This script automates the process of getting Wireguard setup on OPNsense to connect to PIA's NextGen Wireguard servers. It will create Wireguard Instance(Local) and Peer(Endpoint) on your OPNsense setup.
Update to the script as there was a bug when creating multiple tunnels at once.
Please check previous releases to see if you need to do any changes to your configuration if you are coming from an older version than 24.1-1
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1.1-1/PIAWireguard.py
OPNsense 24.1 has now been released. I have tested the script and it's compatible with the 24.1 release.
I have rewritten the script since the 23.7.8-1
release. So there are breaking changes you will need to carry out before running the new script. Please see upgrade instructions below.
{instancename}
replace with the name for your instance in the config file, example london
would be come pia-london
for the WireGuard instance name. See Example config below. Then proceed to the below instructions.
cp /conf/PIAWireguard.json /conf/PIAWireguard.json.bk
via SSHPIAWireguard.json
based on your old config filePIAWireguard.py
and PIAWireguard.json
file to /conf/
Can also do this via the below SSH commands, up to yourself how you wish to edit the new /conf/PIAWireguard.json
file.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.py
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/PIAWireguard.json
actions_piawireguard.conf
file to /usr/local/opnsense/service/conf/actions.d/
Can also do this via the below SSH commands
fetch -o /usr/local/opnsense/service/conf/actions.d https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/24.1-1/actions_piawireguard.conf
service configd restart
to refresh new actions file via SSHpia-{instancename}
from PIA
pia-{instancename}-server
from PIA-Server
pia_{instancename}_port
from PIA_Port
python3 PIAWireguard.py --debug
, should return instancename tunnel up - last handshake x seconds ago
as the last log entrypython3 PIAWireguard.py --debug --changeserver instancename
, to ensure all changes will apply and work.PIA WireGuard Monitor Tunnels
Example config
{
"opnsenseURL": "https://127.0.0.1:443",
"opnsenseKey": "/FQDXExojUWWuBdnPEPCUt98vnrQOdLxFqypTIEhE41304uYgA68ZJw7fveXBpXkMHqiAdx04cRAlLwh",
"opnsenseSecret": "p+Gi4uE1xypuGIptbhrDylGKcNd9vaRpQ298eH0k6SFRQ6Crw4fLk0cIA0eSuKvWEN0hKx8JaIGUtNPq",
"piaUsername": "p1234567",
"piaPassword": "EncryptAllTheThings",
"tunnelGateway": null,
"opnsenseWGPrefixName": "pia",
"instances": {
"london": {
"regionId": "uk",
"dipToken": "",
"dip": false,
"portForward": true,
"opnsenseWGPort": "51815"
}
}
}
OPNsense 23.7.8 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.8 again.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
/conf/PIAWireguard.py changeserver
OPNsense 23.7.6 released, breaking the PIA script. The script has now been fixed to work with OPNsense 23.7.6 again.
fetch -o /conf https://raw.githubusercontent.com/FingerlessGlov3s/OPNsensePIAWireguard/main/PIAWireguard.py
/conf/PIAWireguard.py changeserver