Automated scripts for Private Internet Access port forwarding



  • Please check second post for another update.
    For those who use Deluge on Synology NAS, I've now provided updated scripts to support it.



  • I noticed that over time the PIA assigned port tends to close on me. Not sure if others experience the same. I find myself visiting port verifying sites like yougetsignal.com, etc to check whether the port is still open.

    Any thoughts on how to script this check from the command line, I assume it would have to be able to use the specific interface and whatnot.

    Just wondering if someone could put together a script to check whether the port is still open and if not, restart the vpn client.
    EDIT: So I wrote a little script that checks the port, if closed from the exterior restarts the vpn service and sends an email. Of course, it  assumes that you have installed AccountIsTaken's script (including the devd portion), email set up, and an alias for the forwarded port. I slapped it in a cron job.

    
    #!/bin/sh
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
    
    # Config file
    CONFFILE=/cf/conf/config.xml
    
    # Interface name of vpn connection
    VPNCLIENT=2
    INTERFACE="ovpnc$VPNCLIENT"
    
    # Get current NAT port number using xmlstarlet to parse the config file - requires alias 'PIAPort' to be present
    CURPORT=`xml sel -t -v '//alias[name="PIAPort"]/address' $CONFFILE`
    
    # Check forwarded port from the exterior
    OUTPUT=$(curl -s --interface $INTERFACE --max-time 10 -d "portNumber=$CURPORT" -X POST https://ports.yougetsignal.com/check-port.php 2>&1)
    if ! echo $OUTPUT | grep -iq "open";  then
        logger "pia-port - Port ($CURPORT) is closed on VPN ($INTERFACE) on `date`"
    
        # Notify via email
        echo "pia-port - Port ($CURPORT) is closed on VPN ($INTERFACE) on `date`" | /usr/local/bin/php /usr/local/bin/mail.php -s"pfSense PIA Port Forward" &
    
        # Restart openvpn client
        /usr/local/sbin/pfSsh.php playback svc restart openvpn client $VPNCLIENT
    fi
    
    


  • @bagpuss None of the attachments you've linked are downloadable now. Do you have any updated links so I can give this solution a try?

    Thanks



  • @pnot Have re-uploaded the files in post 2. I'm guessing the move to new forum software broke the original links.
    Apologies for not responding sooner.



  • This post is deleted!


  • I had to add a 'sleep 10' top the start of the script, otherwise the script would have tried to query PIA before the link was established when triggered by devd.
    I also added /etc/rc.filter_configure to the end of the script to actually reload the firefall rules.



  • Can you post the details of the firewall rules again? I had it working at one point, but then switched ISPs and had to delete and recreate some interfaces and now I can't get the port-forwarding working again. Thanks.



  • Hello all, I had made some adjustments to the script, I changed it to update a Alias and not the rule, I need the port to other rules. I was able to get the port and update the alias. I use transmission, so i updated the port in transmission, also working. The problem is that the port still shows as closed in transmission even with the NAT rule (the same rule that was working in the previews version of the API). I tried to add "/etc/rc.filter_configure" but with no success.

    Also the devd rule is not working, I made the setup to ovpnc1 (my interface) ad still not working.

    Any help?

    Thank you



  • @Soloam said in Automated scripts for Private Internet Access port forwarding:

    Hello all, I had made some adjustments to the script, I changed it to update a Alias and not the rule, I need the port to other rules. I was able to get the port and update the alias. I use transmission, so i updated the port in transmission, also working. The problem is that the port still shows as closed in transmission even with the NAT rule (the same rule that was working in the previews version of the API). I tried to add "/etc/rc.filter_configure" but with no success.

    Also the devd rule is not working, I made the setup to ovpnc1 (my interface) ad still not working.

    Any help?

    Thank you

    Hi Soloam,

    We really need some more detail on what changes you've made.

    As a starting point, please could you attach:

    1. Screenshot of Firewall -> NAT -> Port Forward
    2. Screenshot of Firewall -> Rules -> whatever interface your port forward is configured on (e.g. mine is on my first VPN interface).
    3. More details of how you're using aliases to affect the port forward.
    4. Details on what you're doing that means you have other rules using the port.
    5. The modified script with your changes.

    If Transmission is still saying that the port is closed, then it likely is. You could try using yougetsignal.com to test if it's open. Remember, your outgoing traffic to yougetsignal.com must be coming from the same interface that the port forward is configured on, or you must put the external IP for the appropriate interface into the 'Remote Address' field.

    Andy.



  • @Bagpuss thank you, problem is solved! It was a typo error. Sorry

    Thank You
    Best Regards



  • @Soloam Hi! Could you please share your updated version of the script? Thank you in advance !



  • Hi! Thanks for this very useful script. I'm having a problem where the config automatically reverts after a minute or so:

    Using version 1.06 on 2.4.4-RELEASE-p3 and the devd script. Everything works fine, the port change is pulled from PIA, applied to the config, and placed in pia_port.txt. However, after a minute the config reverts to what is was prior to the script running. If I watch the webGUI Firewall/Aliases/Ports after restarting the openvpn instance, I can see the alias for my port is successfully changed to the new value, but after about a minute it goes back to what it was before running the script. Therefore, only the pia_port.txt has the new value for the port, and the config.xml still has the old one. Is this due to some config file lock or something that prevents scripts from replacing config.xml? I can't find a way around it. No matter what changes this script makes to the config, after running cp /tmp/config.pia $CONFFILE and then rm /tmp/config.cache, the changes only persist for the next 1 minute. Any ideas?



  • @Soloam do you mind sharing your script please?



  • @fm808 Hey, check the thread bellow. It is a re-written and updated one. Be sure you read the first three port replies as there is a missing piece in the OP.

    https://forum.netgate.com/topic/150156/pia-automatic-port-forward-update-for-transmission-daemon



  • @HolyK it didnt work following that guide, i keep getting

    [PIA] Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding.



  • @fm808 Are you on most-recent version of pfSense ? (currently 2.4.5-RELEASE-p1). I had similar issue on 2.4.4 last month but after update to 2.4.5 issues disappeared. Check the version, update if possible and post in the other thread (as here it is a quite obsolete).



  • @HolyK i am on latest version



  • @fm808 I'll post back when I'm back home



  • @HolyK i got it to work, just used a different server and made some modification to the script to suit my use case, had to change the ssh user, i am not using 'transmission' but something else (that was part 1 of the issue) then i just had to find a current gen server that worked with the API...DE Frankfurt is what worked for me, tried Switzerland and other locations but it didn't work.



  • @fm808 Cool ! Glad you figured it out :]


Log in to reply