Skip to content

Releases: FingerlessGlov3s/OPNsensePIAWireguard

24.7.10-1

15 Dec 17:00
9aa42d7
Compare
Choose a tag to compare

Summary

Update to the script to fix certificate CA location for those using a DIP

Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.1.1-1

Upgrade

fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.7.10-1/PIAWireguard.py

24.1.1-1

18 Feb 16:13
Compare
Choose a tag to compare

Summary

Tweaks

Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.1-1

Upgrade

fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1.1-1/PIAWireguard.py

24.1-1

31 Jan 19:45
Compare
Choose a tag to compare

Summary

OPNsense 24.1 has now been released. I have tested the script and it's compatible with the 24.1 release.

Important

I have rewritten the script since the 23.7.8-1 release. So there are breaking changes you will need to carry out before running the new script. Please see upgrade instructions below.

Upgrade Instructions

{instancename} replace with the name for your instance in the config file, example london would be come pia-london for the WireGuard instance name. See Example config below. Then proceed to the below instructions.

  1. Delete the current cron entry.
  2. Backup your current config cp /conf/PIAWireguard.json /conf/PIAWireguard.json.bk via SSH
  3. Populate the new PIAWireguard.json based on your old config file
  4. Upload new PIAWireguard.py and PIAWireguard.json file to /conf/
    Can also do this via the below SSH commands, up to yourself how you wish to edit the new /conf/PIAWireguard.json file.
    fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.py
    fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.json
    
  5. Upload new actions_piawireguard.conf file to /usr/local/opnsense/service/conf/actions.d/
    Can also do this via the below SSH commands
    fetch -o /usr/local/opnsense/service/conf/actions.d https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/actions_piawireguard.conf
    
  6. Run service configd restart to refresh new actions file via SSH
  7. There's a few bits in the WireGuard section in OPNsense you need to rename
    1. Rename current WG instance name to pia-{instancename} from PIA
    2. Rename current WG peer to pia-{instancename}-server from PIA-Server
  8. If your using port forwarding rename the alias to pia_{instancename}_port from PIA_Port
  9. Ensure you applied all changes
  10. Run the new script via SSH in debug mode and ensure it's working python3 PIAWireguard.py --debug, should return instancename tunnel up - last handshake x seconds ago as the last log entry
  11. Then run again but this time forcing a it to change server python3 PIAWireguard.py --debug --changeserver instancename, to ensure all changes will apply and work.
  12. If all is working correctly, then re-create the cron entry, see main README for example as command name changed to PIA WireGuard Monitor Tunnels
  13. Now double check all your configured routes and rules, ensure IP leaking isn't happening etc

Example Config

Example config

{
    "opnsenseURL": "https://127.0.0.1:443",
    "opnsenseKey": "/FQDXExojUWWuBdnPEPCUt98vnrQOdLxFqypTIEhE41304uYgA68ZJw7fveXBpXkMHqiAdx04cRAlLwh",
    "opnsenseSecret": "p+Gi4uE1xypuGIptbhrDylGKcNd9vaRpQ298eH0k6SFRQ6Crw4fLk0cIA0eSuKvWEN0hKx8JaIGUtNPq",
    "piaUsername": "p1234567",
    "piaPassword": "EncryptAllTheThings",
    "tunnelGateway": null,
    "opnsenseWGPrefixName": "pia",
    "instances": {
        "london": {
            "regionId": "uk",
            "dipToken": "",
            "dip": false,
            "portForward": true,
            "opnsenseWGPort": "51815"
        }
    }
}

23.7.8-1

10 Nov 21:31
Compare
Choose a tag to compare

Summary

OPNsense 23.7.8 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.8 again.

Update instructions

  1. Update script.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
  1. Change server, to get tunnel running again.
/conf/PIAWireguard.py changeserver

23.7.6-1

14 Oct 18:18
Compare
Choose a tag to compare

Summary

OPNsense 23.7.6 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.6 again.

Update instructions

  1. Update script.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
  1. Change server, to get tunnel running again.
/conf/PIAWireguard.py changeserver