Fail's to enable or add to UFW

[sekthree]

I'm not entirely sure how to run this. I added Environment="PIA_ADD_VPN_ENDPOINT_TO_UFW=true" to the piavpn-manual.service (i assume this is where it goes), turned off UFW (ufw disable) otherwise running setup would not work. then ran ./run_setup.sh goes through original setup as normal, VPN connects successfully when complete, but UFW is not enabled/started, so i start it ufw enable however, then nothing works.. when i run ufw status no IPs have been added.

also, i had to perform the following as i received an error on initial run through chmod 744 get_token.sh

[sekthree]

i ran through the setup again, but this time in the 'get_region_and_token.sh' script i changed : ${PIA_ADD_VPN_ENDPOINT_TO_UFW:=false} to : ${PIA_ADD_VPN_ENDPOINT_TO_UFW:=true} low and behold this FINALLY added the endpoint to the firewall rules, it's still didn't autostart though. I also noticed my resolv.conf and nslookup both updated to 10.0.0.241. Despite both IPs being added to the UFW rules, my apps are still not returning queries (UFW enabled). through radarr logs i'm getting request time out.

[sekthree]

FINALLY FIGURED IT OUT! and it works GREAT! THANK YOU! for others that end up here. Whatever your UFW rules are you'll need to add two to allow the tunnel PIA creates, the firewall CAN be up for all of this: ufw allow in on tun06 ufw allow out on tun06

Install jq, curl, and openvpn (apt install) Clone Repo and update things:

  git clone https://github.com/iPherian/manual-connections.git
  cd manual-connections
  chmod +x get_token.sh
  chmod +x systemd_launcher.sh

Create login cred file, this should be a 644 file: vi login.txt enter your credentials for pia, username on first line, password on second: p123456 reallygoodpassword

Open/Edit piavpn-manual.service: vi piavpn-manual.service Update the variables containing $ to the respected assignments, and add a few.. here's mine for example: Note that I comment out region, this is so the scripts select the best region for me.

Environment="PIA_AUTH_FILE=/home/sekthree/manual-connections/login.txt"
#Environment="PIA_REGION=$REGION"
Environment="PIA_ON_DEMAND_UFW_RULES=true"
Environment="PIA_ADD_VPN_ENDPOINT_TO_UFW=true"
Environment="PIA_SERVERLIST_HOST_IP=138.68.22.119"
WorkingDirectory=/home/sekthree/manual-connections/
ExecStart=/home/sekthree/manual-connections/systemd_launcher.sh

Save, copy to service dir., enable, and start. cp piavpn-manual.service /etc/systemd/system/ systemctl enable piavpn-manual.service systemctl start piavpn-manual.service

Thanks to iPherian for this.CHEERS!

[iPherian]

@sekthree

Thanks to iPherian for this.CHEERS!

You're welcome!

Thanks for such a detailed guide on getting it working. Sorry for not replying, I mistakenly didn't have notifications on for this repo.

chmod +x get_token.sh
chmod +x systemd_launcher.sh

ufw allow in on tun06
ufw allow out on tun06

Very good points, i've fixed the permissions in the repo and updated the README.

[iPherian]

I'm not entirely sure how to run this. I added Environment="PIA_ADD_VPN_ENDPOINT_TO_UFW=true" to the piavpn-manual.service (i assume this is where it goes), turned off UFW (ufw disable) otherwise running setup would not work. then ran ./run_setup.sh goes through original setup as normal, VPN connects successfully when complete, but UFW is not enabled/started, so i start it ufw enable however, then nothing works.. when i run ufw status no IPs have been added.

For anyone who finds this issue in the future, adding vars to the *.service file only effects how it works when running in systemd ( e.g. systemctl start piavpn-manual.service ).

However, you can also run it manually like so:

(change $VARS as needed)

PIA_SERVERLIST_HOST_IP=xxx.xxx.xxx.xxx \
  PIA_ADD_VPN_ENDPOINT_TO_UFW=true \
  PIA_ON_DEMAND_UFW_RULES=true \
  PIA_AUTH_FILE=$AUTH_FILE \
  PIA_DNS=true \
  PIA_AUTOCONNECT=openvpn_udp_standard \
  PIA_PF=false \
  PIA_REGION=$REGION \
  ./get_region_and_token.sh

Added some examples to the README to illustrate this.