Automatization of port renewal with PIA (Windows GUI)

I am also behind CGNAT, here is how I got it working:

1. I already had a PIA (Private Internet Access) subscription which supports port forwarding
2. Used the split tunnel option in PIA to only route the storj node exe through the VPN.
3. Enabled port forwarding in PIA
4. Used GitHub - skibish/ddns: Personal DDNS client with Digital Ocean Networking DNS as backend. with a subdomain on a domain I own with the DNS hosted on DigitalOcean (note: also used split tunnel to only route the ddns.exe through the VPN to use the correct IP). I run this on startup with task scheduler with a delay of 1 minute to allow the VPN to start and connect.
5. Finally I created a little python script that uses the PIA CLI to get the active forwarded port (the ports expire after 2 months) and if it changed it updates the storj config file and restarts the storage node windows service. I run this also every 5 minutes using task scheduler.

Here is what my config looks like (make a copy of your config before making any changes):

# I changed this to 0.0.0.0 to allow access from other computers in my internal network,
# This would be a security risk though if I am not behind CGNAT since it would allow access
# from the internet
console.address: 0.0.0.0:14002

# Here I put the subdomain I use for the DDNS
# The first time I just entered the port PIA shows, then my script changes this automatically
# when the port expires and PIA gets a new one
contact.external-address: <ddns-subdomain>.<your-domain>:31189

identity.cert-path: C:\Users\******\wh\storj\Identity\storagenode\identity.cert
identity.key-path: C:\Users\******\wh\storj\Identity\storagenode\identity.key
log.level: info
log.output: winfile:///C:\Program Files\Storj\Storage Node\\storagenode.log

operator.email: ***************************@gmail.com
operator.wallet: '0x******************************************'
operator.wallet-features: ''

# This needs to be the same as the port in contact.external-address, also updated
# automatically by my script when the PIA port changes, had to set it up the first time only
server.address: :31189

server.private-address: 127.0.0.1:7778
storage.allocated-bandwidth: 0 B

storage.allocated-disk-space: 550 GB
storage.path: B:\

Finally here is the python script (Must be run with admin privileges because it needs to access the program files directory to modify the storj node config):
Run at your own risk
Also has a dependency on PyYAML so you must install it using pip install pyyaml

import re
import yaml
import subprocess
from os import path

pia_exe = "C:\Program Files\Private Internet Access\piactl.exe"
cp = subprocess.run([pia_exe, "get", "portforward"],
                    capture_output=True, text=True)

stdout_pattern = r"[0-9]{5}"
stdout_match = re.match(stdout_pattern, cp.stdout, flags=re.IGNORECASE)
if not stdout_match:
    exit(1)

portforward_status = stdout_match.group()

with open("C:\Program Files\Storj\Storage Node\config.yaml", "r+") as storj_config:
    config = yaml.load(storj_config, Loader=yaml.SafeLoader)
    if config["server.address"] != f":{portforward_status}":
        # Delete existing contents and seek to start
        storj_config.truncate(0)
        storj_config.seek(0)

        # Write modified config
        config["server.address"] = f":{portforward_status}"
        config["contact.external-address"] = f"subdomain.domain.example:{portforward_status}"
        # Otherwise this will get dumped as an integer
        config["operator.wallet"] = hex(config["operator.wallet"])
        yaml.dump(config, storj_config)

        # Stop & restart Storj service
        subprocess.run(["net", "stop", "storagenode"], check=True)
        subprocess.run(["net", "start", "storagenode"], check=True)

Forgot to add that you must also add a firewall rule in windows firewall to allow incoming connections to the STORJ node exe from any port since the ports change regularly.

You can edit your post to add this info

Question regarding PIA. On your connection type is it set to UDP or TCP? And on Configuration method is it DCHP or Static?

I am connecting using WireGuard which runs over UDP.

Thank you. I appreciate you time and assistance.

please let me know if this issue fix your problem with status offline because i had same case. thanks

I am embarrassed to say I was not able to get it to work. I tried it on three computers to no avail. I had a friend come by and go through the steps with me on one of the PCs and he was just as surprised it did not work.
Kind of disappointing.

