VR-Punk commented 3 years ago

PrivateInternetAccess: Where can i see my portforwarding port ?
transmission-daemon: The settings will be reset every time i launch vopono, where are the settings to change that ?

vopono is a cool software ! thx !!!

jamesmcm commented 3 years ago

For 1. I'm not sure, I think we can probably adapt PIA's script to do this automatically, but I'm no longer a PIA customer myself so I can't really do it right now.

For 2. which settings do you refer to? The main ones can be saved in the vopono config file in ~/.config/vopono/config.toml

VR-Punk commented 3 years ago

For 1: i tried https://github.com/pia-foss/manual-connections, and after launching vopono, i got a pia token with

PIA_USER=p0123456 PIA_PASS=xxx ./get_token.sh

then and want to get signature

curl -k "https://10.4.128.1:19999/getSignature?token=$TOKEN"

but get this error { "status": "ERROR", "message": "Unauthorized client" }

For 2: The settings of the transmission-daemon itself, in /etc/transmission-daemon/settings.json, will be reset every time i launch vopono. The only parts which are loaded correctly are the rpc parts of the settings.json for the tansmission remote-gui, everything else is wrong. Without vopono everything works well, so it's a vopono thing.

jamesmcm commented 3 years ago

For PIA:

In their script they run:

  payload_and_signature="$(curl -s -m 5 \
    --connect-to "$PF_HOSTNAME::$PF_GATEWAY:" \
    --cacert "ca.rsa.4096.crt" \
    -G --data-urlencode "token=${PIA_TOKEN}" \
    "https://${PF_HOSTNAME}:19999/getSignature")"

So maybe try that?

Regarding transmission-daemon:

Is the file itself overwritten? What if you pass the config dir in with --config-dir?

Could you please paste the exact command you run and I can try to test it.

VR-Punk commented 3 years ago

For PIA:

Is that correct ? payload_and_signature="$(curl -s -m 5 \ --connect-to "12.345.6.7::987.654.321.0:" \ --cacert "ca.rsa.4096.crt" \ -G --data-urlencode "token=12345ExampleDJAR\&j~q:.SF<kG7M^$5{*BqK;hWo^4321?=" \ "https://12.345.6.7:19999/getSignature")"

I'm not sure about the pia ip and gateway

i have one pia ip if i do

sudo route

if have a second pia ip if i do

http://ipmagnet.services.cbcdn.com/?hash=c1d7e72180231b4f7c6b317e90c57828cd63d419

and i have a third in the vopono verbose output if i do

vopono -v exec -k -f 9091 --provider privateinternetaccess --server switzerland-ch.ovpn "transmission-daemon -a ..."

For transmission:

without vopono i start it with

sudo systemctl start transmission-daemon

with vopono i use this

vopono -v exec -k -f 9091 --provider privateinternetaccess --server switzerland-ch.ovpn "transmission-daemon -a ..."

VR-Punk commented 3 years ago

i have installed the full run_setup.sh from https://github.com/pia-foss/manual-connections on my ubuntu notebook and now i have a Payload, a Signature and a Pia_Token ! I will use the data for vopono on my Debian NAS !

I have the address of the server with my open portforwarding ports

PF_HOSTNAME=zurichxxx PF_GATEWAY=10.x.xxx..x OVPN_SERVER_IP=156.xxx.xx.xxx OVPN_HOSTNAME=zurichxxx

I also have two files called standard.ovpn and strong.ovpn, which i guess have the login data for the PIA server in zurich, but the files are not compatible with vopono !

if i try to use the new *.ovpn files with vopono

vopono -v exec -k -f 9091 --provider privateinternetaccess --server standard.ovpn "transmission-daemon -a ..."

i got

Error: Failed to extract remotes from config file: /home/xxx/.config/vopono/pia/openvpn/standard.ovpn

How can i connect to the pia zurich ovpn server via vopono ?

VR-Punk commented 3 years ago

Is there a better VPN Service with portforwarding, which is full supported by vopono, and has a easier way to use portforwarding ?

VR-Punk commented 3 years ago

if i try to use the new PIA *.ovpn files with vopono I get this Error: Failed to extract remotes from "standard.ovpn" !!!

