github FingerlessGlov3s/OPNsensePIAWireguard 24.1-1
on GitHub

latest release: 24.1.1-1
9 months ago

Summary

OPNsense 24.1 has now been released. I have tested the script and it's compatible with the 24.1 release.

Important

I have rewritten the script since the 23.7.8-1 release. So there are breaking changes you will need to carry out before running the new script. Please see upgrade instructions below.

Upgrade Instructions

{instancename} replace with the name for your instance in the config file, example london would be come pia-london for the WireGuard instance name. See Example config below. Then proceed to the below instructions.

  1. Delete the current cron entry.
  2. Backup your current config cp /conf/PIAWireguard.json /conf/PIAWireguard.json.bk via SSH
  3. Populate the new PIAWireguard.json based on your old config file
  4. Upload new PIAWireguard.py and PIAWireguard.json file to /conf/
    Can also do this via the below SSH commands, up to yourself how you wish to edit the new /conf/PIAWireguard.json file. 
    fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.py
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.json
  5. Upload new actions_piawireguard.conf file to /usr/local/opnsense/service/conf/actions.d/
    Can also do this via the below SSH commands 
    fetch -o /usr/local/opnsense/service/conf/actions.d https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/actions_piawireguard.conf
  6. Run service configd restart to refresh new actions file via SSH
  7. There's a few bits in the WireGuard section in OPNsense you need to rename
    1. Rename current WG instance name to pia-{instancename} from PIA
    2. Rename current WG peer to pia-{instancename}-server from PIA-Server
  8. If your using port forwarding rename the alias to pia_{instancename}_port from PIA_Port
  9. Ensure you applied all changes
  10. Run the new script via SSH in debug mode and ensure it's working python3 PIAWireguard.py --debug, should return instancename tunnel up - last handshake x seconds ago as the last log entry
  11. Then run again but this time forcing a it to change server python3 PIAWireguard.py --debug --changeserver instancename, to ensure all changes will apply and work.
  12. If all is working correctly, then re-create the cron entry, see main README for example as command name changed to PIA WireGuard Monitor Tunnels
  13. Now double check all your configured routes and rules, ensure IP leaking isn't happening etc

Example Config

Example config 

{
    "opnsenseURL": "https://127.0.0.1:443",
    "opnsenseKey": "/FQDXExojUWWuBdnPEPCUt98vnrQOdLxFqypTIEhE41304uYgA68ZJw7fveXBpXkMHqiAdx04cRAlLwh",
    "opnsenseSecret": "p+Gi4uE1xypuGIptbhrDylGKcNd9vaRpQ298eH0k6SFRQ6Crw4fLk0cIA0eSuKvWEN0hKx8JaIGUtNPq",
    "piaUsername": "p1234567",
    "piaPassword": "EncryptAllTheThings",
    "tunnelGateway": null,
    "opnsenseWGPrefixName": "pia",
    "instances": {
        "london": {
            "regionId": "uk",
            "dipToken": "",
            "dip": false,
            "portForward": true,
            "opnsenseWGPort": "51815"
        }
    }
}
Check out latest releases or
releases around FingerlessGlov3s/OPNsensePIAWireguard 24.1-1

Don't miss a new OPNsensePIAWireguard release

NewReleases is sending notifications on new releases.

Get notifications