What does your DDNS config look like?
Did you make sure Windows firewall is not blocking the connection?

On my original post I did some screen shots showing the DDNS settings and windows firewall. At one point I had all ports open to Storj also without success.
It must be something I am not think of now. I tried to post a torrent of some animations I gave away. As a poster of the torrent with up to 16 peers no one could connect to me. This was true behind my router and tested connected directly to modem.
Original post: Unable to get past OFFLINE in new setup on Windows 10 - Node Operators / troubleshooting - Storj Community Forum (official)

I I understand correctly you currently have DDNS setup through your router still?
If that’s the case, then the method I outlined above will not work since if you setup DDNS through your router you are getting your ISP IP address not the PIA VPN address.

In your original post your are using no-ip. Since you already paid for a subscription maybe try using their dynamic update client which you install on Window instead of setting it up through the router:

Now this replaces step 4 in my post, and you then have to use the split-tunnel option in PIA to only route the no-ip client through the VPN. My method assumes you are using PIA and from your reply I don’t know if you are using it or not.

I looked at the no-ip client docs and since I haven’t tested the PIA split tunnel option with it I am not sure if it will work or not. But there are configuration options in the client that could work.

Without using the split tunnel option I guess if you select the Network adapter of PIA (In my case it was called piawg0 for the WireGuard connection) and check the “Use the IP of my local network adapter” it should work.

I will give it a go. Thank you.

Gave it a go. I spent a great deal of time working on it and double checked everything along the way. I did my best to document everything along the way as well.
The following is what I did to try to get it to work.

Removed DDNS from Router
Installed DUC
Added DUC to VPN (PIA) and then made sure I set a firewall rule.
Check for old install storj files. None found
Went to Storj Node Operator Docs to follow guide.
(Identity - Node Operator (storj.io))

Got new token on new email address
Opened Powershell for Indentity Binary download
Ran ./identity exe through powershell (same window as binary downloaded)
Completed “36” and received ca.key
Opened Command Prompt. Entered identity.exe create storagenode. Received the following: Error: CA certificate and/or key already exists, NOT overwriting!

Ran Powershell command Authorize ./Identity.exe authorize storagenode with Email Char String.
Received:
PS C: \ . / identity .exe authorize storagenode IMF 9bfQxhf7EdBt57iyYsRR6x3kgC2D8XiVPR2
Hg6sE BoJQ3qi 9S39L Qe5QS2sRJaxPe86bNAkhC TosxsYbksss
2021/ N/ 28 5:29 proto: duplicate proto type registered: node. SigningRequest
2021/ N/ 28 5:29 proto: duplicate proto type registered: node. SigningResponse
Identity successfully authorized using single use authorization token.
Please back-up "C: \ to a safe location.
PS C: \

Ran Authorize Command Prompt command identity.exe authorize storagenode with email char string
Received:
C:\Users\joea1>identity.exe authorize storagenode joseph~~~~Qgmai1.cm:1AF9bfQ (removed rest of line.)

2021/04/28 06:12:59 proto: duplicate proto type registered: node. SigningRequest
2021/04/28 06:12:59 proto: duplicate proto type registered: node. SigningResponse
Error: certificates peer error: authorization already claimed: joseph~~~~~~~gmai1 IAF9bf
((not sure why there are lines through the lines above. )
Ran Powershell first sls with a return value of 2
Ran Powershell second sls with a return value of 3

Ran Command Prompt first findstr command with a return value of 2
Ran Command Prompt second findstr command with a return value of 3

Backed up folder storj/indentity/storagenode (Has six files in it)

Turned off Split Tunnel in PIA

Download MSI Installer

Began Install

4 - default (install folder)
5 - default (identity folder)
6 - enter ethereum wallet
7 - entered my email address
8 - entered external ddns alotofthings.ddns.net:28967
9 - Entered location for storage f:\st
10 - Entered size 3.5tb on a 4tb drive
11 - Clicked Install
13 - Clicked Finish with open dashboard.

Received message on attempt localhost:14002
Hmmmm…can’t reach this page.

