manual-connections icon indicating copy to clipboard operation
manual-connections copied to clipboard

Published 20 hours ago verified publisher icon pia-foss

using PF when connected on a CentOS server with openvpn

Open leloki opened this issue 3 years ago • 1 comments

Hi,

I am trying to obtain a PF assignment when I am already connected to PIA VPN. But so far, I do not succeed with the manual tools. The get_region, get_token are working ok. Its when I try to obtain a signature in the port_forwarding.sh script that I have a problem :

  • [[ ! -n 195.78.54.182 ]]

  • [[ ! -n +MYTOKENxxxxxxx= ]]

  • [[ ! -n amsterdam429 ]]

  • test -t 1 ++ tput colors

  • ncolors=8

  • test -n 8

  • test 8 -ge 8

  • GREEN='\033[0;32m'

  • RED='\033[0;31m'

  • NC='\033[0m'

  • [[ ! -n '' ]]

  • echo

  • echo -n 'Getting new signature... ' Getting new signature... ++ curl -s -v -m 5 --connect-to amsterdam429::195.78.54.182: --cacert ca.rsa.4096.crt -G --data-urlencode token=+MYTOKENxxxxxxx= https://amsterdam429:19999/getSignature

  • Connecting to hostname: 195.78.54.182
  • Trying 195.78.54.182:19999...
  • Connected to 195.78.54.182 (195.78.54.182) port 19999 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: ca.rsa.4096.crt
  • CApath: none
  • TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data]
  • TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data]
  • TLSv1.2 (IN), TLS handshake, Server hello (2): { [64 bytes data]
  • TLSv1.2 (IN), TLS handshake, Certificate (11): { [1977 bytes data]
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [589 bytes data]
  • TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data]
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data]
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data]
  • TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data]
  • TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data]
  • TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data]
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: C=US; ST=CA; L=LosAngeles; O=Private Internet Access; OU=Private Internet Access; CN=amsterdam429; name=amsterdam429
  • start date: Apr 20 06:34:17 2021 GMT
  • expire date: Oct 17 06:34:17 2021 GMT
  • subjectAltName: host "amsterdam429" matched cert's "amsterdam429"
  • issuer: C=US; ST=CA; L=LosAngeles; O=Private Internet Access; OU=Private Internet Access; CN=Private Internet Access; name=Private Internet Access; [email protected]
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x78ec80) } [5 bytes data]

GET /getSignature?token=+MYTOKENxxxxxxx= HTTP/2 Host: amsterdam429:19999 user-agent: curl/7.77.0 accept: /

{ [5 bytes data]

  • Connection state changed (MAX_CONCURRENT_STREAMS == 250)! } [5 bytes data] < HTTP/2 401 < content-type: text/plain; charset=utf-8 < x-content-type-options: nosniff < content-length: 64 < date: Tue, 15 Jun 2021 13:45:15 GMT < { [5 bytes data]
  • Connection #0 to host 195.78.54.182 left intact
  • payload_and_signature='{ "status": "ERROR", "message": "Unauthorized client" }'
  • export payload_and_signature ++ echo '{ "status": "ERROR", "message": "Unauthorized client" }' ++ jq -r .status
  • '[' ERROR '!=' OK ']'
  • echo -e '\033[0;31mThe payload_and_signature variable does not contain an OK status.\033[0m' The payload_and_signature variable does not contain an OK status.
  • exit 1

Here are my versions : CentOS Linux release 7.9.2009 kernel 3.10.0-1160.25.1.el7.x86_64 Curl : curl 7.77.0 (x86_64-pc-linux-gnu) libcurl/7.77.0 OpenSSL/1.0.2k-fips zlib/1.2.7 libssh2/1.8.0 nghttp2/1.33.0 Release-Date: 2021-05-26 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets

Could you please help me ? Loki

leloki avatar Jun 15 '21 13:06 leloki

You are using the public IP to access the PF API: 195.78.54.182. Here is how you can get the correct gateway IP: https://github.com/pia-foss/manual-connections/blob/master/connect_to_openvpn_with_token.sh#L214

g00nix avatar Jun 30 '21 18:06 g00nix