I finally decided to get a VPN, just to try out a few things (ahem, torrents). I looked through a few options and saw that Surfshark was offering a nice value for a 24 month pack so I decided to go with them. They also boast of things like unlimited device support on their site. Since that is a deal breaker for me, I decided to give it a try.

As you might know, my primary machine runs on Linux which means I had to set it up with OpenVPN. To be specific I am using Arch Linux. I checked Surfsharks site to see how they support Linux and they have a deb package for Ubuntu but nothing for AUR!

However when I searched on AUR, turns out there is a package for SurfShark. I did try this package. I don't know the specifics but it seems like it is just a wrapper around OpenVPN and honestly it didn't work too well for me so I decided to use OpenVPN instead.

Installing OpenVPN

In my case it was really simple to install OpenVPN. Just enter the following command:

yay -S openvpn # Yes I use yay!

However this command will vary based on the distribution. For Ubuntu it should be installable by using apt.

Get SurfShark OpenVPN file

Download the opvn file and rename it to something that makes more sense.

Like any other VPN provider, SurfShark also provides users with openvpn config files. Those can be found over here, just go to the locations tab.

In my case, I went with Netherlands as the location.

This config file will be filled with useful information that openvpn will be able to use.

Rename the config file

The config file, by default will have a pretty long name, just rename it to something like vpn.conf.

Make sure that it has the .conf extension.

However, if anyone can just download this file and use it, it won't be cool right? Like, we paid to get this access. Yeah, so all VPN providers handle that by allowing access only to those who have a certain credentials.

In order to connect to the vpn, we will have to get our credentials.

Get SurfShark credentials.

The credentials can be found at the above page as well. There would be an username and a password.

We need to copy this two values and write them in a vpn.auth file.

Contents of the file should be like the following:

<username>
<password>

Connecting the auth with the config

Now, in order to let openvpn know that we have access to the location, we will have to pass the auth through the config. We can do that by just changing a line.

Opening the config, we can see that it contains the following:

client
dev tun
proto udp
...
reneg-sec 0

remote-cert-tls server

auth-user-pass

...

In the above file, we have the value auth-user-pass. We need to pass the auth file along with this. So change that line to the following:

auth-user-pass /path/to/the/vpn.auth

Make sure to pass an absolute path instead of a relative one since openvpn won't run from the same directory as the config.

Test the connection

Now that we have the a auth taken care of, we can test the connection.

Just run the following command:

openvpn /path/to/vpn.conf

You should see a lot of verbose on the commandline, however the end line should be like this:

Initialization Sequence Completed

This line indicates that the connection was success and that OpenVPN was able to use your credentials along with the other files to make a connection.

You can cross check if the VPN is working by going to a site like What is my IP from Surfshark or something similar from your VPN provider.

Starting OpenVPN at boot

Now that we know that our VPN works, we need to make sure that it starts whenever we boot our machine.

To start OpenVPN at boot, we need to move the vpn.conf file to /etc/openvpn/client/. It needs to be in this directory in order to be seen by OpenVPN.

Along with the conf, move the vpn.auth file as well and update the absolute path in the vpn.conf file.

NOTE: Change the permission of the vpn.conf file after moving it to the client directory by running chmod 755 vpn.conf. This is important because otherwise it is not accessible by openvpn.

Start the service

Now that we have our files in place and the paths and permissions taken care of, we can start the service. Start the service with the following command:

systemctl start openvpn-client@vpn

Note that in the above command vpn is used because the name of the config is vpn.conf. If it is something else like openvpn.conf then change the command to something like systemctl start openvpn-client@openvpn.

If everything went well, you should see nothing. Check the status of the service by using the following command:

systemctl status openvpn-client@vpn

You should see it as active if it is running all right.

Enable the service

Starting the service was just running it through systemd. Enabling it is what will make sure that it runs on boot. We can enable the service with the following command:

systemctl enable openvpn-client@vpn

If everything goes well, there should be no output from systemd. This indicates that it is enabled succesfully.

You can try testing the connection by rerunning the tests done above.

With that, the VPN should be enabled through OpenVPN. It is pretty fun to enable it through such a lightweight package rather than installing a whole package from the VPN provider just to connect to the service. So far, I'm enjoying my experience with OpenVPN and SurfShark!