gluetun: Help: Don't have a new ip with Surfshark

Host OS (approximate answer is fine too): Ubuntu 18

Is this urgent?: No

What VPN provider are you using: NordVpn & Surfshark

What is the version of the program (See the line at the top of your logs)

Running version latest built on 2020-03-13T01:30:06Z (commit d0f678c)

What’s the problem 🤔

When I do a /restart on containers running with NordVpn I receive a new ip, but when I do the same thing with container runnning with Surfshark I receive the same ip than before.

Share your logs…

careful to remove i.e. token information with PIA port forwarding

2021-01-26T17:30:07.689Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]199.247.8.20:1194
2021-01-26T17:30:08.953Z	INFO	openvpn: TUN/TAP device tun0 opened
2021-01-26T17:30:08.953Z	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-26T17:30:08.953Z	INFO	openvpn: /sbin/ip link set dev tun0 up
2021-01-26T17:30:08.956Z	INFO	openvpn: /sbin/ip addr add dev tun0 10.8.8.14/24
2021-01-26T17:30:08.958Z	INFO	openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
2021-01-26T17:30:08.961Z	INFO	openvpn: UID set to nonrootuser
2021-01-26T17:30:08.963Z	INFO	openvpn: Initialization Sequence Completed
2021-01-26T17:30:08.963Z	INFO	VPN routing IP address: 199.247.8.20
2021-01-26T17:33:08.943Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
2021-01-26T17:33:08.945Z	INFO	openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-26T17:33:08.967Z	INFO	openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-26T17:33:08.971Z	INFO	openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-26T17:33:08.975Z	INFO	openvpn: /sbin/ip addr del dev tun0 10.8.8.14/24
2021-01-26T17:33:08.977Z	INFO	openvpn: Linux ip addr del failed: external program exited with error status: 2
2021-01-26T17:33:08.998Z	INFO	openvpn: SIGUSR1[soft,ping-restart] received, process restarting
2021-01-26T17:33:18.999Z	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]199.247.8.20:1194
2021-01-26T17:33:18.999Z	INFO	openvpn: UDP link local: (not bound)
2021-01-26T17:33:18.999Z	INFO	openvpn: UDP link remote: [AF_INET]199.247.8.20:1194
2021-01-26T17:33:19.229Z	WARN	openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2021-01-26T17:33:19.229Z	WARN	openvpn: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2021-01-26T17:33:19.229Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]199.247.8.20:1194
2021-01-26T17:33:25.816Z	INFO	openvpn: ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2021-01-26T17:33:25.816Z	INFO	openvpn: Exiting due to fatal error
2021-01-26T17:33:25.821Z	ERROR	openvpn: exit status 1
2021-01-26T17:33:25.821Z	INFO	openvpn: retrying in 15s
2021-01-26T17:33:25.821Z	WARN	close |0: file already closed
2021-01-26T17:33:34.435Z	INFO	http server: 200 GET /ip wrote 29B to 172.18.0.54:44752 in 17.585µs
2021-01-26T17:33:34.453Z	INFO	http server: openvpn: already crashed
2021-01-26T17:33:34.453Z	INFO	http server: openvpn: already crashed
2021-01-26T17:33:34.453Z	INFO	http server: 200 GET /openvpn/actions/restart wrote 68B to 172.18.0.54:44754 in 101.591µs
2021-01-26T17:33:40.822Z	INFO	firewall: setting VPN connection through firewall...
2021-01-26T17:33:40.822Z	INFO	openvpn configurator: starting openvpn
2021-01-26T17:33:40.829Z	INFO	openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning.
2021-01-26T17:33:40.831Z	INFO	openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-26T17:33:40.831Z	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-26T17:33:40.832Z	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]199.247.8.20:1194
2021-01-26T17:33:40.832Z	INFO	openvpn: UDP link local: (not bound)
2021-01-26T17:33:40.834Z	INFO	openvpn: UDP link remote: [AF_INET]199.247.8.20:1194
2021-01-26T17:33:41.064Z	WARN	openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2021-01-26T17:33:41.064Z	WARN	openvpn: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2021-01-26T17:33:41.065Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]199.247.8.20:1194
2021-01-26T17:33:47.464Z	INFO	openvpn: TUN/TAP device tun0 opened
2021-01-26T17:33:47.467Z	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-26T17:33:47.468Z	INFO	openvpn: /sbin/ip link set dev tun0 up
