search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.68k stars 359 forks source link

VPN provider support: SurfShark (WireGuard) #992

Closed HarryWindsor closed 2 years ago

HarryWindsor commented 2 years ago

There already exists a pull request https://github.com/qdm12/gluetun/pull/587 which implements WireGuard support for SurfShark. Can this please be merged?

Thank you

qdm12 commented 2 years ago

Yeah I worked on that back then, but some pieces are missing for it to work. Note for instance you can use the custom provider (see custom provider wiki page) and plug it values from a Wireguard config, if you can have one in Surfshark.

Mereks commented 2 years ago

Thanks for all your hard work qdm12. Surfshark has finally added manual wireshark connections via configs. Is this something that could be looked at again rather than custom server type? Though I have done custom and it works fine.

https://surfshark.com/blog/surfshark-releases-manual-wireguard-connection

qdm12 commented 2 years ago

Nice thanks for letting me know.

Do you have the same private key and peer address for all the servers in the Wireguard configurations? If they are, I can add native support. Otherwise there is no point since you would need to update your key and address everytime so it's better to use the custom provider. I should however add support for wireguard config files directly soon (instead of env variables)

Mereks commented 2 years ago

Private key you can keep generating new ones which they say they will fix but you can use the same private key you've previously generated across all servers. The user interface ip also appears to stay the same across all servers as does DNS server. So really the only changing element seems to be the server public key (as expected) and of course the server ip address.

I only mention this because for me at least (using a relatively new server), I get easily twice the speed with their wireguard servers as I do with their OpenVPN servers located in the same area.

qdm12 commented 2 years ago

Awesome I'm working on it now. A few questions I have for you:

frepke commented 2 years ago
  • What's the endpoint port? Is it always 51820? Or can you change it to some other values?
  • For server in Albania al-tia.prod.surfshark.com, is the public key l8EOWPyzt/njrb74CADY4VOhns/TbUN6KFTbytHcFQw=?

I don't know if the endpoint port is always 51820, but this is the Albania config file I've got from Surfshark:


Address = 10.14.0.2/16
PrivateKey = private
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = l8EOWPyzt/njrb74CADY4VOhns/TbUN6KFTbytHcFQw=
AllowedIPs = 0.0.0.0/0
Endpoint = al-tia.prod.surfshark.com:51820```
qdm12 commented 2 years ago

Please try:

docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=surfshark -e VPN_TYPE=wireguard -e WIREGUARD_ADDRESSES=10.14.0.2/16 -e WIREGUARD_PRIVATE_KEY=private qmcgaw/gluetun:pr-587

And replace the value of WIREGUARD_ADDRESSES with your interface assigned address, and the value of WIREGUARD_PRIVATE_KEY with your interface PrivateKey value. You can obviously add more env to filter servers etc. if you want to.

If it works, I'll merge #587 and add documentation to the wiki.

frepke commented 2 years ago

Please try:

docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=surfshark -e VPN_TYPE=wireguard -e WIREGUARD_ADDRESSES=10.14.0.2/16 -e WIREGUARD_PRIVATE_KEY=private qmcgaw/gluetun:pr-587

And replace the value of WIREGUARD_ADDRESSES with your interface assigned address, and the value of WIREGUARD_PRIVATE_KEY with your interface PrivateKey value. You can obviously add more env to filter servers etc. if you want to.

If it works, I'll merge #587 and add documentation to the wiki.

This is the log of the result:



🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2022-08-26T04:42:01Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:01Z INFO [routing] local ethernet link found: eth0
2022-08-26T04:42:01Z INFO [routing] local ipnet found: 172.17.0.0/16
2022-08-26T04:42:01Z INFO [firewall] enabling...
2022-08-26T04:42:01Z INFO [firewall] enabled successfully
2022-08-26T04:42:02Z INFO [storage] creating /gluetun/servers.json with 11616 hardcoded servers
2022-08-26T04:42:02Z INFO Alpine version: 3.16.2
2022-08-26T04:42:02Z INFO OpenVPN 2.4 version: 2.4.12
2022-08-26T04:42:02Z INFO OpenVPN 2.5 version: 2.5.6
2022-08-26T04:42:02Z INFO Unbound version: 1.15.0
2022-08-26T04:42:02Z INFO IPtables version: v1.8.8
2022-08-26T04:42:02Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: surfshark
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: yI...34=
|       ├── Interface addresses:
|       |   └── 10.14.0.2/16
|       └── Network interface: tun0
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2022-08-26T04:42:02Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:02Z INFO [routing] adding route for 0.0.0.0/0
2022-08-26T04:42:02Z INFO [firewall] setting allowed subnets...
2022-08-26T04:42:02Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-08-26T04:42:02Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-08-26T04:42:02Z INFO [pprof] http server listening on [::]:6060
2022-08-26T04:42:02Z INFO [http server] http server listening on [::]:8000
2022-08-26T04:42:02Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-08-26T04:42:02Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-08-26T04:42:02Z INFO [firewall] allowing VPN connection...
2022-08-26T04:42:02Z INFO [wireguard] Using available kernelspace implementation
2022-08-26T04:42:02Z INFO [wireguard] Connecting to 138.199.17.135:51820
2022-08-26T04:42:02Z INFO [wireguard] Wireguard is up
2022-08-26T04:42:02Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-08-26T04:42:03Z INFO [healthcheck] healthy!
2022-08-26T04:42:04Z INFO [dns over tls] downloading hostnames and IP block lists
2022-08-26T04:42:11Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com: i/o timeout
2022-08-26T04:42:14Z INFO [dns over tls] init module 0: validator
2022-08-26T04:42:14Z INFO [dns over tls] init module 1: iterator
2022-08-26T04:42:14Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-08-26T04:42:14Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-08-26T04:42:14Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-08-26T04:42:14Z INFO [dns over tls] ready
2022-08-26T04:42:14Z INFO [healthcheck] healthy!
2022-08-26T04:42:14Z INFO [vpn] There is a new release v3.31.0 (v3.31.0) created 30 hours ago
2022-08-26T04:42:15Z INFO [ip getter] Public IP address is 138.199.17.136 (Poland, Mazovia, Warsaw)
qdm12 commented 2 years ago

Nice so it works, awesome. I'm also glad Surfshark got the brain to use the same private key and address for all their servers too, which made this possible 😄

qdm12 commented 2 years ago

Done in #587 and documented in https://github.com/qdm12/gluetun/wiki/Surfshark