forked from pia-foss/manual-connections
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget_region_and_token.sh
executable file
·228 lines (208 loc) · 8.9 KB
/
get_region_and_token.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#!/bin/bash
# Copyright (C) 2020 Private Internet Access, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# This function allows you to check if the required tools have been installed.
function check_tool() {
cmd=$1
package=$2
if ! command -v $cmd &>/dev/null
then
echo "$cmd could not be found"
echo "Please install $package"
exit 1
fi
}
# Now we call the function to make sure we can use curl and jq.
check_tool curl curl
check_tool jq jq
# This allows you to set the maximum allowed latency in seconds.
# All servers that respond slower than this will be ignored.
# You can inject this with the environment variable MAX_LATENCY.
# The default value is 50 milliseconds.
MAX_LATENCY=${MAX_LATENCY:-0.05}
export MAX_LATENCY
serverlist_url='https://serverlist.piaservers.net/vpninfo/servers/v4'
# This function checks the latency you have to a specific region.
# It will print a human-readable message to stderr,
# and it will print the variables to stdout
printServerLatency() {
serverIP="$1"
regionID="$2"
regionName="$(echo ${@:3} |
sed 's/ false//' | sed 's/true/(geo)/')"
time=$(LC_NUMERIC=en_US.utf8 curl -o /dev/null -s \
--connect-timeout $MAX_LATENCY \
--write-out "%{time_connect}" \
http://$serverIP:443)
if [ $? -eq 0 ]; then
>&2 echo Got latency ${time}s for region: $regionName
echo $time $regionID $serverIP
fi
}
export -f printServerLatency
echo -n "Getting the server list... "
# Get all region data since we will need this on multiple occasions
all_region_data=$(curl -s "$serverlist_url" | head -1)
# If the server list has less than 1000 characters, it means curl failed.
if [[ ${#all_region_data} -lt 1000 ]]; then
echo "Could not get correct region data. To debug this, run:"
echo "$ curl -v $serverlist_url"
echo "If it works, you will get a huge JSON as a response."
exit 1
fi
# Notify the user that we got the server list.
echo "OK!"
# Test one server from each region to get the closest region.
# If port forwarding is enabled, filter out regions that don't support it.
if [[ $PIA_PF == "true" ]]; then
echo Port Forwarding is enabled, so regions that do not support
echo port forwarding will get filtered out.
summarized_region_data="$( echo $all_region_data |
jq -r '.regions[] | select(.port_forward==true) |
.servers.meta[0].ip+" "+.id+" "+.name+" "+(.geo|tostring)' )"
else
summarized_region_data="$( echo $all_region_data |
jq -r '.regions[] |
.servers.meta[0].ip+" "+.id+" "+.name+" "+(.geo|tostring)' )"
fi
echo Testing regions that respond \
faster than $MAX_LATENCY seconds:
bestRegion="$(echo "$summarized_region_data" |
xargs -I{} bash -c 'printServerLatency {}' |
sort | head -1 | awk '{ print $2 }')"
if [ -z "$bestRegion" ]; then
echo ...
echo No region responded within ${MAX_LATENCY}s, consider using a higher timeout.
echo For example, to wait 1 second for each region, inject MAX_LATENCY=1 like this:
echo $ MAX_LATENCY=1 ./get_region_and_token.sh
exit 1
fi
# Get all data for the best region
regionData="$( echo $all_region_data |
jq --arg REGION_ID "$bestRegion" -r \
'.regions[] | select(.id==$REGION_ID)')"
echo -n The closest region is "$(echo $regionData | jq -r '.name')"
if echo $regionData | jq -r '.geo' | grep true > /dev/null; then
echo " (geolocated region)."
else
echo "."
fi
echo
bestServer_meta_IP="$(echo $regionData | jq -r '.servers.meta[0].ip')"
bestServer_meta_hostname="$(echo $regionData | jq -r '.servers.meta[0].cn')"
bestServer_WG_IP="$(echo $regionData | jq -r '.servers.wg[0].ip')"
bestServer_WG_hostname="$(echo $regionData | jq -r '.servers.wg[0].cn')"
bestServer_OT_IP="$(echo $regionData | jq -r '.servers.ovpntcp[0].ip')"
bestServer_OT_hostname="$(echo $regionData | jq -r '.servers.ovpntcp[0].cn')"
bestServer_OU_IP="$(echo $regionData | jq -r '.servers.ovpnudp[0].ip')"
bestServer_OU_hostname="$(echo $regionData | jq -r '.servers.ovpnudp[0].cn')"
echo "The script found the best servers from the region closest to you.