2021-01-26T17:33:47.482Z	INFO	openvpn: /sbin/ip addr add dev tun0 10.8.8.19/24
2021-01-26T17:33:47.483Z	INFO	openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
2021-01-26T17:33:47.499Z	INFO	openvpn: UID set to nonrootuser
2021-01-26T17:33:47.499Z	INFO	openvpn: Initialization Sequence Completed
2021-01-26T17:33:47.500Z	INFO	VPN routing IP address: 199.247.8.20
2021-01-26T17:37:34.558Z	INFO	http server: 200 GET /ip wrote 29B to 172.18.0.54:47492 in 12.785µs
2021-01-26T17:37:34.560Z	INFO	openvpn: stopping
2021-01-26T17:37:34.602Z	INFO	http server: openvpn: stopped
2021-01-26T17:37:34.602Z	INFO	openvpn: starting
2021-01-26T17:37:34.603Z	INFO	firewall: setting VPN connection through firewall...
2021-01-26T17:37:34.603Z	INFO	openvpn configurator: starting openvpn
2021-01-26T17:37:34.604Z	INFO	http server: openvpn: running
2021-01-26T17:37:34.604Z	INFO	http server: 200 GET /openvpn/actions/restart wrote 68B to 172.18.0.54:47494 in 43.927991ms
2021-01-26T17:37:34.607Z	INFO	openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning.
2021-01-26T17:37:34.608Z	INFO	openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-26T17:37:34.608Z	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-26T17:37:34.609Z	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]199.247.8.20:1194
2021-01-26T17:37:34.610Z	INFO	openvpn: UDP link local: (not bound)
2021-01-26T17:37:34.610Z	INFO	openvpn: UDP link remote: [AF_INET]199.247.8.20:1194
2021-01-26T17:37:34.841Z	WARN	openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2021-01-26T17:37:34.841Z	WARN	openvpn: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2021-01-26T17:37:34.841Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]199.247.8.20:1194
2021-01-26T17:37:41.046Z	INFO	openvpn: TUN/TAP device tun0 opened
2021-01-26T17:37:41.046Z	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-26T17:37:41.047Z	INFO	openvpn: /sbin/ip link set dev tun0 up
2021-01-26T17:37:41.050Z	INFO	openvpn: /sbin/ip addr add dev tun0 10.8.8.10/24
2021-01-26T17:37:41.053Z	INFO	openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
2021-01-26T17:37:41.061Z	INFO	openvpn: UID set to nonrootuser
2021-01-26T17:37:41.061Z	INFO	openvpn: Initialization Sequence Completed
2021-01-26T17:37:41.062Z	INFO	VPN routing IP address: 199.247.8.20
2021-01-26T17:41:34.709Z	INFO	http server: 200 GET /ip wrote 29B to 172.18.0.54:50390 in 15.991µs
2021-01-26T17:41:34.710Z	INFO	openvpn: stopping
2021-01-26T17:41:34.742Z	INFO	http server: openvpn: stopped
2021-01-26T17:41:34.742Z	INFO	openvpn: starting
2021-01-26T17:41:34.743Z	INFO	firewall: setting VPN connection through firewall...
2021-01-26T17:41:34.743Z	INFO	openvpn configurator: starting openvpn
2021-01-26T17:41:34.744Z	INFO	http server: openvpn: running
2021-01-26T17:41:34.744Z	INFO	http server: 200 GET /openvpn/actions/restart wrote 68B to 172.18.0.54:50392 in 33.616567ms
2021-01-26T17:41:34.748Z	INFO	openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning.
2021-01-26T17:41:34.749Z	INFO	openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-26T17:41:34.749Z	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-26T17:41:34.750Z	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]199.247.8.20:1194
2021-01-26T17:41:34.750Z	INFO	openvpn: UDP link local: (not bound)
2021-01-26T17:41:34.750Z	INFO	openvpn: UDP link remote: [AF_INET]199.247.8.20:1194
2021-01-26T17:41:35.027Z	WARN	openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2021-01-26T17:41:35.027Z	WARN	openvpn: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2021-01-26T17:41:35.028Z	INFO	openvpn: [se-sto-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]199.247.8.20:1194
2021-01-26T17:41:36.178Z	INFO	openvpn: TUN/TAP device tun0 opened
2021-01-26T17:41:36.179Z	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-26T17:41:36.194Z	INFO	openvpn: /sbin/ip link set dev tun0 up
2021-01-26T17:41:36.198Z	INFO	openvpn: /sbin/ip addr add dev tun0 10.8.8.8/24
2021-01-26T17:41:36.201Z	INFO	openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
2021-01-26T17:41:36.208Z	INFO	openvpn: UID set to nonrootuser
2021-01-26T17:41:36.208Z	INFO	openvpn: Initialization Sequence Completed
2021-01-26T17:41:36.208Z	INFO	VPN routing IP address: 199.247.8.20

