manual-connections
manual-connections copied to clipboard
using PF when connected on a CentOS server with openvpn
Hi,
I am trying to obtain a PF assignment when I am already connected to PIA VPN. But so far, I do not succeed with the manual tools. The get_region, get_token are working ok. Its when I try to obtain a signature in the port_forwarding.sh script that I have a problem :
-
[[ ! -n 195.78.54.182 ]]
-
[[ ! -n +MYTOKENxxxxxxx= ]]
-
[[ ! -n amsterdam429 ]]
-
test -t 1 ++ tput colors
-
ncolors=8
-
test -n 8
-
test 8 -ge 8
-
GREEN='\033[0;32m'
-
RED='\033[0;31m'
-
NC='\033[0m'
-
[[ ! -n '' ]]
-
echo
-
echo -n 'Getting new signature... ' Getting new signature... ++ curl -s -v -m 5 --connect-to amsterdam429::195.78.54.182: --cacert ca.rsa.4096.crt -G --data-urlencode token=+MYTOKENxxxxxxx= https://amsterdam429:19999/getSignature
- Connecting to hostname: 195.78.54.182
- Trying 195.78.54.182:19999...
- Connected to 195.78.54.182 (195.78.54.182) port 19999 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- successfully set certificate verify locations:
- CAfile: ca.rsa.4096.crt
- CApath: none
- TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data]
- TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data]
- TLSv1.2 (IN), TLS handshake, Server hello (2): { [64 bytes data]
- TLSv1.2 (IN), TLS handshake, Certificate (11): { [1977 bytes data]
- TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [589 bytes data]
- TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data]
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data]
- TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data]
- TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data]
- TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data]
- TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data]
- SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- ALPN, server accepted to use h2
- Server certificate:
- subject: C=US; ST=CA; L=LosAngeles; O=Private Internet Access; OU=Private Internet Access; CN=amsterdam429; name=amsterdam429
- start date: Apr 20 06:34:17 2021 GMT
- expire date: Oct 17 06:34:17 2021 GMT
- subjectAltName: host "amsterdam429" matched cert's "amsterdam429"
- issuer: C=US; ST=CA; L=LosAngeles; O=Private Internet Access; OU=Private Internet Access; CN=Private Internet Access; name=Private Internet Access; [email protected]
- SSL certificate verify ok.
- Using HTTP2, server supports multi-use
- Connection state changed (HTTP/2 confirmed)
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
- Using Stream ID: 1 (easy handle 0x78ec80) } [5 bytes data]
GET /getSignature?token=+MYTOKENxxxxxxx= HTTP/2 Host: amsterdam429:19999 user-agent: curl/7.77.0 accept: /
{ [5 bytes data]
- Connection state changed (MAX_CONCURRENT_STREAMS == 250)! } [5 bytes data] < HTTP/2 401 < content-type: text/plain; charset=utf-8 < x-content-type-options: nosniff < content-length: 64 < date: Tue, 15 Jun 2021 13:45:15 GMT < { [5 bytes data]
- Connection #0 to host 195.78.54.182 left intact
- payload_and_signature='{ "status": "ERROR", "message": "Unauthorized client" }'
- export payload_and_signature ++ echo '{ "status": "ERROR", "message": "Unauthorized client" }' ++ jq -r .status
- '[' ERROR '!=' OK ']'
- echo -e '\033[0;31mThe payload_and_signature variable does not contain an OK status.\033[0m' The payload_and_signature variable does not contain an OK status.
- exit 1
Here are my versions : CentOS Linux release 7.9.2009 kernel 3.10.0-1160.25.1.el7.x86_64 Curl : curl 7.77.0 (x86_64-pc-linux-gnu) libcurl/7.77.0 OpenSSL/1.0.2k-fips zlib/1.2.7 libssh2/1.8.0 nghttp2/1.33.0 Release-Date: 2021-05-26 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
Could you please help me ? Loki
You are using the public IP to access the PF API: 195.78.54.182
. Here is how you can get the correct gateway IP: https://github.com/pia-foss/manual-connections/blob/master/connect_to_openvpn_with_token.sh#L214