Port Forward with PIA vpn service

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Noremacyug

Regular Contributor
So I've searched this out over the past few months and I think I even may have started a thread here or elsewhere on the net about it. Regardless, I've never found a method that works. I reached out to PIA and asked them if I had any options for enabling a port or two to be forwarded. The response I received was less than helpful to me as I don't know enough about scripting, etc to make any use of the response. Here is the link they gave me regarding the matter.

https://www.privateinternetaccess.c...arding-without-the-application-advanced-users

I didn't know if anyone out there could help me implement this or if it's even possible to do so on the openvpn client on a ac66u.

Thanks


Sent from my iPhone
 

balcy24

Occasional Visitor
So I've searched this out over the past few months and I think I even may have started a thread here or elsewhere on the net about it. Regardless, I've never found a method that works. I reached out to PIA and asked them if I had any options for enabling a port or two to be forwarded. The response I received was less than helpful to me as I don't know enough about scripting, etc to make any use of the response. Here is the link they gave me regarding the matter.

I am not sure what you are trying to accomplish but I was having trouble getting uTorrent and port forwarding to work with PIA. After doing a ton of research I came across a tip that worked for me. Using the PIA advanced interface, enter a remote port number (I used 9201) and check port forwarding. In your router under LAN, create a rule for forwarding port 9201 to your client and it should work. Like I said I am not sure what you are trying to do but this allows port forwarding from inside PIA. The key was making sure the router forwarded the same port PIA requires.
 

Noremacyug

Regular Contributor
I am not sure what you are trying to accomplish but I was having trouble getting uTorrent and port forwarding to work with PIA. After doing a ton of research I came across a tip that worked for me. Using the PIA advanced interface, enter a remote port number (I used 9201) and check port forwarding. In your router under LAN, create a rule for forwarding port 9201 to your client and it should work. Like I said I am not sure what you are trying to do but this allows port forwarding from inside PIA. The key was making sure the router forwarded the same port PIA requires.


What pia interface are you referring to? The program installed on your pc?


Sent from my iPhone
 

Noremacyug

Regular Contributor
That's what I figured. Unfortunately that won't do anything for me and my setup. My router is the actual openvpn client that connects to pia and everything behind it is encrypted/anonomized. Be it my computer, cell phone, game systems, etc it's all protected. I need to have the router request a port forward for a application or two and it's not be an easy task so far. Just hoping a more advanced user on here could help me out.


Sent from my iPhone
 

nairn62

Occasional Visitor
Opening a PIA Port using OpenVPN and a Shell Script

Hi,

here's a quick&dirty shell file: PIA_Port.sh that I run inside the openvpn-event file that's located in the /jffs/scripts folder e.g. I run:

#Don't forget the & at the end
/jffs/scripts/PIA_Port.sh &

It works for me. Just fill in your PIA Username and Password. I now can download torrents using Transmission via an open PIA port. After loading up OpenVPN, the file: /tmp/PIA_PORT contains the port that is used for port forwarding.

Regards

Nairn62

#!/bin/sh
if [ `ps | grep -v grep | grep vpnclient1 | wc -l` -ne 0 ]; then
pingCOUNT=5
INTERFACE=tun11
BIND_ADDR="`/sbin/ifconfig $INTERFACE | /usr/bin/awk '$1 == \"inet\" {print $2}' | /usr/bin/awk -F: '{print $2}'`"
echo $BIND_ADDR > /tmp/PIA_ADDR
/bin/ping -c 1 $BIND_ADDR > /dev/null
pingCOUNT2=$(/bin/ping -c $pingCOUNT $BIND_ADDR | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $pingCOUNT -eq $pingCOUNT2 ]; then
if [ `ps | grep -v grep | grep transmission-daemon | wc -l` -eq 0 ]; then
/usr/bin/head -n 100 /dev/urandom | /usr/bin/md5sum | /usr/bin/tr -d " -" > /tmp/.pia_client_id
/opt/bin/curl -k -d "user=MY_PIA_USERNAME&pass=MY_PIA_PASSWORD&client_id=$(/bin/cat /tmp/.pia_client_id)&local_ip=$BIND_ADDR" https://www.privateinternetaccess.c...ll|/bin/grep -oE "[0-9]+" | tee /tmp/PIA_PORT
/opt/bin/transmission-daemon --peerport=$(/bin/cat /tmp/PIA_PORT) --bind-address-ipv4 $BIND_ADDR --rpc-bind-address 0.0.0.0 --config-dir /opt/etc/transmission-daemon
fi
fi
fi
 

Noremacyug

Regular Contributor
Hi,

here's a quick&dirty shell file: PIA_Port.sh that I run inside the openvpn-event file that's located in the /jffs/scripts folder e.g. I run:

#Don't forget the & at the end
/jffs/scripts/PIA_Port.sh &

It works for me. Just fill in your PIA Username and Password. I now can download torrents using Transmission via an open PIA port. After loading up OpenVPN, the file: /tmp/PIA_PORT contains the port that is used for port forwarding.

