Private Internet Access Feed

timtrace

Greetings - are you a PIA user who finds one or more of their aggregators in a blacklist every now and then? This topic might be for you. You can build a feed and an IPv4 Custom_List to help keep those pesky false positives from harshing your mellow. For your ongoing amusement, the packet count should show up in the pfB widget.

Assuming you know your way around pfBlockerNG_Devel ...

1. Make a CRON job that executes this oneliner:

fetch -o /tmp/PIA.json "https://serverlist.piaservers.net/vpninfo/servers/v6" ; jq -r '.regions[].servers.ovpntcp[].ip,.regions[].servers.ovpnudp[].ip' /tmp/PIA.json | sort -n | uniq | iprange > /var/db/pfblockerng/PIA_v4.txt

2. Build a permit-outbound IPv4 feed with the outfile as the source.

3. Expand the IPv4 Custom_List section of your feed. Enable domain/AS, then copy in the contents of this text file.. Unfortunately, PIA removed their DNS server list from their website so we have to use this list.

4. Save your feed, drag it high in your IPv4 list, and reload your IP feeds. The PIA aggregators will now be in a safelist.

A process improvement for another day - converge the feed with the custom list. Download PIA's DNS server list from their website, resolve it for IPs, merge it into the jq outfile, and sort/deduplicate. Of course, that server list has to be available for download first.

timtrace

v1.1 - writes date/time at the top of the outfile.

fetch -o /tmp/PIA.json "https://serverlist.piaservers.net/vpninfo/servers/v6";jq -r '.regions[].servers.ovpntcp[].ip,.regions[].servers.ovpnudp[].ip' /tmp/PIA.json | sort -n | uniq | iprange > /var/db/pfblockerng/PIA_v4.txt;setenv PIAdate `date "+%Y-%m-%dT%H:%M:%S"`;sed -i '' -e "1s/^/#$PIAdate\n/g" /var/db/pfblockerng/PIA_v4.txt