getting Surfshark to work on openvpn/openwrt

This forum is for general conversation and user-user networking.
Post Reply
nextman
OpenVpn Newbie
Posts: 2
Joined: Tue Jul 28, 2020 5:20 pm

getting Surfshark to work on openvpn/openwrt

Post by nextman » Tue Jul 28, 2020 5:27 pm

ive recently switched my vpn provider from nord to surfshark so i downloaded config files from surfshark and replaced my old nordvpn files in etc/openvpn/ but i cant seem to connect to the vpn. ive had a look at the log and get this authentication error:

Code: Select all

Tue Jul 28 18:12:38 2020 daemon.notice openvpn(nordvpn)[20053]: SIGTERM[soft,auth-failure] received, process exiting
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.44.201.93:1194
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: UDP link local: (not bound)
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: UDP link remote: [AF_INET]89.44.201.93:1194
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: TLS: Initial packet from [AF_INET]89.44.201.93:1194, sid=f3949cae 9b99a4f9
Tue Jul 28 18:12:43 2020 daemon.warn openvpn(nordvpn)[20059]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: VERIFY KU OK
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: Validating certificate extended key usage
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: VERIFY EKU OK
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: VERIFY OK: depth=0, CN=uk-man-v048.prod.surfshark.com
Tue Jul 28 18:12:43 2020 daemon.warn openvpn(nordvpn)[20059]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Tue Jul 28 18:12:43 2020 daemon.warn openvpn(nordvpn)[20059]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Tue Jul 28 18:12:43 2020 daemon.warn openvpn(nordvpn)[20059]: WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 28 18:12:43 2020 daemon.notice openvpn(nordvpn)[20059]: [uk-man-v048.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.44.201.93:1194
Tue Jul 28 18:12:45 2020 daemon.notice openvpn(nordvpn)[20059]: SENT CONTROL [uk-man-v048.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 28 18:12:50 2020 daemon.notice openvpn(nordvpn)[20059]: SENT CONTROL [uk-man-v048.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 28 18:12:50 2020 daemon.notice openvpn(nordvpn)[20059]: AUTH: Received control message: AUTH_FAILED
Tue Jul 28 18:12:50 2020 daemon.notice openvpn(nordvpn)[20059]: SIGTERM[soft,auth-failure] received, process exiting
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.145.126.131:1194
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: UDP link local: (not bound)
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: UDP link remote: [AF_INET]192.145.126.131:1194
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: TLS: Initial packet from [AF_INET]192.145.126.131:1194, sid=bbee9ea0 5fed68aa
Tue Jul 28 18:12:55 2020 daemon.warn openvpn(nordvpn)[20062]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: VERIFY KU OK
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: Validating certificate extended key usage
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: VERIFY EKU OK
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: VERIFY OK: depth=0, CN=uk-man-v011.prod.surfshark.com
Tue Jul 28 18:12:55 2020 daemon.warn openvpn(nordvpn)[20062]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Tue Jul 28 18:12:55 2020 daemon.warn openvpn(nordvpn)[20062]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Tue Jul 28 18:12:55 2020 daemon.warn openvpn(nordvpn)[20062]: WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 28 18:12:55 2020 daemon.notice openvpn(nordvpn)[20062]: [uk-man-v011.prod.surfshark.com] Peer Connection Initiated with [AF_INET]192.145.126.131:1194
Tue Jul 28 18:12:56 2020 daemon.notice openvpn(nordvpn)[20062]: SENT CONTROL [uk-man-v011.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 28 18:13:02 2020 daemon.notice openvpn(nordvpn)[20062]: SENT CONTROL [uk-man-v011.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 28 18:13:02 2020 daemon.notice openvpn(nordvpn)[20062]: AUTH: Received control message: AUTH_FAILED
Tue Jul 28 18:13:02 2020 daemon.notice openvpn(nordvpn)[20062]: SIGTERM[soft,auth-failure] received, process exiting
any help appreciated. My vpn works fine if i switch back to the old Nordvpn config files so i dont think theres an issue with the local set up. My config file from surfshark is available here, the only changes i have made are to the auth line to include my credentials and pull-filter to use vpn policy routing:

server

client
dev tun
proto udp
remote uk-man.prod.surfshark.com 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0

remote-cert-tls server

auth-user-pass /etc/openvpn/nordvpn.auth

verb 3
pull
pull-filter ignore "redirect-gateway"
fast-io
cipher AES-256-CBC

auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
-----END OpenVPN Static key V1-----
</tls-auth>

User avatar
Pippin
Forum Team
Posts: 831
Joined: Wed Jul 01, 2015 8:03 am

Re: getting Surfshark to work on openvpn/openwrt

Post by Pippin » Tue Jul 28, 2020 5:46 pm

You will find support with Surfshark.

Hint:

Code: Select all

AUTH: Received control message: AUTH_FAILED

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: getting Surfshark to work on openvpn/openwrt

Post by TinCanTech » Tue Jul 28, 2020 5:57 pm

nextman wrote:
Tue Jul 28, 2020 5:27 pm
recently switched my vpn provider from nord to surfshark
nextman wrote:
Tue Jul 28, 2020 5:27 pm
auth-user-pass /etc/openvpn/nordvpn.auth
:roll: :mrgreen:

nextman
OpenVpn Newbie
Posts: 2
Joined: Tue Jul 28, 2020 5:20 pm

Re: getting Surfshark to work on openvpn/openwrt

Post by nextman » Tue Jul 28, 2020 6:16 pm

TinCanTech wrote:
Tue Jul 28, 2020 5:57 pm
nextman wrote:
Tue Jul 28, 2020 5:27 pm
recently switched my vpn provider from nord to surfshark
nextman wrote:
Tue Jul 28, 2020 5:27 pm
auth-user-pass /etc/openvpn/nordvpn.auth
:roll: :mrgreen:
i know the filenames the same but i have edited the file with my surfshark details.

EDIT:

for some reason, when i was downloading my config files i didnt see the big red writing that said openvpn connections have different credentials. found the correct login details and all works now. thanks
Last edited by nextman on Tue Jul 28, 2020 6:23 pm, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: getting Surfshark to work on openvpn/openwrt

Post by TinCanTech » Tue Jul 28, 2020 6:20 pm

nextman wrote:
Tue Jul 28, 2020 6:16 pm
i have edited the file with my surfshark details
You did it incorrectly :lol:

Post Reply