Anyone have DD-WRT, PIA openvpn, and port forwarding working

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 1912
Location: Netherlands

PostPosted: Mon Feb 12, 2018 17:14    Post subject: Reply with quote
Just wait till @Eibgrad finished his updated script. For that you do not need sha256sum.
You also do not need /jffs or /opt.
The script has to be placed in Administration/Commands Save as startup.
When the router starts everything is created.
I think that the description in the first lines is referring to an older build?
When I read the script I assumed it had to be placed in Administration/Commands and Saved as Startup and that is what I did and it worked Smile

Be sure to enable syslog

_________________
Router Netgear R6400v1, Netgear R6400v2 (waiting for DDWRT build), Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide see Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7410

PostPosted: Mon Feb 12, 2018 18:26    Post subject: Reply with quote
Changes w/ v0.2.0:

https://pastebin.com/P9nmpyxh

- You no longer need sha256sum, therefore optware/entware is NOT required if only for the reason of obtaining access to the sha256sum executable.

- Once a 256 bit hash it created for the client_id, it's made persistent using nvram. So unless you manually delete it for some reason, you'll use the same hash/token indefinitely. And that may make things easier because so far the same hash/token seems to make the external port persistent as well. But so far I've been getting the same VPN public IP. Not sure if will be the same port should I get a different VPN public IP. That's why I publish the external public IP and port to the webserver.

- By default, w/ no script changes at all, just executed as-is, it will port forward to your router over ssl/tls (port 443). That's only going to work, of course, if you enable HTTPS on the LAN side of the router. But as always, you can change it to anything you like.

The script should normally be *saved* to /jffs, then *called* from /jffs by adding the following to the startup script.

Code:
/jffs/ddwrt-pia-port-forward.sh


If you *want* to place the entire script into the startup script, you can, provided there's enough nvram. As a rule, however, because I'm leery about putting large amounts of code into nvram, I recommend you don't. If you should exceed available nvram space, it either won't save it, may truncate it, or in the worst case, reset your router to factory defaults and reboot the router (rare, but I have seen it happen, to me).

If you're the experimental type, you can compress the script before adding to /jffs or directly to the startup script using the following script.

https://pastebin.com/vXfWLnPe

While it does cut down the size of the script dramatically, it's also very difficult to read at that point, and therefore to edit. So always maintain a copy of the UNcompressed version.

As always, make sure to read the instructions in the script. I place them there to avoid not so obvious problems if you do things incorrectly. For example, the port forward can't be accessed from the same public IP as the public IP that established the OpenVPN client connection to PIA in the first place. You have to be outside your WAN, perhaps on the cellular network w/ a smartphone, a neighbor's wifi, etc.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7410

PostPosted: Tue Feb 13, 2018 3:03    Post subject: Reply with quote
P.S. I opened a PIA account just to get this working, but plan to close it on Friday to get my money back. If you have any issues, concerns, enhancement requests, whatever, NOW is the time to ask!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 1912
Location: Netherlands

PostPosted: Tue Feb 13, 2018 13:45    Post subject: Reply with quote
Many thanks, It is working.
One question, what exactly is the sed doing at the end of the script?

One remark, I used notepad++ for windows but that introduced <CR> and that played havoc to the script. That was probably the reason I could not call it from the startup command, just pasting it in the startup command worked because that seemded to strip the <CR>

Again many thanks learned a lot from it

_________________
Router Netgear R6400v1, Netgear R6400v2 (waiting for DDWRT build), Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide see Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7410

PostPosted: Tue Feb 13, 2018 14:18    Post subject: Reply with quote
As you've probably already noted, the script is actually two scripts. An outer script that creates the inner script. IOW, a script within a script. When executed, the outer script configures the inner script before placing it in /tmp/pia. The outer script then just falls away.

Notice the variables INTERNAL_IP and INTERNAL_PORT are defined in the outer script, when in fact they are used by the inner script. I do that so I can place those variables near the top, where the end-user would expect them, thus making them obvious and easy to modify. But that means I have to use sed at the end of the outer script to modified the inner script where those variables are actually used.

If I didn't do it this way, INTERNAL_IP and INTERNAL_PORT would be buried deep into the inner script, and the end-user would have to search for them.

It's just a design choice on my part to permit me to keep all end-user configuration changes in one place, near the top.

As far as notepad++, being a Windows app, I assume it default to Windows EOL chars. But that's incompatible w/ Linux. You need to make sure the current format in notepad++ is Unix/Linux before uploading the file.

Pasting to the startup script doesn't have this problem because the router is taking care of this for you.