When connecting to an IP (no matter which protocol), please verify
the SSL/TLS certificate actually contains the hostname so that you
are sure you are connecting to a secure server, validated by the
PIA authority. Please find bellow the list of best IPs and matching
hostnames for each protocol:
Meta Services: $bestServer_meta_IP // $bestServer_meta_hostname
WireGuard: $bestServer_WG_IP // $bestServer_WG_hostname
OpenVPN TCP: $bestServer_OT_IP // $bestServer_OT_hostname
OpenVPN UDP: $bestServer_OU_IP // $bestServer_OU_hostname
"
if [[ ! $PIA_USER || ! $PIA_PASS ]]; then
echo If you want this script to automatically get a token from the Meta
echo service, please add the variables PIA_USER and PIA_PASS. Example:
echo $ PIA_USER=p0123456 PIA_PASS=xxx ./get_region_and_token.sh
exit 1
fi
echo "The ./get_region_and_token.sh script got started with PIA_USER and PIA_PASS,
so we will also use a meta service to get a new VPN token."
echo "Trying to get a new token by authenticating with the meta service..."
generateTokenResponse=$(curl -s -u "$PIA_USER:$PIA_PASS" \
--connect-to "$bestServer_meta_hostname::$bestServer_meta_IP:" \
--cacert "ca.rsa.4096.crt" \
"https://$bestServer_meta_hostname/authv3/generateToken")
echo "$generateTokenResponse"
if [ "$(echo "$generateTokenResponse" | jq -r '.status')" != "OK" ]; then
echo "Could not get a token. Please check your account credentials."
echo
echo "You can also try debugging by manually running the curl command:"
echo $ curl -vs -u "$PIA_USER:$PIA_PASS" --cacert ca.rsa.4096.crt \
--connect-to "$bestServer_meta_hostname::$bestServer_meta_IP:" \
https://$bestServer_meta_hostname/authv3/generateToken
exit 1
fi
token="$(echo "$generateTokenResponse" | jq -r '.token')"
echo "This token will expire in 24 hours.
"
# just making sure this variable doesn't contain some strange string
if [ "$PIA_PF" != true ]; then
PIA_PF="false"
fi
if [[ $PIA_AUTOCONNECT == wireguard ]]; then
echo The ./get_region_and_token.sh script got started with
echo PIA_AUTOCONNECT=wireguard, so we will automatically connect to WireGuard,
echo by running this command:
echo $ PIA_TOKEN=\"$token\" \\
echo WG_SERVER_IP=$bestServer_WG_IP WG_HOSTNAME=$bestServer_WG_hostname \\
echo PIA_PF=$PIA_PF ./connect_to_wireguard_with_token.sh
echo
PIA_PF=$PIA_PF PIA_TOKEN="$token" WG_SERVER_IP=$bestServer_WG_IP \
WG_HOSTNAME=$bestServer_WG_hostname ./connect_to_wireguard_with_token.sh
exit 0
fi
if [[ $PIA_AUTOCONNECT == openvpn* ]]; then
serverIP=$bestServer_OU_IP
serverHostname=$bestServer_OU_hostname
if [[ $PIA_AUTOCONNECT == *tcp* ]]; then
serverIP=$bestServer_OT_IP
serverHostname=$bestServer_OT_hostname
fi
echo The ./get_region_and_token.sh script got started with
echo PIA_AUTOCONNECT=$PIA_AUTOCONNECT, so we will automatically
echo connect to OpenVPN, by running this command:
echo PIA_PF=$PIA_PF PIA_TOKEN=\"$token\" \\
echo OVPN_SERVER_IP=$serverIP \\
echo OVPN_HOSTNAME=$serverHostname \\
echo CONNECTION_SETTINGS=$PIA_AUTOCONNECT \\
echo ./connect_to_openvpn_with_token.sh
echo
PIA_PF=$PIA_PF PIA_TOKEN="$token" \
OVPN_SERVER_IP=$serverIP \
OVPN_HOSTNAME=$serverHostname \
CONNECTION_SETTINGS=$PIA_AUTOCONNECT \
./connect_to_openvpn_with_token.sh
exit 0
fi
echo If you wish to automatically connect to the VPN after detecting the best
echo region, please run the script with the env var PIA_AUTOCONNECT.
echo 'The available options for PIA_AUTOCONNECT are (from fastest to slowest):'
echo - wireguard
echo - openvpn_udp_standard
echo - openvpn_udp_strong
echo - openvpn_tcp_standard
echo - openvpn_tcp_strong
echo You can also specify the env var PIA_PF=true to get port forwarding.
echo
echo Example:
echo $ PIA_USER=p0123456 PIA_PASS=xxx \
PIA_AUTOCONNECT=wireguard PIA_PF=true ./get_region_and_token.sh
echo
echo You can also connect now by running this command:
echo $ PIA_TOKEN=\"$token\" WG_SERVER_IP=$bestServer_WG_IP \
WG_HOSTNAME=$bestServer_WG_hostname ./connect_to_wireguard_with_token.sh