Automated scripts for Private Internet Access port forwarding
-
Thanks AccountIsTaken.
~~Correct me if I'm wrong but isn't the portion of the script dealing with the torrent client optional? As long as my pfsense NAT rule forwards the port I'm opening on the WAN side (set to the PIAPort Alias) to the port of my torrent client in my LAN subnet I should be ok, right? In other words:
WAN:PIAPort –> LAN:TorrentClient:port
I only care about updating the alias and will leave the port on the client side unchanged, letting pfSense port forwarding do it's thing.~~
I figured it would be easier to just test it out. I used your script minus the lines dealing with Deluge, meaning the script will only update the port alias and reload the filter in pfSense once the VPN connection is established. It works like a charm. My NAT rule has the port forwarding in the WAN interface using the PIAport alias but the destination port for the forwarded traffic on the LAN IP is a static value that never changes. That way I don't have to update my torrent client every time I reconnect the VPN.
-
Glad it's working for you jhboricua.
Yes the part dealing with the torrent client is completely optional. You could strip out that part without any problems as you've found. You could also program multiple port forwards as long as each port forward runs through a separate vpn client connection if you wanted to run various services. You just have to create multiple connections and update for each connection.
-
Thank you AccountIsTaken :D
Great script! Deluge is working perfectlyCan this be modified to work with Plex? I do get a port from PIA but I have to change the port manually in PMS every time it changes.
-
Hello
Anyone else having trouble executing the script after updating to pfsense 2.4.0 ??
I have added this to the end of "/etc/devd.conf"
notify 0 { match "system" "IFNET"; match "subsystem" "(ovpnc5)"; match "type" "LINK_UP"; action "/usr/local/bin/piaport/DelugePort_2.sh"; }; */I have also tride adding the belowe lines to OpenVPN -> Advanced Configuration -> Custom options
persist-key persist-tun remote-cert-tls server reneg-sec 0 route-up /usr/local/bin/piaport/DelugePort_2.shseems like it's not executing.
But if i open a ssh and run it manually it works like before. -
OK glad its not just me. I am having the exact same issue and since I'm new to pfSense and started with 2.4 I wasnt sure if this was just a problem with mine or not. Sorry I don't have a fix but its not just you.
-
It looks like you added the lines inside a comment. In any event, try putting it in a new .conf file in /usr/local/etc/devd/
You will probably have to create the devd directory. Name the file anything you want, as long as it ends in .conf
Do a /etc/rc.d/devd restart, and it should pick up the new rule.
This is working for me in 2.4.
Andy
-
Thank you ProHill
Your solution works for me too :D :D
-
Great thread, saved me lots of effort.
-
I seem to be getting inconsistent results all of a sudden, I notice the script works fine, I get the port from PIA and update the alias, the script exits correctly but checking if the port is open results in a close port.
If I run the "/etc/rc.filter_configure" from the command line after the script runs then the port becomes open. Running 2.4.3. Thoughts on what could be going on here?
-
Please see the second post in the thread for some new updates that take into account changes being made by PIA to the port forwarding mechanism.
My original scripts will stop working soon, as PIA are discontinuing the original API -
I seem to be getting inconsistent results all of a sudden, I notice the script works fine, I get the port from PIA and update the alias, the script exits correctly but checking if the port is open results in a close port.
If I run the "/etc/rc.filter_configure" from the command line after the script runs then the port becomes open. Running 2.4.3. Thoughts on what could be going on here?
Not sure what's going on there. I'm still running 2.4.2-p1.
I'll upgrade and see if I get the same behaviour.You might also want to give the new v1.05 script a try, as this works with the new API that PIA have introduced for port forwarding.
-
I seem to be getting inconsistent results all of a sudden, I notice the script works fine, I get the port from PIA and update the alias, the script exits correctly but checking if the port is open results in a close port.
If I run the "/etc/rc.filter_configure" from the command line after the script runs then the port becomes open. Running 2.4.3. Thoughts on what could be going on here?
Just updated to 2.4.3, and am not seeing this behaviour on my system with the 1.05 script.
-
Please check second post for another update.
For those who use Deluge on Synology NAS, I've now provided updated scripts to support it. -
I noticed that over time the PIA assigned port tends to close on me. Not sure if others experience the same. I find myself visiting port verifying sites like yougetsignal.com, etc to check whether the port is still open.
Any thoughts on how to script this check from the command line, I assume it would have to be able to use the specific interface and whatnot.
Just wondering if someone could put together a script to check whether the port is still open and if not, restart the vpn client.
EDIT: So I wrote a little script that checks the port, if closed from the exterior restarts the vpn service and sends an email. Of course, it assumes that you have installed AccountIsTaken's script (including the devd portion), email set up, and an alias for the forwarded port. I slapped it in a cron job.#!/bin/sh export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin # Config file CONFFILE=/cf/conf/config.xml # Interface name of vpn connection VPNCLIENT=2 INTERFACE="ovpnc$VPNCLIENT" # Get current NAT port number using xmlstarlet to parse the config file - requires alias 'PIAPort' to be present CURPORT=`xml sel -t -v '//alias[name="PIAPort"]/address' $CONFFILE` # Check forwarded port from the exterior OUTPUT=$(curl -s --interface $INTERFACE --max-time 10 -d "portNumber=$CURPORT" -X POST https://ports.yougetsignal.com/check-port.php 2>&1) if ! echo $OUTPUT | grep -iq "open"; then logger "pia-port - Port ($CURPORT) is closed on VPN ($INTERFACE) on `date`" # Notify via email echo "pia-port - Port ($CURPORT) is closed on VPN ($INTERFACE) on `date`" | /usr/local/bin/php /usr/local/bin/mail.php -s"pfSense PIA Port Forward" & # Restart openvpn client /usr/local/sbin/pfSsh.php playback svc restart openvpn client $VPNCLIENT fi -
@bagpuss None of the attachments you've linked are downloadable now. Do you have any updated links so I can give this solution a try?
Thanks
-
@pnot Have re-uploaded the files in post 2. I'm guessing the move to new forum software broke the original links.
Apologies for not responding sooner. -
This post is deleted! -
I had to add a 'sleep 10' top the start of the script, otherwise the script would have tried to query PIA before the link was established when triggered by devd.
I also added /etc/rc.filter_configure to the end of the script to actually reload the firefall rules. -
Can you post the details of the firewall rules again? I had it working at one point, but then switched ISPs and had to delete and recreate some interfaces and now I can't get the port-forwarding working again. Thanks.
-
Hello all, I had made some adjustments to the script, I changed it to update a Alias and not the rule, I need the port to other rules. I was able to get the port and update the alias. I use transmission, so i updated the port in transmission, also working. The problem is that the port still shows as closed in transmission even with the NAT rule (the same rule that was working in the previews version of the API). I tried to add "/etc/rc.filter_configure" but with no success.
Also the devd rule is not working, I made the setup to ovpnc1 (my interface) ad still not working.
Any help?
Thank you
