gluetun icon indicating copy to clipboard operation
gluetun copied to clipboard

Published 20 hours ago verified publisher icon qdm12

VPN provider support: SurfShark (WireGuard)

Open HarryWindsor opened this issue 2 years ago • 1 comments

There already exists a pull request https://github.com/qdm12/gluetun/pull/587 which implements WireGuard support for SurfShark. Can this please be merged?

Thank you

HarryWindsor avatar May 19 '22 06:05 HarryWindsor

Yeah I worked on that back then, but some pieces are missing for it to work. Note for instance you can use the custom provider (see custom provider wiki page) and plug it values from a Wireguard config, if you can have one in Surfshark.

qdm12 avatar May 26 '22 15:05 qdm12

Thanks for all your hard work qdm12. Surfshark has finally added manual wireshark connections via configs. Is this something that could be looked at again rather than custom server type? Though I have done custom and it works fine.

https://surfshark.com/blog/surfshark-releases-manual-wireguard-connection

Mereks avatar Aug 23 '22 13:08 Mereks

Nice thanks for letting me know.

Do you have the same private key and peer address for all the servers in the Wireguard configurations? If they are, I can add native support. Otherwise there is no point since you would need to update your key and address everytime so it's better to use the custom provider. I should however add support for wireguard config files directly soon (instead of env variables)

qdm12 avatar Aug 23 '22 13:08 qdm12

Private key you can keep generating new ones which they say they will fix but you can use the same private key you've previously generated across all servers. The user interface ip also appears to stay the same across all servers as does DNS server. So really the only changing element seems to be the server public key (as expected) and of course the server ip address.

I only mention this because for me at least (using a relatively new server), I get easily twice the speed with their wireguard servers as I do with their OpenVPN servers located in the same area.

Mereks avatar Aug 23 '22 14:08 Mereks

Awesome I'm working on it now. A few questions I have for you:

  • What's the endpoint port? Is it always 51820? Or can you change it to some other values?
  • For server in Albania al-tia.prod.surfshark.com, is the public key l8EOWPyzt/njrb74CADY4VOhns/TbUN6KFTbytHcFQw=?

qdm12 avatar Aug 24 '22 02:08 qdm12

  • What's the endpoint port? Is it always 51820? Or can you change it to some other values?
  • For server in Albania al-tia.prod.surfshark.com, is the public key l8EOWPyzt/njrb74CADY4VOhns/TbUN6KFTbytHcFQw=?

I don't know if the endpoint port is always 51820, but this is the Albania config file I've got from Surfshark:

Address = 10.14.0.2/16
PrivateKey = private
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = l8EOWPyzt/njrb74CADY4VOhns/TbUN6KFTbytHcFQw=
AllowedIPs = 0.0.0.0/0
Endpoint = al-tia.prod.surfshark.com:51820```

frepke avatar Aug 24 '22 04:08 frepke

Please try:

docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=surfshark -e VPN_TYPE=wireguard -e WIREGUARD_ADDRESSES=10.14.0.2/16 -e WIREGUARD_PRIVATE_KEY=private qmcgaw/gluetun:pr-587

And replace the value of WIREGUARD_ADDRESSES with your interface assigned address, and the value of WIREGUARD_PRIVATE_KEY with your interface PrivateKey value. You can obviously add more env to filter servers etc. if you want to.

If it works, I'll merge #587 and add documentation to the wiki.

qdm12 avatar Aug 26 '22 01:08 qdm12

Please try:

docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=surfshark -e VPN_TYPE=wireguard -e WIREGUARD_ADDRESSES=10.14.0.2/16 -e WIREGUARD_PRIVATE_KEY=private qmcgaw/gluetun:pr-587

And replace the value of WIREGUARD_ADDRESSES with your interface assigned address, and the value of WIREGUARD_PRIVATE_KEY with your interface PrivateKey value. You can obviously add more env to filter servers etc. if you want to.

If it works, I'll merge #587 and add documentation to the wiki.

This is the log of the result:


🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2022-08-26T04:42:01Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:01Z INFO [routing] local ethernet link found: eth0
2022-08-26T04:42:01Z INFO [routing] local ipnet found: 172.17.0.0/16
2022-08-26T04:42:01Z INFO [firewall] enabling...
2022-08-26T04:42:01Z INFO [firewall] enabled successfully
2022-08-26T04:42:02Z INFO [storage] creating /gluetun/servers.json with 11616 hardcoded servers
2022-08-26T04:42:02Z INFO Alpine version: 3.16.2
2022-08-26T04:42:02Z INFO OpenVPN 2.4 version: 2.4.12
2022-08-26T04:42:02Z INFO OpenVPN 2.5 version: 2.5.6
2022-08-26T04:42:02Z INFO Unbound version: 1.15.0
2022-08-26T04:42:02Z INFO IPtables version: v1.8.8
2022-08-26T04:42:02Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: surfshark
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: yI...34=
|       ├── Interface addresses:
|       |   └── 10.14.0.2/16
|       └── Network interface: tun0
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2022-08-26T04:42:02Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:02Z INFO [routing] adding route for 0.0.0.0/0
2022-08-26T04:42:02Z INFO [firewall] setting allowed subnets...
2022-08-26T04:42:02Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:02Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-08-26T04:42:02Z INFO [pprof] http server listening on [::]:6060
2022-08-26T04:42:02Z INFO [http server] http server listening on [::]:8000
2022-08-26T04:42:02Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-08-26T04:42:02Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-08-26T04:42:02Z INFO [firewall] allowing VPN connection...
2022-08-26T04:42:02Z INFO [wireguard] Using available kernelspace implementation
2022-08-26T04:42:02Z INFO [wireguard] Connecting to 138.199.17.135:51820
2022-08-26T04:42:02Z INFO [wireguard] Wireguard is up
2022-08-26T04:42:02Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-08-26T04:42:03Z INFO [healthcheck] healthy!
2022-08-26T04:42:04Z INFO [dns over tls] downloading hostnames and IP block lists
2022-08-26T04:42:11Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com: i/o timeout
2022-08-26T04:42:14Z INFO [dns over tls] init module 0: validator
2022-08-26T04:42:14Z INFO [dns over tls] init module 1: iterator
2022-08-26T04:42:14Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-08-26T04:42:14Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-08-26T04:42:14Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-08-26T04:42:14Z INFO [dns over tls] ready
2022-08-26T04:42:14Z INFO [healthcheck] healthy!
2022-08-26T04:42:14Z INFO [vpn] There is a new release v3.31.0 (v3.31.0) created 30 hours ago
2022-08-26T04:42:15Z INFO [ip getter] Public IP address is 138.199.17.136 (Poland, Mazovia, Warsaw)

frepke avatar Aug 26 '22 04:08 frepke

Nice so it works, awesome. I'm also glad Surfshark got the brain to use the same private key and address for all their servers too, which made this possible 😄

qdm12 avatar Aug 26 '22 10:08 qdm12

Done in #587 and documented in https://github.com/qdm12/gluetun/wiki/Surfshark

qdm12 avatar Aug 26 '22 14:08 qdm12