As you can see, that with 3 restarts, I always receive 199.247.8.20 ip

Is it a limitation of Surfshark ?

Here’s the REGION that I use : UK France, US Netherlands, India UK, France Sweden, Singapore Hong Kong, US Portugal, Germany Singapour, UK Germany, France Sweden, UK London, Japan Tokyo st001

What are you using to run your container?: Docker Compose

Please also share your configuration file:

version: "3"
services:
  gluetun1:
    image: qmcgaw/gluetun:latest
    container_name: gluetun1
    cap_add:
      - NET_ADMIN
    ports:
      - 8001:8001/tcp # Built-in HTTP control server
    volumes:
      - ./gluetun:/gluetun
    restart: always
  app1:
    image: app-x
    volumes:
      - "./app:/app"
    command: "node /app/server.js"
    restart: on-failure

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 20 (10 by maintainers)

Most upvoted comments

Indeed. It turns out I was DNS resolving things in parallel, but there is a time factor. It’s not just random IPs sent back to you on every request. It also seems resolving the host 1000 times in 1 second results in still 2 IP addresses, while resolving 3 times in 15 seconds result in 3+ IP addresses.

That’s annoying as it makes updating server information super slow, but I’ll modify the code to do that.

+4
qdm12 on Jan 30, 2021

Actually I figure it out, it now takes 20 seconds so not that bad. It DNS resolves all the hostnames in parallel with a 20 tries and a 1 second sleep time between each try. That results in a lot more IP addresses for each server. I’m currently updating all the hardcoded servers information, and will push it as a pull request. @Frepke I’ll tag you as reviewer if you feel like reading some Go (for learning / commenting purposes really) 😉 I’ll close this issue once it’s merged in :latest (master branch)

@zgababa That should greatly improve the pool of IP addresses per server. Also sorry to PureVPN for saying they didn’t have many servers 😅

+2
qdm12 on Jan 30, 2021

Yes let’s create another issue with the version you’re running as well. Maybe try pulling latest.

The root of that problem seems to be a ping timeout which triggered an openvpn ‘internal’ restart. Because openvpn doesn’t run as root AND doesn’t cache authentication credentials, it fails. Now there is change made a few days ago to use ping-exit instead of ping-restart such that openvpn exits on failure. The entrypoint program takes care of restarting openvpn correctly.

Anyway I’ll close this issue for now as there are more IP addresses now AND the random connection pick is working.

+1
qdm12 on Feb 2, 2021

Some Surfshark servers only have one IP address, try specifying multiple regions separated by a comma? That will increase the IP address space to pick one from at random.

+1
qdm12 on Jan 28, 2021
Read more comments on GitHub
← gluetun: CyberGhost ClientKey Not Working
gluetun: Help: ERROR openvpn: signal: killed →