[SOLVED] Setup surfshark-vpn

rabarrett · 2023-03-13 01:24:29

The state of the AUR packages for surfshark appears to be sketchy. It looks like 2-3 different attempts to setup the debian bin for arch have failed or been removed for poor work or worse.

So while I had one of those working (surfshark-client I believe), after I saw it had been deleted from AUR I removed it.

However, now I'm having trouble getting the manual setup to work correctly. I've been trying to use the step by step instructions for Manjaro here:
https://support.surfshark.com/hc/en-us/ … x-Terminal-

But when I

 
sudo vim us-chi.prod.surfshark.com_udp.ovpn

The output (after entering username and pass) is

2023-03-12 20:16:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2023-03-12 20:16:52 TCP/UDP: Preserving recently used remote address: [AF_INET]138.199.42.153:1194
2023-03-12 20:16:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-03-12 20:16:52 UDPv4 link local: (not bound)
2023-03-12 20:16:52 UDPv4 link remote: [AF_INET]138.199.42.153:1194
2023-03-12 20:16:52 TLS: Initial packet from [AF_INET]138.199.42.153:1194, sid=c50e37e7 e1901773
2023-03-12 20:16:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-12 20:16:52 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2023-03-12 20:16:52 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2023-03-12 20:16:52 VERIFY KU OK
2023-03-12 20:16:52 Validating certificate extended key usage
2023-03-12 20:16:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-03-12 20:16:52 VERIFY EKU OK
2023-03-12 20:16:52 VERIFY OK: depth=0, CN=us-chi-v054.prod.surfshark.com
2023-03-12 20:16:52 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-12 20:16:52 [us-chi-v054.prod.surfshark.com] Peer Connection Initiated with [AF_INET]138.199.42.153:1194
2023-03-12 20:16:52 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-03-12 20:16:52 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-03-12 20:16:53 SENT CONTROL [us-chi-v054.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2023-03-12 20:16:53 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.16 255.255.255.0,peer-id 15,cipher AES-256-GCM'
2023-03-12 20:16:53 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.1)
2023-03-12 20:16:53 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-03-12 20:16:53 Socket Buffers: R=[212992->425984] S=[212992->425984]
2023-03-12 20:16:53 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-12 20:16:53 OPTIONS IMPORT: route options modified
2023-03-12 20:16:53 OPTIONS IMPORT: route-related options modified
2023-03-12 20:16:53 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-12 20:16:53 net_route_v4_best_gw query: dst 0.0.0.0
2023-03-12 20:16:53 net_route_v4_best_gw result: via 192.168.1.1 dev wlan0
2023-03-12 20:16:53 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=c4:03:a8:52:f7:60
2023-03-12 20:16:53 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
2023-03-12 20:16:53 Exiting due to fatal error

I'm guessing that the key problem is this:

2023-03-12 20:16:53 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.1)

But I haven't found a way to alter what appears to be a bad option in the config file. Or perhaps it is that the option is correct, but my NetworkManager setup needs to be changed.

Thoughts?

Here is the ovpn config file I'm using (downloaded from surfshark) us-chi-.prod.surfshark.com_udp.ovpn:

client
dev tun
proto udp
remote 138.199.42.153 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server

auth-user-pass

#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
(details omitted)
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
(details omitted)
-----END OpenVPN Static key V1-----
</tls-auth>

======
Other attempts

I've also tried setting it up with the nm-cli icon (I'm running awesomewm) but after setting up the openvpn or wiregaurd profiles, they failed after the login was complete.

Finally, I've tried using the AUR's surfshark-vpn but couldn't find instructions on how to set it up after installing.

Last edited by rabarrett (2023-03-13 17:07:54)

rabarrett · 2023-03-13 01:53:05

I think I got it working. It appears that after updating the kernel, there is a problem with the tun interface until rebooting. I wouldn't have guessed that since I ran into this same problem several times over the last 2 weeks. But I guess I had always updated the kernel and hadn't rebooted when I attempted to establish the vpn connection.

Now the connection appears to work fine.

Many thanks to this thread:
https://bbs.archlinux.org/viewtopic.php?id=255381

Arch Linux

#1 2023-03-13 01:24:29

[SOLVED] Setup surfshark-vpn

#2 2023-03-13 01:53:05

Re: [SOLVED] Setup surfshark-vpn

Board footer