Leaking DNS like a sieve

Like many I USED to really like surfshark, but it is right now somewhere between useless and absolute shit.

Their Antivirus is just crap, I’ve tried everything to fix it but it will work basically once with a totally fresh install, then after any restart the ‘real time’ protection refuses to start and you can’t do scans anymore. Useless or potentially dangerous.

Their GUI seems to have a new bug or problem with every update, the latest one for me is it seemingly hanging at exactly 40% or 70% on many servers, stick there for a second or two, then suddenly say they are connected. Annoying but not massive.

The rotating IP feature they touted is…crap comes to mind. For a short while we had the option on the connection GUI instead of buried in the options menu, but it was leaking so bad and causing multisecond spikes that they just hid the option instead of fixing it. But you will notice that it’s still shown in the gui help popup you get if clicking on arrow next to “your IP address” as being part of the front menu.

Connection speed, something that USED to be amazing, is just crap when your literally connecting to servers next door to your ISPs drop off location. Was digging on Ookla the other day, flipping the VPN on and off and testing various servers, and it was dropping a 130Mbps connection down to the 15Mbps range sometimes, or worse with far away servers, though the clogged west coast servers seem the worst for speed loss.

Finally, and this one is just…beyond comprehension. Was doing various tests on ipleak.net earlier, and found that about 90% of the time if I had the page loaded, had kill switch turned onto strict, and either disconnected the VPN, or switched to another server directly, I would get three or four hits of my ISPs DNS server before connection errors hit.

This overall isn’t personally huge, I just like keeping my data and my family’s data private. With some simple tools, uBlock, privacy badger, cookieautodelete, a basic firewall, it’s not too hard. But I didn’t expect that what was once the goto for a cheep good VPN that actually worked was the first thing that would fail compared to all my open source tools.

I will be looking over if these problems extend to connecting without their shit app. If they do, I’m leaving them after being a customer for years and will advise anyone else to as well. Privacy in many places is a preference, in others it’s life or death. Get your shit together surfshark.

PS: Since you HAVE to pick a flair I chose Review, but I think this comes closer to straight out condemnation. Your call.

It’s so refreshing to see that there are others out there that have the same issues as me. I’ve had issues now for almost a year and the so called support team are about as useless as the app and service itself.

The app always states I am connected and protected but yet when I pop over to check my connection on ipleak and even Ss’s own test sites, all I get is leaks

I have to reconnect several times to actually get it to work and this can sometimes only last for about 5 mins before leaking again.

Surfshark in my opinion cannot be fully trusted to protect you but they get away with it by somehow showing that you are because they know the less techy people will accept that the app is correct yet not know that in reality, they are in no way protected!

Once my subscription has ended I will defo NOT be renewing this time round, unless they really get their act together and majorly improve the app/service and also the tech team, they are mostly completely useless and seek to know nothing, including the developers!!

On a positive note, the work around is to download the OpenVPN app and set up manually with surfshark settings, this does work and works well. However, this is NOT what I am paying for and I now also need to use another way to block ads too, although, this method is far better at blocking ads then SS do!

Thanks for your review.

Come join us at /r/vpncomparison I’d love for you to post this there and have more discussion.

I can think of just one time that I had a DNS leak well over a year ago and it hasn’t happened since. Are you using Apple products? Apple doesn’t seem to play well with VPNs for some reason.

With some simple tools, uBlock, privacy badger, cookieautodelete, a basic firewall

Which basic firewall?

I only ask because sometimes the firewall itself can actually be the source of leaks if it’s configured incorrectly. Portmaster, for example, has DNS failover servers if it detects a loss of connectivity or slow speeds, and it can result in a DNS leak with the wrong settings.

I’d also note that if you want the best experience with SurfShark, and you don’t want to ever have to think about or check on VPN connectivity again, I’d really suggest abandoning the app and instead using an OpenVPN capable router.

I tried the app installed on all my devices for a few weeks, was extremely unimpressed with it, and then moved to an OpenVPN router. Been nothing but happy with SurfShark since doing that, it’s fast, transparent to me, never leaks, and it just works.

I’ve been poking surfshark more carefully when it’s running wireguard on OpenWRT on my router, and I’ve not seen any obvious leaks but frankly I don’t have time to do a full audit of their security right now.

Gods no, win10 with a locked down firewall and up to date firefox. I literally only have four things that get free access through the firewall other then surfshark and according to my logs Firefox was the only thing with connections at the time. From what I’ve been seeing it’s probably the app mixed with normal windows idiocy.

Just using Simplewall to configure the windows firewall into a proper whitelist firewall, my setup hasn’t really changed and I didn’t have DNS leaks with surfshark till recently. And yea, I’ve already got it set up on my router, but without the app the flexibility is neutered till I can find some better tools for openwrt vpn management; but that won’t help much with my much less tech savy mother, and I don’t exactly want my daughter messing with the houses vpn.

Just using Simplewall to configure the windows firewall into a proper whitelist firewall, my setup hasn’t really changed and I didn’t have DNS leaks with surfshark till recently.

In that case, if you have some familiarity with slightly more complex firewalls, I’d actually suggest giving Portmaster’s DNS failover functions a try. Because if the Surfshark app leaks again, best case you can at least have Portmaster automatically routing to Quad9 or other privacy focused servers instead of the worst case of Surfshark failing back to your ISP DNS.

I’ve already got it set up on my router, but without the app the flexibility is neutered till I can find some better tools for openwrt vpn management

I guess the question is whether or not it’s worth the cost to upgrade the router, or to just ditch SurfShark for another VPN with a more reliable app. I wouldn’t blame you for going with the latter.

I was in the same situation and ultimately went with swapping my old router out for an ASUS GT-AC2900. You can often find it on sale for $90-100, and it’s 1.8GHz dual core CPU has better OpenVPN performance than routers priced twice as much or higher.

but that won’t help much with my much less tech savy mother, and I don’t exactly want my daughter messing with the houses vpn.

That’s understandable.

I’ll check out portmaster, always interested in new opensource security programs.

I have already ditched the app completely and am just using the wireguard client on my home router. As for a new router, I love my router, I have a GL-AX1800 for my main home router (my home office is a separate built router/server setup) running GL-iNets version of openwrt.

Mainly I just need to sit down and get it configured to run multiple vpn clients, separate those out by system, and either regularly refresh the session or get it able to take a command from the client system to do so. Maybe both.

Then just need to figure out proper DNS encryption and I’ll be set. Edit: I was stupid, found the DNS encryption settings for openwrt, just putting on cloudflares DNS over TLS for now and going to check out some of the other options later.

I’ll get it figured out, networking is NOT my specialty, but I’ll get there.