OpenVPN
OpenVPN is open source, secure and robust. It is readily available for most platforms and can be setup quickly. The SurfShark native client also uses OpenVPN underneath.
It supports both tcp and udp based wrappers for vpn traffic over internet. UDP is significantly faster than tcp and works really well. There are multiple ways to use Surfshark on ubuntu with openvpn technology.
You can either install the Surfshark native client and it will automatically do everything. If you do not want to install any 3rd party applications on your ubuntu system then you can do the manual openvpn setup from the command line.
If you plan to use surfshark vpn on a ubuntu server which does not have a desktop interface for running gui applications then use the manual setup option.
The surfshark gui client app is currently available for only debian based distros like Debian, Ubuntu, Linux Mint. If you are using a linux distro that is not yet supported by the surfshark client app (like Fedora), then use the manual openvpn setup. More details can be found here.
With manual OpenVPN setup you will not be able to get some features like ad blocking which can be enabled only using the native client, or the chrome extension.
In this quick tutorial we take a quick look at how to setup surfshark with OpenVPN on ubuntu. The entire process is a simple 3 step process:
- 1. Install OpenVPN
- 2. Download Surfshark openvpn configuration files
- 3. Connect using the configuration file
1. Install openvpn
The first step is to install the openvpn package. OpenVPN can be used to run a vpn server as well as vpn client that can connect to other vpn servers. In our example we shall use openvpn as a client to connect to SurfShark.
sudo apt install openvpn -y
The good thing is that we need not do any complicated configuration to use OpenVPN as a client for SurfShark. The configuration files are located in the following directory:
/etc/openvpn/
2.Download SurfShark OpenVPN Configuration Files
The next step is to download the openvpn configuration files (.ovpn extension) and use them with openvpn right away. Each ovpn configuration file contains details about how to connect to a particular vpn server.
The configuration files can be downloaded as single archive from the following url:
https://my.surfshark.com/vpn/api/v1/server/configurationsNote: You do not need root privileges for setting up the configuration files. We shall install them in the home directory.
mkdir openvpn_config cd openvpn_config wget https://my.surfshark.com/vpn/api/v1/server/configurations
Now extract the "configurations" archive file using the unzip command:
unzip configurations
Each of the configuration file is a profile to connect to a particular VPN server. For example the following configuration file is for a vpn server in USA-New York location that uses UDP protocol:
us-nyc.prod.surfshark.com_udp.ovpn
You will see lots of similar configuration files, 2 for each location (one for tcp and another for udp protocol).
The configuration file consists of server ip address, certificates and encryption key to be used.
OpenVPN has provided a sample client configuration file here and a full how-to guide here. Check them out if you want to dig deeper into how OpenVPN configuration works.
The contents of a SurfShark OpenVPN configuration file look like this:
us-nyc.prod.surfshark.com_udp.ovpn
client dev tun proto udp remote 37.19.199.214 1194 resolv-retry infinite remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping 15 ping-restart 0 ping-timer-rem reneg-sec 0 remote-cert-tls server auth-user-pass #comp-lzo verb 3 pull fast-io cipher AES-256-CBC auth SHA512 <ca> -----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- </ca> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1----- </tls-auth>
3. Connect to VPN server
Now that we have installed OpenVPN and downloaded configuration files, its time to connect to the vpn server and start surfing.
The command is actually very short and simple:
sudo openvpn us-nyc.prod.surfshark.com_tcp.ovpn
The above command will connect to the vpn server specified in that particular configuration file using encryption keys and certificates. You will need to provide the username and password provided by Surfshark to connect to the vpn server. The same can be found in the Surfshark user dashboard.