Regards

Nairn62

#!/bin/sh
if [ `ps | grep -v grep | grep vpnclient1 | wc -l` -ne 0 ]; then
pingCOUNT=5
INTERFACE=tun11
BIND_ADDR="`/sbin/ifconfig $INTERFACE | /usr/bin/awk '$1 == \"inet\" {print $2}' | /usr/bin/awk -F: '{print $2}'`"
echo $BIND_ADDR > /tmp/PIA_ADDR
/bin/ping -c 1 $BIND_ADDR > /dev/null
pingCOUNT2=$(/bin/ping -c $pingCOUNT $BIND_ADDR | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $pingCOUNT -eq $pingCOUNT2 ]; then
if [ `ps | grep -v grep | grep transmission-daemon | wc -l` -eq 0 ]; then
/usr/bin/head -n 100 /dev/urandom | /usr/bin/md5sum | /usr/bin/tr -d " -" > /tmp/.pia_client_id
/opt/bin/curl -k -d "user=MY_PIA_USERNAME&pass=MY_PIA_PASSWORD&client_id=$(/bin/cat /tmp/.pia_client_id)&local_ip=$BIND_ADDR" https://www.privateinternetaccess.c...ll|/bin/grep -oE "[0-9]+" | tee /tmp/PIA_PORT
/opt/bin/transmission-daemon --peerport=$(/bin/cat /tmp/PIA_PORT) --bind-address-ipv4 $BIND_ADDR --rpc-bind-address 0.0.0.0 --config-dir /opt/etc/transmission-daemon
fi
fi
fi

where does it output what port PIA assigns to you so you know what port to use in your torrent clients? I've also, switched over to ddwrt to give it a try, but i'm assuming i could somehow utilize this script.

lastly, do you have any issues with PIA disconnecting randomly but on a frequent basis. I'm not 100% sure it's there service and not my router causing the disconnect. just wondering how it's been working for you.

(edit) - after looking back over your post.... are you using the transmission client on the router? if so, that won't do anything for me as i need to open port(s) to clients on my network, not the router itself.
 
Last edited:

Titaantje

New Around Here
Thread seems outdated but it covers my question exactly. Didn't find any solution anywhere else yet.

If anybody who got this (asuswrt (merlin) port forwarding through PIA) to work, please let us know :)
 

Kevin O

New Around Here
the script that @narin62 would be effective but it somehow got truncated by the forum web-link grabber. it converted a line of the script into a link which warped it into the code just after the link. would it be possible for this script to be reposted? I would be quite pleased. The fact that it uses merlins openvpn-event makes it VERY appropriate for merlin users, and far superior to other scripts I've found which often rely on cron jobs.
 

Martineau

Part of the Furniture
the script that @narin62 would be effective but it somehow got truncated by the forum web-link grabber. it converted a line of the script into a link which warped it into the code just after the link. .

Simply right click the 'warped' URL, then click 'Inspect Element' and then you can copy the true code!

Code:
https://www.privateinternetaccess.c...ll|/bin/grep -oE "[0-9]+" | tee /tmp/PIA_PORT

becomes

https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null | /bin/grep -oE "[0-9]+" | tee /tmp/PIA_PORT
 

Kevin O

New Around Here
Many thanks! Ive scoured the web for a functional script and this is the only one I've come across. Again, thank you.
 

kman

Regular Contributor
I am able to retrieve the port however, when setting it up in Transmission and testing it using the GUI, I am getting Incoming Port is closed. Check your firewall settings.

Does this need to be enabled in the IPTABLES as well? Any insight will be appreciated.
 

kman

Regular Contributor
Also, PIA has introduced a new API that is much simpler and the existing method mentioned in post #6 will be deprecated. See post here.

Key differences:
  • Require a 256-bit ID in Base36 format key. I am not sure how this can be generated within the script, so it may be worthwhile to generate that using a 256-bit calculator as per PIA-Comment_45712
  • The script has to run with 2-minutes of obtaining VPN connection
Code:
#!/bin/sh
if [ `ps | grep -v grep | grep vpnclient1 | wc -l` -ne 0 ]; then
  pingCOUNT=5
  INTERFACE=tun11
  BIND_ADDR="`/sbin/ifconfig $INTERFACE | /usr/bin/awk '$1 == \"inet\" {print $2}' | /usr/bin/awk -F: '{print $2}'`"
  echo $BIND_ADDR > /tmp/PIA_ADDR
  /bin/ping -c 1 $BIND_ADDR > /dev/null
  pingCOUNT2=$(/bin/ping -c $pingCOUNT $BIND_ADDR | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
  if [ $pingCOUNT -eq $pingCOUNT2 ]; then
    if [ `ps | grep -v grep | grep transmission-daemon | wc -l` -eq 0 ]; then
      curl --interface tun11 -k -d "client_id=SHA256KEY" http://209.222.18.222:2000 2>/dev/null | /bin/grep -oE "[0-9]+" | tee /tmp/PIA_PORT
      /opt/bin/transmission-daemon --peerport=$(cat /tmp/PIA_PORT) --bind-address-ipv4 $BIND_ADDR --rpc-bind-address 0.0.0.0 --config-dir /opt/etc/transmission-daemon
    fi
  fi
fi

However, still unable to successfully use the port in Transmission. I think I am missing some IPTABLES command.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top