Skip to content

Releases: FingerlessGlov3s/OPNsensePIAWireguard

25.1-1

14 Feb 09:37
@FingerlessGlov3s FingerlessGlov3s
25.1-1
cec46d1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
25.1-1 Latest
Latest

Summary

Fix port alias update which broke with the new release of OPNsense 25.1

Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.7.10-1

Upgrade

fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/25.1-1/PIAWireguard.py
Assets 2
Loading

24.7.10-1

15 Dec 17:00
@FingerlessGlov3s FingerlessGlov3s
24.7.10-1
9aa42d7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
24.7.10-1

Summary

Update to the script to fix certificate CA location for those using a DIP

Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.1.1-1

Upgrade

fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.7.10-1/PIAWireguard.py
Loading

24.1.1-1

18 Feb 16:13
@FingerlessGlov3s FingerlessGlov3s
24.1.1-1
0922b2e
Compare
Choose a tag to compare
24.1.1-1

Summary

Tweaks

Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.1-1

Upgrade

fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1.1-1/PIAWireguard.py
Loading

24.1-1

31 Jan 19:45
@FingerlessGlov3s FingerlessGlov3s
24.1-1
cbba4eb
Compare
Choose a tag to compare
24.1-1

Summary

OPNsense 24.1 has now been released. I have tested the script and it's compatible with the 24.1 release.

Important

I have rewritten the script since the 23.7.8-1 release. So there are breaking changes you will need to carry out before running the new script. Please see upgrade instructions below.

Upgrade Instructions

{instancename} replace with the name for your instance in the config file, example london would be come pia-london for the WireGuard instance name. See Example config below. Then proceed to the below instructions.

  1. Delete the current cron entry.
  2. Backup your current config cp /conf/PIAWireguard.json /conf/PIAWireguard.json.bk via SSH
  3. Populate the new PIAWireguard.json based on your old config file
  4. Upload new PIAWireguard.py and PIAWireguard.json file to /conf/
    Can also do this via the below SSH commands, up to yourself how you wish to edit the new /conf/PIAWireguard.json file. 
    fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.py
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.json
  5. Upload new actions_piawireguard.conf file to /usr/local/opnsense/service/conf/actions.d/
    Can also do this via the below SSH commands 
    fetch -o /usr/local/opnsense/service/conf/actions.d https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/actions_piawireguard.conf
  6. Run service configd restart to refresh new actions file via SSH
  7. There's a few bits in the WireGuard section in OPNsense you need to rename
    1. Rename current WG instance name to pia-{instancename} from PIA
    2. Rename current WG peer to pia-{instancename}-server from PIA-Server
  8. If your using port forwarding rename the alias to pia_{instancename}_port from PIA_Port
  9. Ensure you applied all changes
  10. Run the new script via SSH in debug mode and ensure it's working python3 PIAWireguard.py --debug, should return instancename tunnel up - last handshake x seconds ago as the last log entry
  11. Then run again but this time forcing a it to change server python3 PIAWireguard.py --debug --changeserver instancename, to ensure all changes will apply and work.
  12. If all is working correctly, then re-create the cron entry, see main README for example as command name changed to PIA WireGuard Monitor Tunnels
  13. Now double check all your configured routes and rules, ensure IP leaking isn't happening etc

Example Config

Example config

{
    "opnsenseURL": "https://127.0.0.1:443",
    "opnsenseKey": "/FQDXExojUWWuBdnPEPCUt98vnrQOdLxFqypTIEhE41304uYgA68ZJw7fveXBpXkMHqiAdx04cRAlLwh",
    "opnsenseSecret": "p+Gi4uE1xypuGIptbhrDylGKcNd9vaRpQ298eH0k6SFRQ6Crw4fLk0cIA0eSuKvWEN0hKx8JaIGUtNPq",
    "piaUsername": "p1234567",
    "piaPassword": "EncryptAllTheThings",
    "tunnelGateway": null,
    "opnsenseWGPrefixName": "pia",
    "instances": {
        "london": {
            "regionId": "uk",
            "dipToken": "",
            "dip": false,
            "portForward": true,
            "opnsenseWGPort": "51815"
        }
    }
}
Loading

23.7.8-1

10 Nov 21:31
@FingerlessGlov3s FingerlessGlov3s
23.7.8-1
b9faeec
Compare
Choose a tag to compare
23.7.8-1

Summary

OPNsense 23.7.8 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.8 again.

Update instructions

  1. Update script.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
  1. Change server, to get tunnel running again.
/conf/PIAWireguard.py changeserver
Loading

23.7.6-1

14 Oct 18:18
@FingerlessGlov3s FingerlessGlov3s
23.7.6-1
ef6cc5b
Compare
Choose a tag to compare
23.7.6-1

Summary

OPNsense 23.7.6 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.6 again.

Update instructions

  1. Update script.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
  1. Change server, to get tunnel running again.
/conf/PIAWireguard.py changeserver
Loading