WireGuard and PIA

[ZodiacUHD]

Hello everyone,

I was wondering if anyone had success setting up a jail running transmission and connectin to PIA VPN using WG instead of OpenVPN.

I'd like to switch to this solution but i don not have the knowledge to do it on my own: i can follow a guide for openvpn and understand what is going on but i wouldn't be able to start one from scratch.

If anyone would be so kind to help, i'd be very glad,

Cheers

 

[Dan Tudora]

hello
maybe that help
https://www.truenas.com/community/resources/how-to-setup-a-wireguard-vpn-server-in-a-jail.147/
success

 

[ZodiacUHD]

I've already stumbled upon that post, unfortunately i get kinda lost after the basic installation of what is required. I'll keep researching trying to understand it.

 

[Dan Tudora]

running transmission and connectin to PIA VPN

hello
what is PIA VPN and for what ??
try read disscutions in the thread maybe help
success

 

[ZodiacUHD]

Hey Dan,

PIA stands for Private Internet Access and it's a VPN that lets you mask your IP as if you were connecting from somewhere else, particularly useful with Transmission.

cheers

 

[Dan Tudora]

hello
I joke with VPN question
but what for ??
try PopcornTime for movies if you want !!
success

 

[ZodiacUHD]

I'm well aware of popcorntime, it's just not something that fits my usecase. Thanks anyway for the suggestion ;)

 

[Patrick M. Hausen]

I have a droplet at Digital Ocean with a WireGuard endpoint in the US. 6€/month.

 

[Dan Tudora]

hey again
maybe a direct question to the OP of the resources help
cheers

 

[ZodiacUHD]

Hey there Patrick,

thanks for the reply. As afr as i'm aware they are officialy supporting WG now. i'll keep digging ;)

 

[Patrick M. Hausen]

If they do support WireGuard they should have documentation available for that specific use case. But none of us has got a crystal ball and tonight was the very first time I heard of PIA ...

 

[Dan Tudora]

well, well
if your particular case need some help, call provider !!
of VPN of course
cheers

 

[Dan Tudora]

But none of us has got a crystal ball

hey
I have one that but is something like snow in that
must to ask my child what is in that
some VPN ??
weird
cheers

 

[Patrick M. Hausen]

@ZodiacUHD Seems like you are right about WireGuard support on PIA's side. Possibly this is helpful:

Private Internet Access (PIA) WireGuard Guide/Script

Private Internet Access (PIA) WireGuard Guide/Script

forum.opnsense.org

 

[Dan Tudora]

@ZodiacUHD Seems like you are right about WireGuard support on PIA's side. Possibly this is helpful:

Private Internet Access (PIA) WireGuard Guide/Script

Private Internet Access (PIA) WireGuard Guide/Script

forum.opnsense.org

is toooooo much for that situation
user need some help in their usercase/situation
DO NOT tell to read another documentation from another site/vendor
IF you have a solution for their "weird" need provided solution
user can't use OpenPfsense as solution
cheers

 

[Patrick M. Hausen]

This is a description how to set up WireGuard on OPNsense to connect to PIA. OPNsense is FreeBSD and WireGuard is WireGuard, so all the essential things should be adaptable. I do not recommend installing OPNsense ...

I don't have a solution. I don't use PIA - how should I have one? Here's one guy who documented how to do this on another FreeBSD based product. The OP should at least check that resource.

 

[Dan Tudora]

I do not recommend installing OPNsense ...

I USE Pfsense and 1 OpenSense
for me OpenSense make tooooo many update/change for a mature/stable firewall
for the OP you MUST define your need
IF you need some special "need" use PM
cheers everyone
going to sleep

 

[alwu]

i got PIA vpn with wireguard running in a transmission jail. i updated this thread with how i did it. GUIDE: Setting up Transmission with OpenVPN and PIA

 

[goerz]

Hello everyone,

I was wondering if anyone had success setting up a jail running transmission and connectin to PIA VPN using WG instead of OpenVPN.

I'd like to switch to this solution but i don not have the knowledge to do it on my own: i can follow a guide for openvpn and understand what is going on but i wouldn't be able to start one from scratch.

If anyone would be so kind to help, i'd be very glad,

Cheers

I managed to use wireguard for my PIA VPN connection. Also, I managed to have wireguard connect automatically at startup, opening a port and forwarding it to transmission.

I started from the scripts found here:

GitHub - glorious1/manual-connections: Scripts for manual connections to Private Internet Access

Scripts for manual connections to Private Internet Access - glorious1/manual-connections

github.com

I put all these scripts in /PIA in my jail. I changed most of the references from relative to absolute paths. In run_setup.sh I specified the location of a file with my VPN credentials, and I set the connection mode to wireguard:

Code:

PIA_AUTOCONNECT="wireguard"

I also fixed a small error in connect_to_wireguard_with_token.sh that prevented port forwarding: the variables PF_GATEWAY and PF_HOSTNAME must exported in order to be used by the port_forwarding.sh script.

Code:

PIA_TOKEN=$PIA_TOKEN \
  PF_GATEWAY="$(echo "$wireguard_json" | jq -r '.server_vip')" \
export PF_GATEWAY
  PF_HOSTNAME="$WG_HOSTNAME" \
export PF_HOSTNAME

Then I wrote another simple script and saved it in /PIA as VPNstart.sh:

Code:

#!/usr/local/bin/bash

cd /PIA
/usr/local/bin/bash /PIA/run_setup.sh

it is important to change the working directory to where your scripts are, otherwise the wireguard script won't find the authentication certificate (ca.rsa.4096.crt). And I added these lines in /etc/crontab:

Code:

@reboot root /PIA/VPNstart.sh
*/15 * * * * root /PIA/refresh_pia_port.sh

This way the VPNstart.sh scripts starts at every reboot, calling run_setup.sh and the rest of the VPN connection procedure.
The refresh_pia_port.sh script is run every 15 minutes to keep the port open.
However, it is important to change the SHELL line in crontab to use bash instead of sh:

Code:

SHELL=/usr/local/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

Hope this helps. My transmission jail has been running smoothly for more than a day now.

 

[YujiTFD]

Sorry for bumping it up, but I still fail to get WG working in TrueNAS Jails.
FreeBSD 12.2, VNET, Berkley Packet Filer, fixed IP are on, intend on using as dedicated Bittorrent jails.

Also follow the https://github.com/glorious1/manual-connections, but can't move past number 2, always get this error:

Code:

[#] ifconfig wg create name pia
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go pia
/usr/local/bin/wg-quick: line 33: wireguard-go: command not found
[#] ifconfig pia destroy
ifconfig: interface pia does not exist

But when I "pkg install wireguard-go", I get

Code:

[#] ifconfig wg create name pia
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go pia
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
ERROR: (pia) 2021/06/21 11:40:18 Failed to create TUN device: open /dev/tun: no such file or directory
[#] ifconfig pia destroy
ifconfig: interface pia does not exist

What do I do wrong? I have PIA account clock ticking, but can't use it as intended :(