The official PIA "standard.ovpn"

client dev tun06 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server

auth-user-pass /opt/piavpn-manual/credentials compress verb 1 reneg-sec 0

disable-occ script-security 2 up /opt/piavpn-manual/openvpn_up.sh down /opt/piavpn-manual/openvpn_down.sh

The bash scripts called in the "standard.ovpn":

openvpn_up.sh:

!/bin/bash

echo $route_vpn_gateway > /opt/piavpn-manual/route_info

openvpn_down.sh:

!/bin/bash

rm -rf /opt/piavpn-manual/pia_pid /opt/pia-manual/route_info

The Vopono .ovpn files:

client dev tun proto udp remote swiss.privacy.network 1198 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server

auth-user-pass compress verb 1 reneg-sec 0

disable-occ

jamesmcm commented 3 years ago

Do you know how PIA has you select the server in that case? It's weird there is no remote server in the .ovpn file.

And I'd recommend Mullvad over PIA, but it really depends what you are using it for (Mullvad do not attempt Netflix ban evasion for example AFAIK, but I don't think PIA do either).

VR-Punk commented 3 years ago

I bought pia vpn for one month, only. I will buy Mullvad for one month and try to setup it with vopono. Do you have advises in the setup with vopono ?

VR-Punk commented 3 years ago

How can i check or test, that the NAS local lan network is not involved in the Mullvad VPN if i will use it with vopono ? I have only a SSH connection to the NAS on which vopono is installed.

jamesmcm commented 3 years ago

You can use vopono sync and choose Mullvad and it should auto-generate the config files :slightly_smiling_face:

Use Mullvad's test page with a browser for example: https://mullvad.net/en/check/

VR-Punk commented 3 years ago

I would like to use transmission-daemon on my NAS and if have a website which shows the vpn ip of my torrents. But if i stream a movie on my NAS to my Mediaplayer and my TV it should be done offline without using the vpn connection. Is there a way to check if vopono is working correct ?

jamesmcm commented 3 years ago

Yeah, forward the port for tranmission-daemon with the -k and -f XXXX flags, then Mullvad even has a torrent check you can do with a torrent file from them.

As for the rest you can just double check that it isn't going through the VPN e.g. curl ifconfig.co/json | jq . but it should be fine in any case.

VR-Punk commented 3 years ago

curl ifconfig.co/json | jq .

That is what i need, big thx

VR-Punk commented 3 years ago

hello, i bought mullvad and the port forwarding works well ! The settings of transmission-daemon are saved now with the option

--config-dir

Thx for your advices !!!

VR-Punk commented 3 years ago

hello,

i would like to launch vopono with any option to keep it running even if iwill close the terminal or the ssh connection doesn't work anymore. Do you know some kind of option ?

I tried to create a system.d service but without success:

[Unit] Description=VPN Transmission-Daemon After=network.target [Service] User=****** Type=notify ExecStart=/bin/vopono exec -k -f 9091 -o ****** -u ***** --protocol wireguard --provider mullvad --server romania "transmission-daemon -g /etc/transmission-daemon/ -a *.*.*.*" ExecStop=/bin/kill -s STOP $MAINPID ExecReload=/bin/kill -s HUP $MAINPID NoNewPrivileges=true [Install] WantedBy=multi-user.target

jamesmcm commented 3 years ago

I'll try to sort out the systemd unit stuff, do you know what the issue is?

For now you could run it in tmux and send it to the background though.

VR-Punk commented 3 years ago

The issue is, that the vopono command can't be executed. The rest is the original transmission-daemon.service !

ExecStart=/bin/vopono exec -k -f 9091 -o ****** -u ***** --protocol wireguard --provider mullvad --server romania "transmission-daemon -g /etc/transmission-daemon/ -a *.*.*.*"

But i will try tmux and send it to the background ! Thx !!!

jamesmcm commented 3 years ago

I got the systemd unit to work as a user unit if that's good enough:

/etc/systemd/user/vopono.service:

[Service]
ExecStart=/usr/bin/vopono -v exec -k -f 9091 --protocol wireguard --provider mullvad --server romania "transmission-daemon -a *.*.*.*"

Running as root doesn't work, even if you copy the config over (i.e. to /root/.config/vopono/) due to some permissions issue with the TCP proxy. I'll try to work it out.

Specifically: https://github.com/jamesmcm/basic_tcp_proxy/blob/e3adcff17b46ecd871ff7d6f785de987d4945272/src/lib.rs#L36 fails to bind when a connection is made (even if the connecting process is also running as root).

VR-Punk commented 3 years ago

Wow, thx ! I will try that !

VR-Punk commented 3 years ago

I haven't had time yet, please don't close this issue !

VR-Punk commented 3 years ago

I would like to use two user accounts on my system, one for the local network with samba and second one specially for vpn and vopono.

