Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Enter your PIA Account details
- PIA_USER='p1111111'
- PIA_PASS='12341234'
- # Enter your wireguard PIA server details find them at https://serverlist.piaservers.net/vpninfo/servers/v6 search for the country or city you want to connect to and look for the 'wg' which stands for wireguard here is an example "wg": [{"ip": "188.126.89.149", "cn": "helsinki403"} replace below with the ones you want
- WG_SERVER_IP='188.126.89.149'
- WG_HOSTNAME='helsinki403'
- #using /opt to store files you could use else where
- mkdir -p /opt/wireguard
- #getting the pia token
- generateTokenResponse=$(curl -s -u "$PIA_USER:$PIA_PASS" \
- "https://privateinternetaccess.com/gtoken/generateToken")
- if [ "$(echo "$generateTokenResponse" | jq -r '.status')" != "OK" ]; then
- echo
- echo -e "Could not authenticate with the login credentials provided!"
- echo
- exit
- fi
- PIA_TOKEN=$(echo "$generateTokenResponse" | jq -r '.token')
- echo $PIA_TOKEN>/opt/wireguard/PIA_TOKEN || exit 1
- # Create ephemeral wireguard keys, that we don't need to be saved to disk.
- PRIVKEY="$(wg genkey)"
- PUBKEY="$( echo "$PRIVKEY" | wg pubkey)"
- # Authenticate via the PIA WireGuard RESTful API.
- # This will return a JSON with data required for authentication.
- # The certificate is required to verify the identity of the VPN server.
- # In case you didn't clone the entire repo, get the certificate from:
- # https://github.com/pia-foss/manual-connections/blob/master/ca.rsa.4096.crt this file needs to be in the same dir as this script
- # In case you want to troubleshoot the script, replace -s with -v.
- echo Trying to connect to the PIA WireGuard API on $WG_SERVER_IP...
- wireguard_json="$(curl -s -G \
- --connect-to "$WG_HOSTNAME::$WG_SERVER_IP:" \
- --cacert "ca.rsa.4096.crt" \
- --data-urlencode "pt=${PIA_TOKEN}" \
- --data-urlencode "pubkey=$PUBKEY" \
- "https://${WG_HOSTNAME}:1337/addKey" )"
- export wireguard_json
- echo $wireguard_json>/opt/wireguard/wireguard_json
- # Create the WireGuard config based on the JSON received from the API
- # This uses a PersistentKeepalive of 25 seconds to keep the NAT active
- # on firewalls. You can remove that line if your network does not
- # require it.
- echo -n "Trying to write /opt/wireguard/pia.conf..."
- echo
- DNSSERVER="$(echo "$wireguard_json" | jq -r '.dns_servers[0]')"
- LISTENPORT=$(echo "$wireguard_json" | jq -r '.server_port')
- ADDRESS=$(echo "$wireguard_json" | jq -r '.peer_ip')
- PUBLICKEY=$(echo "$wireguard_json" | jq -r '.server_key')
- echo "
- [Interface]
- PrivateKey = $PRIVKEY
- ListenPort = $LISTENPORT
- Address = $ADDRESS
- DNS = $DNSSERVER
- [Peer]
- PublicKey = $PUBLICKEY
- AllowedIPs = 0.0.0.0/0
- Endpoint = $WG_SERVER_IP:$LISTENPORT
- PersistentKeepalive = 25
- " > /opt/wireguard/pia.conf || exit 1
- echo -n "Trying to set wireguard nvram variables..."
- echo
- #configfile nvram settings
- nvram set oet1_private=$PRIVKEY
- nvram set oet1_port=$LISTENPORT
- nvram set oet1_ipaddrmask=$ADDRESS
- nvram set oet1_dns=$DNSSERVER
- nvram set oet1_peerkey0=$PUBLICKEY
- nvram set oet1_aip="0.0.0.0/0"
- nvram set oet1_rem0=$WG_SERVER_IP
- nvram set oet1_peerport0=$LISTENPORT
- nvram set oet1_ka0="25"
- #other nvram settings
- nvram commit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement