PIA VPN using OpenVPN on OpenWRT router in proxmox

Struggling to find answers on how to properly setup port forwarding using PIA. There are 'Next Gen' scripts on their site for manual connection set up (on github not their site) but I am failing to understand where these scripts need to be run.

I am running Proxmox and OpenWRT in its own LXC. OpenWRT is setup with PIA using OpenVPN. I then have a series of other VMs and LXCs routing through the OpenWRT using the VPN connection exclusively. There is a video of something very similar to what I have setup here: https://www.youtube.com/watch?v=3mPbrunpjpk

Basically, I am just curious if anyone has port forwarding working with PIA using OpenVPN on OpenWRT. I understand that this is not exclusively an OpenWRT issue, I am just desperate for some guidance and the other channels or forums I frequent are coming up empty. Thanks in advance.

You need to modify the script to your needs. port_forwarding.sh will get the port setup on PIA's side, but then you need to take the port number assigned and do whatever you plan to do with it(such as forward it to a local device or feed it to the app you're running). If you lose internet, or reboot the device, the port's going to change so you can't just run the script and manually setup port forwarding.

Be aware that running OpenWrt in a (lxc-) container is explicitly not a supported configuration, always use full system virtualization (e.g. kvm).

So then the order of operations is to run the .sh script on the machine that openwrt is running on, then I would need to modify it for what exactly? If PIA has a port reserved, would I not just be able to use that port and inform the application of the port number? Then if the machine gets rebooted or whatever, I re-run the script, if the port has changed, then i would just do the same thing, inform the application.

I guess what I am not understanding is what you are implying by what i need to modify. If I am connection to the VPN through OpenWRT, and the port forwarding is on their servers, then there isnt anything that needs to be done on OpenWRT right?

The PIA description sounds like they will reserve your port number if you keep using it. Otherwise you'd also have to advise users of your service to connect to a different port every time it changed.

When the forwarded packets arrive at your OpenWrt router, if the service is running locally on OpenWrt you need to be sure the firewall allows them in. If the service is running on a separate machine on your LAN you would need to forward the port again, just like if the router were connected directly to the Internet.

If you're not trying to automate it, then yes you should be able to run a script from your OpenWRT device and setup the port in your application. I use a modified version of these scripts, but I use them on a linux server, so I can't say exactly how they'll work on OpenWRT. I'll try to help you, though.

You might be able to use the all-in-one prompt-based script as-is. It's meant to also setup the openVPN connection, even if the last part fails it will set the environment variables you need(Hostname, token, and IP).

I'd start by trying to run the prompt based script from your OpenWRT device with the VPN connection off and see what happens. It'll prompt you for your account information and attempt to set everything up. If it fails, post the output with your info(ip's, passwords, token's, hostname) redacted.