Jump to content
Kerrmit

Does the Netduma R1 support surfshark VPN?

Recommended Posts

I've been trying to setup hybridvpn using the surfshark openvpn files, but the connection always fails. I contacted the people over at surfshark and they told me the R1 does not support openvpn client just openvpn server, is this true? What's confusing me is I have read on this forum about people who have successfully set this up.

Share this post


Link to post
Share on other sites

Welcome to the forums!

They're wrong on that one, it actually supports OpenVPN Client and NOT OpenVPN Server. Hybrid-VPN is entirely a client-side solution.

Make sure that the files you're using are compatible with OpenVPN 2.3.4

If you send me the file you're using, i'll take a look and tell you if I can see anything obviously wrong with it

Share this post


Link to post
Share on other sites

So you're pasting the following into the advanced tab and putting your username and password into the correct fields right?

client
dev tun
proto udp
remote uk-lon.prod.surfshark.com 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
tls-client
remote-cert-tls server

auth-user-pass

#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
-----END OpenVPN Static key V1-----
</tls-auth>

 

Share this post


Link to post
Share on other sites

Initally it shows it has connected but then 5-10sec later it says failed. I'll hop on my pc and send the router logs if you think that will help?

Share this post


Link to post
Share on other sites
54 minutes ago, Netduma Alex said:

Sure sounds good, send the logs from the hybrid VPN section. Thanks!

