXIlkGM9UneuDZqw2t7ISsnZjuNR:115.162.124.213. I did not use any environment variables for the final API call.
root@OpenWrt:~/scripts# curl -s -v -k -G --connect-to "frankfurt415::115.162.124.213" --user "dedicated_ip_GIR3KXIlkGM9UneuDZqw2t7ISsnZjuNR:115.162.124.213" --data-urlencode "pubkey=HJk4nC8si4nHM6QEGQUxbmIKwSwqNXJipPn86Q0jCTN=" "https://frankfurt415:1337/addKey"
> GET /addKey?pubkey=HJk4nC8si4nHM6QEGQUxbmIKwSwqNXJipPn86Q0jCTN%3d HTTP/2
> Host: frankfurt415:1337
> Authorization: Basic bW9kaWZpZWRfdmFsX0NJUzNKWHVuakZMNlR1ZHVFWG93M3M3SVJ5bG5qdU5ROjE4Ny4xNjUuMTIzLjI1NA==
> User-Agent: curl/8.7.1
> Accept: */*
>
< HTTP/2 200
< content-type: application/json
< content-length: 354
< date: Sat, 11 May 2024 17:09:16 GMT
{
"status": "OK",
"server_key": "B6Hfdcs5Qs75kJtgSS/DP4WR3f/B7ByvB6Y08CdF8zN=",
"server_port": 1337,
"server_ip": "115.162.124.213",
"server_vip": "10.236.128.1",
"peer_ip": "10.236.137.69",
"peer_pubkey": "HJk4nC8si4nHM6QEGQUxbmIKwSwqNXJipPn86Q0jCTN=",
"dns_servers": [
"10.0.0.243",
"10.0.0.242"
]
}Using the retrieved data and configured keys, I finalized the settings for the WireGuard interface:
config interface 'wg_pia'
option private_key 'CGBLBpvXjqe78oVZvz754xDTSv9ML8YfFSdO8EH/RYR='
list dns '10.0.0.243'
list dns '10.0.0.242'
option proto 'wireguard'
option delegate '0'
list addresses '10.236.137.69'
config wireguard_wg_pia 'wgpeer_pia'
option description 'PIA DIP FRANKFURT'
option endpoint_host '115.162.124.213'
option endpoint_port '1337'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '::/0'
list allowed_ips '0.0.0.0/0'
option public_key 'B6Hfdcs5Qs75kJtgSS/DP4WR3f/B7ByvB6Y08CdF8zN='This configuration worked flawlessly when manually inserted with newly generated WireGuard keys. I hope this detailed response helps you enhance the script even further.
Thank you again!
Please note that all keys and IP addresses used in this configuration are placeholders for security purposes, but they are consistently used throughout the example to ensure accuracy and functionality.
bolemo
commented
3 months ago Thank you @QuiteBitter for your answer and precision!
I prepared a beta version of the script with Dedicated IP. If you want to try:
curl https://raw.githubusercontent.com/bolemo/pia_wg/beta_dip/pia_wg.sh >/path/to/your/pia_wg.sh
where you replace /path/to/your/pia_wg.sh by the path to the script on your router.
Then just run pia_wg.sh configure dip then pia_wg.sh restart
QuiteBitter
commented
3 months ago Thank you I will try it tomorrow 😀
Is it possible to generate by specified IP or dedicated IP? Thank you