On my system the output looks something like this
silver@silver:~/openvpn_config$ sudo openvpn us-nyc.prod.surfshark.com_tcp.ovpn 2023-01-05 19:09:22 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 2023-01-05 19:09:22 Note: Kernel support for ovpn-dco missing, disabling data channel offload. 2023-01-05 19:09:22 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 2023-01-05 19:09:22 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10 Enter Auth Username: USERNAME 🔐 Enter Auth Password: ************************ 2023-01-05 19:09:53 WARNING: --ping should normally be used with --ping-restart or --ping-exit 2023-01-05 19:09:53 NOTE: --fast-io is disabled since we are not using UDP 2023-01-05 19:09:53 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-05 19:09:53 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-05 19:09:53 TCP/UDP: Preserving recently used remote address: [AF_INET]37.19.199.214:1443 2023-01-05 19:09:53 Socket Buffers: R=[131072->131072] S=[16384->16384] 2023-01-05 19:09:53 Attempting to establish TCP connection with [AF_INET]37.19.199.214:1443 2023-01-05 19:09:54 TCP connection established with [AF_INET]37.19.199.214:1443 2023-01-05 19:09:54 TCPv4_CLIENT link local: (not bound) 2023-01-05 19:09:54 TCPv4_CLIENT link remote: [AF_INET]37.19.199.214:1443 2023-01-05 19:09:54 TLS: Initial packet from [AF_INET]37.19.199.214:1443, sid=ef975c9c 5f528167 2023-01-05 19:09:55 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA 2023-01-05 19:09:55 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA 2023-01-05 19:09:55 VERIFY KU OK 2023-01-05 19:09:55 Validating certificate extended key usage 2023-01-05 19:09:55 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2023-01-05 19:09:55 VERIFY EKU OK 2023-01-05 19:09:55 VERIFY OK: depth=0, CN=us-nyc-v085.prod.surfshark.com 2023-01-05 19:09:55 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1635', remote='link-mtu 1583' 2023-01-05 19:09:55 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' 2023-01-05 19:09:55 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]' 2023-01-05 19:09:55 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2023-01-05 19:09:55 [us-nyc-v085.prod.surfshark.com] Peer Connection Initiated with [AF_INET]37.19.199.214:1443 2023-01-05 19:09:55 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.7.7.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.7.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' 2023-01-05 19:09:55 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6_git) 2023-01-05 19:09:55 OPTIONS IMPORT: timers and/or timeouts modified 2023-01-05 19:09:55 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp 2023-01-05 19:09:55 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified 2023-01-05 19:09:55 Socket Buffers: R=[131072->425984] S=[87040->425984] 2023-01-05 19:09:55 OPTIONS IMPORT: --ifconfig/up options modified 2023-01-05 19:09:55 OPTIONS IMPORT: route options modified 2023-01-05 19:09:55 OPTIONS IMPORT: route-related options modified 2023-01-05 19:09:55 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2023-01-05 19:09:55 OPTIONS IMPORT: peer-id set 2023-01-05 19:09:55 OPTIONS IMPORT: data channel crypto options modified 2023-01-05 19:09:55 net_route_v4_best_gw query: dst 0.0.0.0 2023-01-05 19:09:55 net_route_v4_best_gw result: via 192.168.1.1 dev enp0s3 2023-01-05 19:09:55 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:f5:88:31 2023-01-05 19:09:55 TUN/TAP device tun0 opened 2023-01-05 19:09:55 net_iface_mtu_set: mtu 1500 for tun0 2023-01-05 19:09:55 net_iface_up: set tun0 up 2023-01-05 19:09:55 net_addr_v4_add: 10.7.7.2/24 dev tun0 2023-01-05 19:09:55 net_route_v4_add: 37.19.199.214/32 via 192.168.1.1 dev [NULL] table 0 metric -1 2023-01-05 19:09:55 net_route_v4_add: 0.0.0.0/1 via 10.7.7.1 dev [NULL] table 0 metric -1 2023-01-05 19:09:55 net_route_v4_add: 128.0.0.0/1 via 10.7.7.1 dev [NULL] table 0 metric -1 2023-01-05 19:09:55 Data Channel: using negotiated cipher 'AES-256-GCM' 2023-01-05 19:09:55 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-01-05 19:09:55 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-01-05 19:09:55 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-01-05 19:09:55 Initialization Sequence Completed
Note that last line which says:
Initialization Sequence Completed
This indicates that connection to the openvpn server was established successfully and now we can use it to connect to internet.
To end the OpenVPN session (disconnect) just press Ctrl+c.
Once you are connected to the vpn, you can see the new network connection using the nmcli command:
$ nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 02ca8777-82b9-36a1-993f-4ca7a62ea9cc ethernet enp0s3 tun0 f651b0fd-961a-41fe-961a-8d1c9354ff9d tun tun0 $
In the above output the "Wired connection 1" is the actual ethernet connection, whereas the tun0 is the openvpn connection. When you disconnect from the vpn by pressing Ctrl+c, the tun0 interface will be removed as well.
$ nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 02ca8777-82b9-36a1-993f-4ca7a62ea9cc ethernet enp0s3 $
List of surfshark vpn servers
A complete list of surfshark vpn servers can be found at the following url:
https://surfshark.com/serversAccording to the current stats they have over 3200 servers in 100 countries, which gives its users great coverage and options.
Tweak authentication
The openvpn command requires you to provide the username and password everytime by typing it. If you want to avoid this, then provide the login details using a simple text file.
Create password file to avoid copy pasting everytime.
nano pass.txt
Paste your username and password in 2 separate lines like below and save and close the file.
USERNAME PASSWORD
Now run the openvpn command with the "--auth-user-pass" argument as follows:
sudo openvpn --config us-kan.prod.surfshark.com_tcp.ovpn --auth-user-pass pass.txt
So now you do not need to manually type the username/password everytime.
For using VPN profiles with NetworkManager on KDE, install the following package.
sudo apt-get install network-manager-openvpn
4. Check your public IP
After setting up the connection to the remove OpenVPN server its time to check our public ip address to see whether we are protected or not. To quickly check the ip address from command line, open the domain ifconfig.me using curl.
$ curl ifconfig.me
And it should show your public ip address which should be the same as ip address of the surfshark vpn server.
Alternatively just search google for "what is my ip" and you will get what you want.
5. Check Routes and Interface
OpenVPN re-routes all traffic through the vpn server it is connected to. It does this by creating a virtual network interface (NIC) and then changes the IP routing table in the operating system. It re-routes all traffic via this virtual nic, except the one destined to the vpn server (which is sent via the real nic connected to internet).
The ifconfig command will show this virtual network interface as follows:
$ ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.92 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::f59d:aac5:7a7f:48ee prefixlen 64 scopeid 0x20<link> ether 08:00:27:f5:88:31 txqueuelen 1000 (Ethernet) RX packets 1343093 bytes 1432484283 (1.4 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1058525 bytes 900333007 (900.3 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 4635 bytes 1211480 (1.2 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4635 bytes 1211480 (1.2 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.8.5 netmask 255.255.255.0 destination 10.8.8.5 inet6 fe80::89fd:29b7:d3fc:8097 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 396 bytes 186455 (186.4 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 496 bytes 119663 (119.6 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 $
In the above output tun0 is the virtual network interface created by openvpn whereas enp0s3 is actual ethernet card.
The same can be checked with the "ip a" command. If you run "ip a" command you shall see an entry named tun0:
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:f5:88:31 brd ff:ff:ff:ff:ff:ff inet 192.168.1.92/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s3 valid_lft 84966sec preferred_lft 84966sec inet6 fe80::f59d:aac5:7a7f:48ee/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 10.7.7.2/24 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::6c66:4595:5883:771/64 scope link stable-privacy valid_lft forever preferred_lft forever $
The tun0 is the gateway of the SurfShark VPN.
Now that we have checked the network interface, lets take a look at the ip routing table which shows the gateway as well.
Here are a bunch of commands that can be used to check the routing table and gateway.
- route -n
- netstat -rn
- ip r
- ip route show
The output of route and netstat commands will look similar, whereas the ip command output looks different. Lets check these.
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 enp0s3 10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 74.80.182.87 192.168.1.1 255.255.255.255 UGH 0 0 0 enp0s3 128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 $
Note the first line for destination "0.0.0.0".
0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
This line tells the kernel to route all ip traffic via 10.8.8.1 (tun0) which is the virtual network interface created by OpenVPN.
Check another line:
74.80.182.87 192.168.1.1 255.255.255.255 UGH 0 0 0 enp0s3
This line tells that all traffic destined to "74.80.182.87" (the remote VPN server) should be routed via 192.168.1.1 (enp0s3) which is the real ethernet interface connected to the internet.
