manual-connections icon indicating copy to clipboard operation
manual-connections copied to clipboard

Published 20 hours ago verified publisher icon pia-foss

Dedicated IP address - Wireguard config

Open Colton opened this issue 4 years ago • 11 comments

Hey!

I recently purchased a dedicated IP address from PIA and was wondering if there's a way to specify that dedicated IP token in the script, or if not, if it's possible to put that token in a Wireguard .conf file to connect to that dedicated IP.

Thank you in advance!

Colton avatar Jan 20 '21 23:01 Colton

Using manual connections with dedicated IPs is possible, but not documented. We will have to add a separate folder with scripts that allow you to connect to your dedicated IP using your token. This ticked should stay opened till we have added this functionality, however this repository currently has a bigger merge on the roadmap so it will take some times till we focus on a script for dedicated IPs.

From a technical point of view, it is not possible to put the token in a WireGuard .conf file (that is not how WireGuard works), however you can query the WireGuard API with your token to publish the desired WireGuard public key to the server. The API call is a bit different from the API call used in the existing scripts from this repo, as you would have to use basic authentication instead of GET variables.

I can understand the frustration of not being able to connect with to your dedicated IP with a native script. If you have the time, we can talk on Telegram and maybe we get far enough to adapt the scripts so that usage with dedicated IPs becomes possible.

g00nix avatar Jan 20 '21 23:01 g00nix

@g00nix,

Thank you tons for your informative response. I'm going to mess around with this tomorrow and see what I can come up with. Depending on what I figure out, I may send you a Telegram message and go from there. I really appreciate your fast response, talk soon!

Colton avatar Jan 21 '21 04:01 Colton

Hey guys! I managed to get the Wireguard config for my dedicated IP. Instructions:

  1. You need to figure out in some way what is the IP and the dedicated IP hostname is. The easiest way to do it is to active your dedicated IP in the PIA app on your computer and read the "account.json" file, all the data will be there. The directory with this file is defined here: https://github.com/pia-foss/desktop/blob/d44ae75d39cf2761f78c33b08999ba35e3639d3c/common/src/builtin/path.h#L83 There is a way of getting that info via a separate API call to PIA servers, but i do not have time to figure out what and how to call...
  2. Look at "dedicatedIps" field of the json stored in "account.json". It is an array. You are interested in getting "cn", "dipToken" and "ip" fields of a dedicated IP of your choice.
  3. Now when you know these things, you are ready to request the Wireguard config via the following request:
curl -s -G --verbose \
--connect-to "${CN}::${IP}:" \
-u "dedicated_ip_${DIPTOKEN}_${RANDOM8CHARS}:${IP}" \
--cacert "ca.rsa.4096.crt" \
--data-urlencode "pubkey=${RANDOM_PUBKEY}" \
"https://${CN}:1337/addKey"

Replace the variables with the data that you found in your "account.json". Make sure that you run this query in a directory with the "ca.rsa.4096.crt" certificate (part of this repo). Replace ${RANDOM_PUBKEY} with some randomly generate string (via wg genkey | wg pubkey for example), replace ${RANDOM8CHARS} with some random chars, it is an identifier of your device where you are going to run the WG client.

As a response, you will get all you need to set up a WG client :) I hope that helps. Maybe I will find some time to modify the current scripts, but I cant guarantee.

Use the following template to create the working connection:

[Interface]
PrivateKey = ${PRIVATE_KEY}
Address = ${peer_ip}/24
DNS = 1.1.1.1,8.8.8.8

[Peer]
PublicKey = ${server_key}
AllowedIPs = 0.0.0.0/0
Endpoint = ${server_ip}:${server_port}
PersistentKeepalive = 25

The ${PRIVATE_KEY} here is the one you used to generate the public that you used in place of ${RANDOM_PUBKEY}.

c58 avatar Mar 01 '22 07:03 c58

I got this to work, get a PIA Wireguard config of a purchased dedicated IP, by following this:

https://forum.gl-inet.com/t/configure-wireguard-client-to-connect-to-nordvpn-servers/10422/27

First I installed PIA for linux and then I could get all the information from the WG interface wgpio0.

wtf911 avatar Dec 26 '22 01:12 wtf911

I followed the steps listed and when using the curl command I seem to get a valid response but when I try to use the config it won't connect. Any suggestions as to what I could be doing wrong?

xtinct101 avatar Feb 22 '23 18:02 xtinct101

You can use curl or do as I did in my previous post which is install PIA for linux, connect to your dedicated IP, and then get the information from terminal. That said, here is an example of my working config (with personal info removed)(Endpoint = IP:port):

[Interface] Address = 10.x.x.x/24 ListenPort = x PrivateKey = x DNS = 10.0.0.242

[Peer] AllowedIPs = 0.0.0.0/0 Endpoint = x:x PersistentKeepalive = 25 PublicKey = x

wtf911 avatar Feb 22 '23 18:02 wtf911

That's what mine looks like except I dont have the listen port. One isn't listed using curl. I'll try installing PIA on linux.

[Interface] PrivateKey = bsSxxxxxxxQ4= Address = 10.x.x.x/24 DNS = 10.0.0.243,10.0.0.242

[Peer] PublicKey = 2xxxxxxxxxxQ4= AllowedIPs = 0.0.0.0/0 Endpoint = x:1337 PersistentKeepalive = 25

xtinct101 avatar Feb 22 '23 18:02 xtinct101

Looking at your post, it seems to refer to nordvpn and uses curl to get some more info. Where did you get the rest of the information once you install and connect to PIA?

xtinct101 avatar Feb 22 '23 18:02 xtinct101

Much easier way to do it, it seems they added the dedicated IP to manual connection in the "run_setup.sh". When you run that it seems to create the file and everything works.

xtinct101 avatar Feb 22 '23 19:02 xtinct101

This works for PIA. Once you install PIA for linux and connect to your dedicated IP you can open a terminal and run these commands to get all of the information you need to create the config. Obviously make sure in the PIA settings you have it using Wireguard. Also, I'm not sure if this is necessary but once I get the config built I disconnect PIA for linux before trying to use the config to connect.

  1. ifconfig
  2. sudo wg show wgpia0
  3. sudo wg show wgpia0 private-key

The 1st one you want to look under the wgpia0 interface and it should give you the Address. The 2nd one should give you the PublicKey, the ListenPort, and the Endpoint. The 3rd one should give you the PrivateKey. Let me know if that works for you please.

wtf911 avatar Feb 22 '23 19:02 wtf911

This works for PIA. Once you install PIA for linux and connect to your dedicated IP you can open a terminal and run these commands to get all of the information you need to create the config. Obviously make sure in the PIA settings you have it using Wireguard. Also, I'm not sure if this is necessary but once I get the config built I disconnect PIA for linux before trying to use the config to connect.

  1. ifconfig
  2. sudo wg show wgpia0
  3. sudo wg show wgpia0 private-key

The 1st one you want to look under the wgpia0 interface and it should give you the Address. The 2nd one should give you the PublicKey, the ListenPort, and the Endpoint. The 3rd one should give you the PrivateKey. Let me know if that works for you please.

Hello,

I did as you mentioned but when I try to connect it just stays there trying to connect without any luck, I noticed as well that every time I connect, the IP, the listen port, the public and private keys change, so I don't know what configuration I need to enter.

smashingx1 avatar Jan 16 '24 20:01 smashingx1