Private Internet Access VPN Manual Connections, but for Windows
This is a Powershell translation of pia-foss/manual-connections.
Note: Currently only supports Wireguard. I might add support for OpenVPN if the demand is there, but since I don't use OpenVPN and Wireguard is superior (in my opinion), I urge you to try Wireguard. If for some reason OpenVPN is the only way for you, open a issue and I will get to it when I have the time to.
I've tested it on Windows 10, which has Powershell 5.1 preinstalled. If you're not on Windows, do not use this script. Doesn't need additional modules/programs (other than Wireguard, of course). By default, the Wireguard program folder (C:\Program Files\WireGuard) should be in PATH, so I have used wireguard.exe instead of full path. To check, try running wireguard.exe and wg.exe in Powershell window. The former should open the Wireguard GUI, and the latter will show you the available commands.
When the PIA tunnel is launched with command line (like this script does), the GUI will not show that in the main tab. However, in the "Log" tab in the same GUI, it can be seen that the tunnel is running.
This is my first time writing Powershell scripts, so if your fluent in Powershell, I'd like some feedback on how it can be written better. The scripts are written with compatibility in mind, so if possible, I only use commands for Powershell 5.1 (the one that ships with Windows 10), and programs that comes with Windows 10.
I have implemented some extra features compared to pia-foss/manual-connections. All extra features will be listed here:
-
$ALLOWED_IPS(string): If this is set, theAllowedIPsparameter of the final Wireguard config will use this instead. Eg."0.0.0.0/1, 128.0.0.0/1". Tip: If you want to exclude certain IP networks, use thispython3code:Code
from ipaddress import ip_network start = '0.0.0.0/0' exclude = ['8.8.8.8', '10.8.0.0/24'] result = [ip_network(start)] for x in exclude: n = ip_network(x) new = [] for y in result: if y.overlaps(n): new.extend(y.address_exclude(n)) else: new.append(y) result = new print(', '.join(str(x) for x in sorted(result)))
-
$LOCAL_NETWORK_BYPASS(string,"true"/"false"): If this is set to"true",$ALLOWED_IPSwill be set to bypass private IPs, eg."0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3". This only applies if$ALLOWED_IPSis not set or is empty string.
curl.exetakes.as decimal point. If system locale uses,as decimal point, and$MAX_LATENCYis passed tocurl.exe, it will give out error since the system will pass,as decimal point tocurl.exe. Hence,$MAX_LATENCYis hardcoded for now. If you want to change it, edit theps1script directly.- For some reason,
curl.execomplains about the cacert being untrusted.-kis used to circumvent this. (HELP NEEDED ON THIS ISSUE) - Port forwarding script is yet to be translated.
-
Make sure
wireguard.exeandwg.exeis able to be run directly from Powershell. If not, install Wireguard or addC:\Program Files\WireGuardto environmental path. -
Allow Powershell to run scripts. Run
Set-ExecutionPolicy -ExecutionPolicy RemoteSignedin a Powershell window with administrator privileges. -
Run
run_setup.ps1to start the script. It'll prompt you for information that it needs. -
Optionally, if you don't want it to prompt for information (non-interactive), use the
startup.ps1script. Change the variable values inside beforehand. You can also do like$PIA_USER = "p1234567"; $PIA_PASS = "abcd1234"; $PIA_DNS = "true"; $PIA_PF = "false"; $PREFERRED_REGION = "de-frankfurt"; $AUTOCONNECT = "false"; $VPN_PROTOCOL = "wireguard"; $DISABLE_IPV6 = "no"; $MAX_LATENCY = "0.05"; ./run_setup.ps1
- Edit
startup.ps1to include your desired values for variables. - Use Task Scheduler to run
startup.ps1when user logs in:- General: Enable
Run with highest privilege - Triger:
At logon - Actions:
Start program- Program:
powershell.exe - Arguments:
-File "<path\to\startup.ps1>"
- Program:
- Conditions: Disable all
- General: Enable
- When saving the task, it'll prompt for your Windows logon password. If you do not have a password for your account, I'm afraid it will not work (afaik).
- Translate
port_forwarding.sh - Translate
connect_to_openvpn_with_token.sh(low priority unless there is demand)