 
     Thu Aug 29 17:38:45 2019 [uk-lon-v014.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
Thu Aug 29 17:38:45 2019 SIGUSR1[soft,ping-restart] received, process restarting
Thu Aug 29 17:38:45 2019 Restart pause, 2 second(s)
Thu Aug 29 17:38:47 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Aug 29 17:38:47 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Aug 29 17:38:47 2019 UDPv4 link local: [undef]
Thu Aug 29 17:38:47 2019 UDPv4 link remote: [AF_INET]185.193.36.225:1194
Thu Aug 29 17:38:47 2019 TLS: Initial packet from [AF_INET]185.193.36.225:1194, sid=2ced42f8 f76aaf42
Thu Aug 29 17:38:47 2019 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Thu Aug 29 17:38:47 2019 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Thu Aug 29 17:38:47 2019 Validating certificate key usage
Thu Aug 29 17:38:47 2019 ++ Certificate has key usage 00a0, expects 00a0
Thu Aug 29 17:38:47 2019 VERIFY KU OK
Thu Aug 29 17:38:47 2019 Validating certificate extended key usage
Thu Aug 29 17:38:47 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 29 17:38:47 2019 VERIFY EKU OK Thu Aug 29 17:38:47 2019 VERIFY OK: depth=0, CN=uk-lon-v001.prod.surfshark.com
Thu Aug 29 17:38:47 2019 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 29 17:38:47 2019 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Aug 29 17:38:47 2019 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 29 17:38:47 2019 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Aug 29 17:38:47 2019 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug 29 17:38:47 2019 [uk-lon-v001.prod.surfshark.com] Peer Connection Initiated with [AF_INET]185.193.36.225:1194
Thu Aug 29 17:38:50 2019 SENT CONTROL [uk-lon-v001.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Thu Aug 29 17:38:50 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.4 255.255.255.0'
Thu Aug 29 17:38:50 2019 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: explicit-exit-notify (2.3.4)
Thu Aug 29 17:38:50 2019 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.3.4)
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Aug 29 17:38:50 2019 Socket Buffers: R=[327680->327680] S=[327680->327680]
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: route options modified
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: route-related options modified
Thu Aug 29 17:38:50 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 29 17:38:50 2019 Preserving previous TUN/TAP instance: tun0
Thu Aug 29 17:38:50 2019 Initialization Sequence Completed
Thu Aug 29 17:39:50 2019 Authenticate/Decrypt packet error: missing authentication info
Thu Aug 29 17:41:50 2019 [uk-lon-v001.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
Thu Aug 29 17:41:50 2019 SIGUSR1[soft,ping-restart] received, process restarting T
hu Aug 29 17:41:50 2019 Restart pause, 2 second(s)
Thu Aug 29 17:41:52 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Aug 29 17:41:52 2019 Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Aug 29 17:41:52 2019 UDPv4 link local: [undef]
Thu Aug 29 17:41:52 2019 UDPv4 link remote: [AF_INET]5.226.137.21:1194
Thu Aug 29 17:41:52 2019 TLS: Initial packet from [AF_INET]5.226.137.21:1194, sid=6bcac021 147253a1
Thu Aug 29 17:41:52 2019 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
Thu Aug 29 17:41:52 2019 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
Thu Aug 29 17:41:52 2019 Validating certificate key usage
Thu Aug 29 17:41:52 2019 ++ Certificate has key usage 00a0, expects 00a0
Thu Aug 29 17:41:52 2019 VERIFY KU OK
Thu Aug 29 17:41:52 2019 Validating certificate extended key usage
Thu Aug 29 17:41:52 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 29 17:41:52 2019 VERIFY EKU OK
Thu Aug 29 17:41:52 2019 VERIFY OK: depth=0, CN=uk-lon-v015.prod.surfshark.com
Thu Aug 29 17:41:52 2019 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 29 17:41:52 2019 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Aug 29 17:41:52 2019 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 29 17:41:52 2019 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Aug 29 17:41:52 2019 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug 29 17:41:52 2019 [uk-lon-v015.prod.surfshark.com] Peer Connection Initiated with [AF_INET]5.226.137.21:1194
Thu Aug 29 17:41:54 2019 SENT CONTROL [uk-lon-v015.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
Thu Aug 29 17:41:55 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.12 255.255.255.0'
Thu Aug 29 17:41:55 2019 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: explicit-exit-notify (2.3.4)
Thu Aug 29 17:41:55 2019 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.3.4)
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Aug 29 17:41:55 2019 Socket Buffers: R=[327680->327680] S=[327680->327680]
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: route options modified
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: route-related options modified
Thu Aug 29 17:41:55 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 29 17:41:55 2019 Preserving previous TUN/TAP instance: tun0
Thu Aug 29 17:41:55 2019 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Thu Aug 29 17:41:55 2019 Closing TUN/TAP interface
Thu Aug 29 17:41:55 2019 /sbin/ifconfig tun0 0.0.0.0
Thu Aug 29 17:41:55 2019 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpndown 1 tun0 1500 1633 10.8.8.4 255.255.255.0 init openvpn-event.lua: bad argument #3 to 'format' (string expected, got nil) -> stack traceback: ?: in function <?:73> [C]: in function 'format' ?: in function 'safe_execute' ?: in function '?' ?: in function 'on_vpn_down' ?: in function '?' ?: in function '?' ?: in function '?' ?: in function <?:48> [C]: in function 'xpcall' ?: in function 'try' ?: in function <?:46> [C]: in function 'run' ?: in function <?:345> [C]: in function 'xpcall' ?: in function 'try' ?: in function <?:261> (tail call): ? /dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30> [C]: in function 'xpcall' /dumaos/api/cli.lua:59: in main chunk [C]: ?
Thu Aug 29 17:41:55 2019 WARNING: Failed running command (--up/--down): external program exited with error status: 3
Thu Aug 29 17:41:55 2019 Exiting due to fatal error
 
 
 
 
 
 
 
 
 
VPN Traffic
 
 
 
AD

Share this post


Link to post
Share on other sites

Could you try with this config please:

client
dev tun
proto udp
remote uk-lon.prod.surfshark.com 1194
remote-random
nobind
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
tls-client
remote-cert-tls server
auth-user-pass
#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
-----END CERTIFICATE-----
</ca>
<key>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
-----END OpenVPN Static key V1-----
</key>

 

Share this post


Link to post
Share on other sites

When I use that config the connection says failed and the logs say 'Options error: If you use one of --cert or --key, you must use them both Use --help for more information.'

Share this post


Link to post
Share on other sites

Hm, okay well I think this might be worth contacting SurfShark about. Ask them for details about how to get their service working with an OpenVPN 2.3.4 client.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...