The first attempt was through Edge with bypass vpn tunnel. Tried again with chrone which is using vpn and received same message.

Rechecked firewall and there is a rule set at 28967 TCP
Added a new rule for all ports with TCP and checked - no change

Rechecked router for port forwarding and it is set to my PC address 192.168.0.102

Changed setting in Preferences from detect my IP using remote to “use the ip of my local network adapter.”
Gave me a completely new address neither listed as IP or VPN IP.

In edge did a port check using DUC on edge.
This pulled up 47.219.193.191 as my ip. Ran it for 28967 and port is closed.

Opened chrome (which is in VPN tunnel) and port checker automatically entered my IP as 154.3.250.27 and returned an error that connection was refused.

Quit PIA and restarted just to see if that would make a difference. It did not.
Restarted both DUC and PIA to see if that would make a difference. It did not.

I want to thank you for all of your help. You have been exceptional in your efforts to help me. I believe I have taken too much of your time as it is and will just let it go and say “at least I tried”. Once again thank you for your time and patience.

Joe

Hey @alotofthings I won’t blame you if you gave up now . But reading through your post I have a few notes:

• The errors you got during your initial setup from running the commands in PowerShell should not be ignored. I only ever installed storj once so I haven’t experienced any of these error myself.
• Not being able to access localhost:14002 could mean that the storage node service is not running. You can confirm from task manager > services tab, then check the status of the service called “storagenode”
• I would first make sure the service is running and you can access it through the browser before introducing PIA, duc, etc…
• If the storj node service could not start due to an error this info will be logged at “C:\Program Files\Storj\Storage Node\storagenode.log”. Reading the last few lines will help debug any issues you might encounter in the future.

I had same problem as you exactly and repeat every thing many time with different connection and many different routers i even format my computer and make anew windows and still not working every thing is ok with me but status always offline. Finally i gave up😞

Did you try Running a V3 Storage Node with PIA (VPN) – Storj ?

Today i bought the pia and made the steps again as the topic but still status show as offline i’m tired of this week ago i’m trying everything.

Let’s try together. Did you enabled port forwarding in the PIA? Did you have a hostname and port?
Did you install DDNS updater on PC with PIA client?
What is your storagenode version - docker or Windows GUI or maybe just a binary?

The main point - you should use your DDNS address and it should be updated to the PIA’s external IP, you should specify your DDNS address with PIA’s port as the node’s external address (the port should be provided after PIA is established connection as well).
Did you check your DDNS address and PIA’s port on Open Port Check Tool - Test Port Forwarding on Your Router (the node should be running)?

What i did is

1- instal pia and enable port forwarding.
2- instal no-ip and creat a host.
3- be sure that the ip of pia is the same as it shown in no-ip program.
4- enable the port from pia at the fire wall.
5- check on test ip site if the port is enable or not and i found that the port is closed ( i check with ip that pia gave me and with host address name.ddns.net and the ipv4 all of them same result port is closed.
Restart every thing and try different server from pia like ( france & Netherland ) with no hope.
Using GUI and sv3 last version of pia and no-ip i check every thing could be in your mind with no hope.
Notice i tried another port like 80 and it was open but pia port show closed.
I tried to contact with pia support and sent the problem and the answer me like that.

Thank you for contacting PIA customer support.

I am really sorry for the issue you are currently experiencing. Please note that the port forwarding utility wouldn’t be monitored in the way it was shown. To utilize it, you need to implement it in a configuration instead of trying to monitor it. Only way to confirm if Port Forward is working is to try and transfer data. If there is no data moving through, those tests will show it as closed.

Kindly let us know if you have other question or concern.

It will be closed until you run something what can listen this port. storagenode for example
Please, specify the DDNS address and port via colon as your external address (for docker version it is -e ADDRESS=my.ddns.net:51784 -p 51784:28967 in the docker run command), for Windows GUI it’s

contact.external-address: my.ddns.net:51784
...
server.address: :51784

For Windows GUI you need to save the config and restart the storagenode service either from the Services applet or from the elevated PowerShell:

Restart-Service storagenode