You are not logged in.

#1 2023-03-13 01:24:29

Registered: 2012-07-05
Posts: 99

[SOLVED] Setup surfshark-vpn

The state of the AUR packages for surfshark appears to be sketchy.  It looks like 2-3 different attempts to setup the debian bin for arch have failed or been removed for poor work or worse.

So while I had one of those working (surfshark-client I believe), after I saw it had been deleted from AUR I removed it.

However, now I'm having trouble getting the manual setup to work correctly.  I've been trying to use the step by step instructions for Manjaro here: … x-Terminal-

But when I

sudo vim 

The output (after entering username and pass) is

2023-03-12 20:16:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2023-03-12 20:16:52 TCP/UDP: Preserving recently used remote address: [AF_INET]
2023-03-12 20:16:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-03-12 20:16:52 UDPv4 link local: (not bound)
2023-03-12 20:16:52 UDPv4 link remote: [AF_INET]
2023-03-12 20:16:52 TLS: Initial packet from [AF_INET], sid=c50e37e7 e1901773
2023-03-12 20:16:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-12 20:16:52 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2023-03-12 20:16:52 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2023-03-12 20:16:52 VERIFY KU OK
2023-03-12 20:16:52 Validating certificate extended key usage
2023-03-12 20:16:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-03-12 20:16:52 VERIFY EKU OK
2023-03-12 20:16:52 VERIFY OK: depth=0,
2023-03-12 20:16:52 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-12 20:16:52 [] Peer Connection Initiated with [AF_INET]
2023-03-12 20:16:52 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-03-12 20:16:52 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-03-12 20:16:53 SENT CONTROL []: 'PUSH_REQUEST' (status=1)
2023-03-12 20:16:53 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS,dhcp-option DNS,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway,topology subnet,ping 60,ping-restart 180,ifconfig,peer-id 15,cipher AES-256-GCM'
2023-03-12 20:16:53 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.1)
2023-03-12 20:16:53 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-03-12 20:16:53 Socket Buffers: R=[212992->425984] S=[212992->425984]
2023-03-12 20:16:53 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-12 20:16:53 OPTIONS IMPORT: route options modified
2023-03-12 20:16:53 OPTIONS IMPORT: route-related options modified
2023-03-12 20:16:53 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-12 20:16:53 net_route_v4_best_gw query: dst
2023-03-12 20:16:53 net_route_v4_best_gw result: via dev wlan0
2023-03-12 20:16:53 ROUTE_GATEWAY IFACE=wlan0 HWADDR=c4:03:a8:52:f7:60
2023-03-12 20:16:53 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
2023-03-12 20:16:53 Exiting due to fatal error

I'm guessing that the key problem is this:

2023-03-12 20:16:53 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.1)

But I haven't found a way to alter what appears to be a bad option in the config file.  Or perhaps it is that the option is correct, but my NetworkManager setup needs to be changed.


Here is the ovpn config file I'm using (downloaded from surfshark)

dev tun
proto udp
remote 1194
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
reneg-sec 0

remote-cert-tls server


verb 3
cipher AES-256-CBC

auth SHA512

(details omitted)
key-direction 1
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
(details omitted)
-----END OpenVPN Static key V1-----

Other attempts

I've also tried setting it up with the nm-cli icon (I'm running awesomewm) but after setting up the openvpn or wiregaurd profiles, they failed after the login was complete.

Finally, I've tried using the AUR's surfshark-vpn but couldn't find instructions on how to set it up after installing.

Last edited by rabarrett (2023-03-13 17:07:54)


#2 2023-03-13 01:53:05

Registered: 2012-07-05
Posts: 99

Re: [SOLVED] Setup surfshark-vpn

I think I got it working.  It appears that after updating the kernel, there is a problem with the tun interface until rebooting.  I wouldn't have guessed that since I ran into this same problem several times over the last 2 weeks.  But I guess I had always updated the kernel and hadn't rebooted when I attempted to establish the vpn connection.

Now the connection appears to work fine.

Many thanks to this thread:


Board footer

Powered by FluxBB