I tried this, but without success:

sudo nano /etc/systemd/vpn-.../vopono.service

[Service] ExecStart=/usr/bin/vopono -v exec -k -f 9091 --protocol wireguard --provider mullvad --server romania "transmission-daemon -a ..."

sudo chown vpn-... /etc/systemd/vpn-.../vopono.service sudo chmod 777 /etc/systemd/vpn-.../vopono.service sudo chmod 777 /usr/bin/vopono sudo chown vpn-... /usr/bin/vopono

vpn-****:/$ systemctl start vopono.service

Failed to start vopono.service: Access denied See system logs and 'systemctl status vopono.service' for details.

jamesmcm commented 3 years ago

If it's a system unit you'll need to start the service with sudo / as root.

But note then you'll hit issue #84 when trying to run transmission-daemon and vopono as root (I still need to fix this in basic_tcp_proxy). The better alternative is to use a systemd user service (you start it with the --user flag) - see the ArchWiki page

Basically you put the service unit file vopono.service in /etc/systemd/user and then run systemctl --user start vopono

VR-Punk commented 3 years ago

Error:

$ sudo systemctl --user enable vopono.service or $ sudo systemctl --user start vopono

Failed to connect to bus: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined (consider using --machine=@.host --user to connect to bus of other user)

In user accounts i can fix this in the .bashrc in the /home directory with

export XDG_RUNTIME_DIR=/run/user/$(id -u)

but i don't know how to fix this in a root account.

The the ArchWiki page shows solutions, but i'm new in ubuntu and can't fix it on my own. Is there a easy way to fix this ?

ArchWiki page:

Environment variables

The user instance of systemd does not inherit any of the environment variables set in places like .bashrc etc. There are several ways to set environment variables for the systemd user instance:

For users with a $HOME directory, create a .conf file in the ~/.config/environment.d/ directory with lines of the form NAME=VAL. Affects only that user's user unit. See environment.d(5) for more information.

Use the DefaultEnvironment option in /etc/systemd/user.conf file. Affects all user units.

Add a drop-in config file in /etc/systemd/system/user@.service.d/. Affects all user units; see #Service example

At any time, use systemctl --user set-environment or systemctl --user import-environment. Affects all user units started after setting the environment variables, but not the units that were already running.

Using the dbus-update-activation-environment --systemd --all command provided by dbus. Has the same effect as systemctl --user import-environment, but also affects the D-Bus session. You can add this to the end of your shell initialization file.

For "global" environment variables for the user environment you can use the environment.d directories which are parsed by some generators. See environment.d(5) and systemd.generator(7) for more information.

You can also write a systemd.environment-generator(7) script which can produce environment variables that vary from user to user, this is probably the best way if you need per-user environments (this is the case for XDG_RUNTIME_DIR, DBUS_SESSION_BUS_ADDRESS, etc).

One variable you may want to set is PATH.

After configuration, the command systemctl --user show-environment can be used to verify that the values are correct.

jamesmcm commented 3 years ago

I'd recommend running it as a user anyway, as it'll avoid issue #84

But the user will need to have passwordless sudo access if you want it to be fully automatic. I did this on my machine with the user systemd unit I posted above and it worked. Then you could add the dbus fix there.

The dbus thing is strange though, I've never had an issue with it, even though at the start I thought this would be a problem (like PulseAudio was) - see issue #45 - but in the end it just works on Arch Linux with no intervention.

VR-Punk commented 3 years ago

thx, that works ! But if i will close the ssh connection vopono will close too.

Jun 27 01:25:43 LS-QVL sudo[830]: pam_unix(sudo:session): session closed for user root Jun 27 01:25:43 LS-QVL systemd[372]: Stopping vopono.service... Jun 27 01:25:44 LS-QVL transmission-daemon[896]: Couldn't save temporary file "/etc/transmis> Jun 27 01:25:44 LS-QVL transmission-daemon[896]: Closing session Jun 27 01:25:44 LS-QVL systemd[372]: vopono.service: Succeeded. Jun 27 01:25:44 LS-QVL systemd[372]: Stopped vopono.service. Jun 27 01:25:44 LS-QVL systemd[372]: vopono.service: Consumed 3.352s CPU time.

jamesmcm commented 3 years ago

Running it in tmux or screen should work - anything to keep it alive.

VR-Punk commented 3 years ago

thank you very much, that works for me !

jamesmcm / vopono

Two questions #82

!/bin/bash

!/bin/bash