Someone wrote a python script to generate a Wireguard config file using PIA credentials and a chosen region:
https://github.com/hsand/pia-wg
I took that and added some features to it a while ago, along with a new script to send a Wireguard config to RouterOS:
https://github.com/kchiem/pia-wg
NOTE: The Wireguard config to RouterOS script can be used for any vpn, not just PIA.
Usage is documented at the url above, and as mentioned, it's up to you from there on to decide what traffic you want to route through the new interface. Here's an example on how to do split tunneling and only route certain destinations through the vpn:
1. Create an address list for the sites you want to route through the vpn:
(add an entry for each destination you want to use the vpn)
2. Mark your connections and packets:
a. mark the connections to the address list above with the connection mark "vpn-connections"
b. mark your packets from those connections with the routing mark "vpn-routing"
3. Route marked packets to the new interface:
a. create a new routing table to use
b. add a route for the routing table above (using the new interface from the example in the url, wg-pia-il)
c. add a rule for packets with a routing mark of "vpn-routing" to use the routing table "vpn-table"
Now if you point your browser to wtfismyip.com, or run:it should return an IP from the VPN.
https://github.com/hsand/pia-wg
I took that and added some features to it a while ago, along with a new script to send a Wireguard config to RouterOS:
https://github.com/kchiem/pia-wg
NOTE: The Wireguard config to RouterOS script can be used for any vpn, not just PIA.
Usage is documented at the url above, and as mentioned, it's up to you from there on to decide what traffic you want to route through the new interface. Here's an example on how to do split tunneling and only route certain destinations through the vpn:
1. Create an address list for the sites you want to route through the vpn:
Code:
/ip/firewall/address-list/add list=vpn-list address=wtfismyip.com
2. Mark your connections and packets:
a. mark the connections to the address list above with the connection mark "vpn-connections"
Code:
/ip/firewall/mangle/add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=vpn-list new-connection-mark=vpn-connections
Code:
/ip/firewall/mangle/add action=mark-routing chain=prerouting connection-mark=vpn-connections in-interface-list=bridge-local new-routing-mark=vpn-routing
a. create a new routing table to use
Code:
/routing/table/add fib name=vpn-table
Code:
/ip/route/add check-gateway=none distance=1 dst-address=0.0.0.0/0 gateway=wg-pia-il routing-table=vpn-table
Code:
/routing/rule/add action=lookup routing-mark=vpn-routing table=vpn-table
Code:
curl http://wtfismyip.com/text
Statistics: Posted by chiem — Sun Mar 03, 2024 6:42 am