Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIA application returns wrong public IP #35

Open
piramiday opened this issue Sep 9, 2021 · 4 comments
Open

PIA application returns wrong public IP #35

piramiday opened this issue Sep 9, 2021 · 4 comments

Comments

@piramiday
Copy link

running piactl get pubip sometimes returns the wrong public IP address.
if an ISP leases the IP for a short period of time, say 24h, then an always-on computer with PIA smoothly running will get the correct answer to piactl get pubip only for the first day, then it will not refresh the ip, ever.

the PIA application should be instrumented to verify that the public IP is still current every few hours, to be able to use piactl get pubip reliably.
@JonathonH-PIA
Copy link
Contributor

Agree this is an issue - it goes way back to 1.0 when we didn't have any machinery to make a request bypassing the VPN while connected, which we do have now of course.

I'm curious about your setup here though - polling every few hours still could return the wrong IP for a few hours (or whatever interval we choose), so I'm not sure if it'd be reliable enough without some sort of active detection.

What are you using this for? Would a few-hours accuracy guarantee be sufficient?

With OpenVPN, we could currently rely on the connection terminating whenever the public IP changes since we don't currently have roaming, but with WireGuard we can't rely on that. We could heuristically re-detect if we see the local NIC change state (like roaming across Wi-Fi networks), but a change due to the ISP lease expiring would only be apparent on the gateway for many networks.

I suppose it might also be possible to have a CLI command to tell us to "probe now", so you could be pretty sure it's up-to-date whenever you are about to use it.

@piramiday
Copy link
Author

What are you using this for? Would a few-hours accuracy guarantee be sufficient?

I have a remote box with strict firewall rules -- every time my local public IP changes I have to re-authorize it.
my SSH config implements cool tricks hopping via a fixed-IP gateway if a direct connection is not possible, so I'm never locked out, but I would still like to have a more automated way of whitelisting my IP when it changes.
at present, I do need to disconnect from the VPN only to force the recomputation of the pubip.

I suppose it might also be possible to have a CLI command to tell us to "probe now", so you could be pretty sure it's up-to-date whenever you are about to use it.

that's for sure! you could even ping your PIA backend to fetch the current public IP before any piactl get pubip command.

@JonathonH-PIA
Copy link
Contributor

Interesting, thanks for all that context. I agree that an on-demand probe sounds like a good solution - then it's up to date whenever the custom automation requests it, and anybody using it can tune the interval to their needs just by probing at the right time.

I can't promise when it'll happen, but I will get it in our backlog 😁

@piramiday
Copy link
Author

any news on this? such a bug is still alive and kicking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@piramiday @JonathonH-PIA