Connected to different location to that chosen

[walkerleigh]

Hi, I have created a container using: -

  - SURFSHARK_COUNTRY=au
  - SURFSHARK_CITY=syd

Docker exec into container and ran: - curl -L 'https://ipinfo.io'

This returned: -

{
  "ip": "89.187.163.193",
  "hostname": "unn-89-187-163-193.cdn77.com",
  "city": "Singapore",
  "region": "Singapore",
  "country": "SG",
  "loc": "1.2897,103.8501",
  "org": "AS60068 Datacamp Limited",
  "postal": "018989",
  "timezone": "Asia/Singapore",
  "readme": "https://ipinfo.io/missingauth"
}

Looks the same as https://github.com/ilteoood/docker-surfshark/issues/38#issue-1167415801

Docker logs: -

Chose: au-syd.prod.surfshark.com_udp.ovpn
Adding ip route add 10.1.1.0/24 via 172.18.0.1 dev eth0 for attached container web ui access
Do not forget to expose the ports for attached container web ui access
2024-06-29 07:38:35 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-06-29 07:38:35 WARNING: file 'vpn-auth.txt' is group or others accessible
2024-06-29 07:38:35 OpenVPN 2.6.10 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-29 07:38:35 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-06-29 07:38:35 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-06-29 07:38:35 TCP/UDP: Preserving recently used remote address: [AF_INET]45.248.76.221:1194
2024-06-29 07:38:35 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-06-29 07:38:35 UDPv4 link local: (not bound)
2024-06-29 07:38:35 UDPv4 link remote: [AF_INET]45.248.76.221:1194
2024-06-29 07:38:35 TLS: Initial packet from [AF_INET]45.248.76.221:1194, sid=6892b0f6 708a65fa
2024-06-29 07:38:35 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-06-29 07:38:35 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2024-06-29 07:38:35 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2024-06-29 07:38:35 VERIFY KU OK
2024-06-29 07:38:35 Validating certificate extended key usage
2024-06-29 07:38:35 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-06-29 07:38:35 VERIFY EKU OK
2024-06-29 07:38:35 VERIFY OK: depth=0, CN=au-syd-v055.prod.surfshark.com
2024-06-29 07:38:35 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-06-29 07:38:35 [au-syd-v055.prod.surfshark.com] Peer Connection Initiated with [AF_INET]45.248.76.221:1194
2024-06-29 07:38:35 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-06-29 07:38:35 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-06-29 07:38:36 SENT CONTROL [au-syd-v055.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2024-06-29 07:38:36 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.12 255.255.255.0,peer-id 2,cipher AES-256-GCM'
2024-06-29 07:38:36 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.10)
2024-06-29 07:38:36 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2024-06-29 07:38:36 Socket Buffers: R=[212992->425984] S=[212992->425984]
2024-06-29 07:38:36 OPTIONS IMPORT: --ifconfig/up options modified
2024-06-29 07:38:36 OPTIONS IMPORT: route options modified
2024-06-29 07:38:36 OPTIONS IMPORT: route-related options modified
2024-06-29 07:38:36 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-06-29 07:38:36 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:08
2024-06-29 07:38:36 TUN/TAP device tun0 opened
2024-06-29 07:38:36 /sbin/ip link set dev tun0 up mtu 1500
2024-06-29 07:38:36 /sbin/ip link set dev tun0 up
2024-06-29 07:38:36 /sbin/ip addr add dev tun0 10.8.8.12/24
2024-06-29 07:38:36 /sbin/ip route add 45.248.76.221/32 via 172.18.0.1
2024-06-29 07:38:36 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
2024-06-29 07:38:36 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
2024-06-29 07:38:36 Initialization Sequence Completed
2024-06-29 07:38:36 Data Channel: cipher 'AES-256-GCM', peer-id: 2
2024-06-29 07:38:36 Timers: ping 60, ping-restart 180
2024-06-29 07:38:36 Protocol options: explicit-exit-notify 1

Sometimes restarting the surfshark container makes it connect to the correct server but not always.

[ilteoood]

As you can see in the first line, the container is picking the right OpenVPN configuration, so I guess this is related to surfshark itself.

I suggest you contacting their support to better understand what's going on

[walkerleigh]

Hey, thanks for the swift reply. I think you're right, I just installed the desktop app on a Linux laptop and I am seeing similar behaviour there. I'll get on to them.

[ilteoood]

@walkerleigh please keep me posted!

[walkerleigh]

I did a bit more digging before raising a ticket with Surfshark. It seems that it is ipinfo.io that is returning the wrong information! Checking a number of alternates returns the correct location.

Apologies for wasting your time and thanks for the container, great work.

[ilteoood]

@walkerleigh if you know any other service that can be invoked by CLI and returns better results let me know so I can replace ipinfo

[walkerleigh]

ip.guide is returning more accurate results for me. Although, to be fair I only tried about 8 locations before hitting the rate limit of ip.info. Of those 8, ip.info returned two incorrectly. Mumbai as Glasgow and Algiers as Madrid.