FWIW, you can achieve similar results using Putty. Open a shell (telnet/ssh), then type "cat > /jffs/ddwrt-pia-port-forward.sh" (no quotes). The cursor will move to the far left, waiting for you to either type into the file, or paste. If you copy the file contents locally into the clipboard, you can either right-click or Shift-Insert to paste into the file. Then type Ctrl-C to close the file. Finally, mark it executable (chmod +x /jffs/ddwrt-pia-port-forward.sh). If you need to make minor changes on the router, use the vi editor (it pays to learn a few basic vi commands).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 1912
Location: Netherlands

PostPosted: Tue Feb 13, 2018 14:49    Post subject: Reply with quote
eibgrad wrote:
As you've probably already noted, the script is actually two scripts. An outer script that creates the inner script. IOW, a script within a script. When executed, the outer script configures the inner script before placing it in /tmp/pia. The outer script then just falls away.

Notice the variables INTERNAL_IP and INTERNAL_PORT are defined in the outer script, when in fact they are used by the inner script. I do that so I can place those variables near the top, where the end-user would expect them, thus making them obvious and easy to modify. But that means I have to use sed at the end of the outer script to modified the inner script where those variables are actually used.

If I didn't do it this way, INTERNAL_IP and INTERNAL_PORT would be buried deep into the inner script, and the end-user would have to search for them.

It's just a design choice on my part to permit me to keep all end-user configuration changes in one place, near the top.

As far as notepad++, being a Windows app, I assume it default to Windows EOL chars. But that's incompatible w/ Linux. You need to make sure the current format in notepad++ is Unix/Linux before uploading the file.

Pasting to the startup script doesn't have this problem because the router is taking care of this for you.

FWIW, you can achieve similar results using Putty. Open a shell (telnet/ssh), then type "cat > /jffs/ddwrt-pia-port-forward.sh" (no quotes). The cursor will move to the far left, waiting for you to either type into the file, or paste. If you copy the file contents locally into the clipboard, you can either right-click or Shift-Insert to paste into the file. Then type Ctrl-C to close the file. Finally, mark it executable (chmod +x /jffs/ddwrt-pia-port-forward.sh). If you need to make minor changes on the router, use the vi editor (it pays to learn a few basic vi commands).


Thanks that clears it up great job.

I found out that Winscp can also be used to make a file and edit it without the Windows trouble, can also be used to make it executable Smile

_________________
Router Netgear R6400v1, Netgear R6400v2 (waiting for DDWRT build), Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide see Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
bushant
DD-WRT User


Joined: 18 Nov 2015
Posts: 294
Location: Indiana U.S.A.

PostPosted: Wed Feb 14, 2018 1:42    Post subject: Reply with quote
Give a monkey a crayon and he will eventually draw a picture!
Regarding:
Got it going today after struggling yesterday with intermittent results. Think it had to do with entware on usb. I unplugged that and learned some vi and it took off here on my home setup (Kubuntu).
Tried it at the shop (which is where port forwarding is actually going to be needed on Ubuntu pc) this evening using Windows pc Sad with no luck. I struggle with Windows. I had vnc connection for a few minutes then it quit and would not reconnect no matter what.I will switch to Ubuntu tomorrow and see what happens.

eibgrad: You have gone above and beyond with this. Be glad to send some dollars for your efforts. (I may not be done)

_________________
Qualcomm Atheros:
R7500V2 36375M GW/AP---WNDR3700v4 36596 /AP--- WZR-hp-ag300h 36645 /WDS Station
Broadcom : Testing
R6200v2(thinks it's a 6250) 36440kongat
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7410

PostPosted: Wed Feb 14, 2018 2:00    Post subject: Reply with quote
Knowing I only had a limited time to access PIA, I decided to create a Tomato version as well.

https://pastebin.com/zkDfbTEJ

The two environments are similar enough that it wasn't too tough. Biggest difference is that Tomato supports *two* OpenVPN clients, so I had to add extra code to detect which client was PIA, and make some adjustments.

I figure eventually someone over in the Tomato forum ( http://linksysinfo.org/index.php?forums/tomato-firmware.33/ ) will ask for it. So now is the time.

I may fiddle a bit here and there w/ both scripts until Friday when I close the PIA account.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7410

PostPosted: Wed Feb 14, 2018 4:03    Post subject: Reply with quote
bushant wrote:
Give a monkey a crayon and he will eventually draw a picture!
Regarding:
Got it going today after struggling yesterday with intermittent results. Think it had to do with entware on usb. I unplugged that and learned some vi and it took off here on my home setup (Kubuntu).
Tried it at the shop (which is where port forwarding is actually going to be needed on Ubuntu pc) this evening using Windows pc Sad with no luck. I struggle with Windows. I had vnc connection for a few minutes then it quit and would not reconnect no matter what.I will switch to Ubuntu tomorrow and see what happens.

eibgrad: You have gone above and beyond with this. Be glad to send some dollars for your efforts. (I may not be done)


I don't understand why you're having so much trouble. All the action takes place on the router. As long as it's running w/o errors, it should just work, irrespective of the particular client.

Now it may be that PIA's end of the tunnel isn't very stable, or perhaps bandwidth limited. When I tested my RealVNC client, the best I saw was a measly 188Kbps! Often much less. At least as measured by RealVNC. So even if it works, I'm not sure it's a good long-term solution. The WAN may prove to be more realistic.
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum