Skip to content

Setting up a Surfshark VPN

Jump to bottom Edit New page
andrew-bibb edited this page Mar 13, 2022 · 25 revisions

Overview

This page will describe the process to setup a Surfshark VPN using CMST and ConnMan. We make no endorsements or recommendations about this service. It happens to be the VPN I use so I know how to set it up. The process for other VPN services may be similar to varying degrees.

Requirements

  • An active subscription to Surfshark
  • OpenVPN installed per the directions for your distribution and verified to be working.
  • Read and understand the information regarding the Surfshark Linux application: https://support.surfshark.com/hc/en-us/articles/360017418334
  • Read and understand the information regarding how to setup Surfshark OpenVPN using a terminal: https://support.surfshark.com/hc/en-us/articles/360011051133-How-to-set-up-OpenVPN-using-Linux-Terminal
  • We are going to be using the CMST internal root helper to create a file in /var/lib/connman-vpn which is a directory owned by root. To use the root helper you must be a member of the proper group. The groups are "network" which is used in Arch Linux and is the default, and "netdev" in Slackware. Make sure you are a member of the network group appropriate for your distribution.

Obtain the Pieces

  1. To configure the ConnMan provisioning file you will need the IP address of the VPN server you wish to connect to. This can be difficult (but not impossible) to find with standard "whois" searches. The easiest way is to actually install the Surfshark Linux application and run that. The application is for Debian and Ubuntu distributions, but it is available for Arch Linux in the AUR. It may be available for others as well. When you make a connection the IP address of the server you chose will be output to the terminal window. Make a note of that IP address and also the server location and protocol you chose (UDP or TCP). You may now disconnect from the Linux application (type: surfshark-vpn down)

  2. To connect to Surfshark via OpenVPN you will need a username and password. These are not the username and password you use for access to your account on Surfshark. From the manual connection guide linked above (Surfshark OpenVPN using a terminal) there should be a red button at the bottom of the page saying Generate new credentials. Click that and you should be taken to your account on Surfshark (log in if not done automatically) and the new credentials are displayed at the bottom of the page you are brought to. Keep this page open in a browser tab.

  3. You now need to obtain the .opvn file. This can be done one of two ways. First is from the page you have kept open in a browser tab from step #2. From that page there is a search box where you can search and then download the file you need. The second way is to download all of the configuration files (they will be in a single zip file) as described in the Surfshark OpenVPN using a terminal web page. That page says to use wget, curl also works. Extract from the downloaded zip file all of the .opvn files or just the file you need for the connection. The file names for the .opvn files are all self explanatory and the naming convention is consistent so finding the proper file is not difficult.

  4. Open the .opvn file you plan to use to configure your connection with any text editor and make note of the line starts with the word remote. For example:

           remote ca-mon.prod.surfshark.com 1194

The part between the word remote and the number 1194 is the domain name, you'll need this later. Once you've made note of the domain name you may close the file and the editor.

Create the Provisioning File

  1. From CMST make sure Advanced Controls is checked in the Preferences tab.

  2. Click VPN Editor at the bottom of the CMST window.

  3. Select OpenVPN then Import Configuration. This will start the wizard.

  4. The wizard will then prompt you to fill in the name you want for the new service (your choice of a name), the IP address you made note of in step #1, the domain name (step #4), networks entry is optional and may be left blank. Next will be a file dialog to select the .opvn file. Use this dialog to select the file you want. You should now have a dialog asking if you want to remove the auth-user-pass entry, answer yes. You will then be asked if you wish to create a user:password file for the connection, answer yes. The next two dialogs will ask for the user name and password. Enter the values from your open browser tab from step #2 above. Cut and paste is recommended as each is a long string of random digits and letters.

  5. The provisioning file should now be complete. Click Save in the bottom of the window and the new VPN service should show up in the various CMST windows.

Final Steps (Optional)

  1. If you wish to have this new service Autoconnect do that from the Details tab using the Configuration button in the lower right of that tab page. Make sure the the service shown in the box at the top of the Details tab is the new VPN service.

  2. If you wish to enable a VPN kill switch for this and all other VPN services go to the Preferences tab in CMST. In the Program Control box at the bottom left side of the tab page will be an entry for Enable VPN Internet Kill Switch. Put a check in that box and the kill switch is enabled.

  3. You may delete all of the extracted and/or downloaded files from step #3. These particular copies are no longer needed.

Example Provisioning File

This is an example of what the file should look like when you are done. The exact values for each entry will need to match what you entered.

[provider_openvpn]
Type = OpenVPN
Name = SurfShark-Montreal
Host = 198.8.85.0/24
Domain = ca-mon.prod.surfshark.com
Networks = 
OpenVPN.ConfigFile = /home/andy/.local/share/cmst/openvpn/ca-mon/ca-mon.conf
OpenVPN.AuthUserPass = /home/andy/.local/share/cmst/openvpn/us-bos/us-bos.up

Test

Add a custom sidebar
Clone this wiki locally