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp0s3 10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 74.80.182.87 192.168.1.1 255.255.255.255 UGH 0 0 0 enp0s3 128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 $
The same when done with the "ip r" or "ip route show" command:
$ ip r 0.0.0.0/1 via 10.8.8.1 dev tun0 default via 192.168.1.1 dev enp0s3 proto dhcp src 192.168.1.92 metric 100 10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.8.3 74.80.182.87 via 192.168.1.1 dev enp0s3 128.0.0.0/1 via 10.8.8.1 dev tun0 169.254.0.0/16 dev enp0s3 scope link metric 1000 192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.92 metric 100 $
OpenVPN Log Files
By default openvpn outputs all messages to the same terminal where it is being run from. In case of any errors you can always check the messages for diagnostic information.
If you want to log messages from openvpn to a specific file use the "--log-append" option as follows:
sudo openvpn --config us-kan.prod.surfshark.com_udp.ovpn --auth-user-pass pass.txt --log-append ~/openvpn.log
The above command will log all openvpn output in the home directory. The verbosity of the logging can be set with the "--verb" option 0-11. 0 being the lowest and 11 being the highest.
sudo openvpn --config us-kan.prod.surfshark.com_udp.ovpn --auth-user-pass pass.txt --log-append ~/openvpn.log --verb 3
Default verbosity level is 3.
IP/DNS Leak Test, Speed Test
After setting up surfshark vpn it is very important to check that you are fully protected and getting the best speed.
For privacy protection we need to check ip and dns leak test results. It is very simple. Just go to the following site: https://ipleak.net/
The page would immediately show your visible public ip address and the dns servers that your computer is connecting to. Both the IP address and DNS servers should be different from the ones being used by your isp.
A common problem with vpn services is dns leak, where the system actually is able to connect to isp dns servers directly.
Ping Speed Test
The next thing to test is the speed. After setting up surfshark you want to make sure that you are getting optimal download speed. The best way to check this is with the Ookla speedtest.net tool.
https://www.speedtest.net/File download test
Or you can google for "test file download" and find some dummy large file that can be downloaded to test download speed. With this method you get a more accurate measurement of the download speed. For example I am using this site: https://speed.hetzner.de/. It got files of 100 MB, 1GB, 10GB.
$ wget https://speed.hetzner.de/100MB.bin
Now as wget completes the download it will report the overall download speed. This would give a proper measurement of the download speed.
Browser Extensions
Surfshark extensions for both chrome and firefox. Its a good option if you do not want to use vpn for all traffic on your system, but only when browsing few sites.
The chrome extension also makes it very quick and easy to connect to and change vpn servers with a single click. With openvpn if you have to run a command from a terminal every time.
The surfshark browser extension does not protect you as good as the openvpn or client app setup. Any traffic outside the browser will not use the vpn. Moreover the browser will suffer dns leaks as it is will only use surfshark as a proxy.
Search google for "surfshark chrome extension" or visit the following url:
https://chrome.google.com/webstore/detail/surfshark-vpn-extension/ailoabdmgclmfmhdagmlohpjlbpffblpThe chrome extension requires the surfshark account username and password to login.
Note: Do not activate both openvpn and surfshark chrome extension simultaneously, otherwise you would establish a dual vpn route to internet. It would look something like You system -> openvpn vpn server -> chrome extension vpn server -> internet. This would make it slow.
How does Surfshark chrome extension work ?
Browsers do not support any kind of vpn technologies. Therefore the surfshark chrome extension does not really use establish a vpn connection. It connects to the same server as openvpn, but uses the HTTPS proxy protocol instead.
The speed when using chrome extension is also very good, similar to openvpn udp mode. This makes it an effective option for proxy.
Conclusion
OpenVPN is one of the many vpn technologies available out there. Other popular vpn technologies include WireGuard and IkeV2/IPSEC.
Surfshark supports all 3 major technologies. namely OpenVPN, WireGuard and IPSec(IKEv2).
If you have any questions do let us know in the comments below.
References:
Here are some useful links and resources that were used in the development of this article.
https://askubuntu.com/questions/947178/how-can-i-find-the-default-gateway-of-a-machine
https://stackoverflow.com/questions/38869427/openvpn-on-linux-passing-username-and-password-in-command-line
https://support.surfshark.com/hc/en-us/articles/360011051133