VPN with Wireguard Client for US Streaming

I signed up for Surfshark because they offered a Wireguard client to run on my MT3000 and MT6000 routers. At various points in time, I am able or unable to stream, Sling TV, Hulu, Disney+, AppleTV, or Netflix.

This has been an unending battle for 6 months or more.

Does anyone have any experience with Surfshark or another commercial VPN provider that has a better experience? Is this an issue with GL.Inet routers? Help?

It's an issue with all VPNs and nothing you can do about. The big players are able to detect VPN.

One thing that you use vpn on the router for streaming is that, after you enable vpn, you need to wailt 10 minutes so that the dns is refreshed in all the devices.

Second, cna I ask if you have a home in the US so that you have a home IP address?

So... I have the DNS servers set to Surfshark addresses in the manual DNS server page in the Network section, I use Adguard home and have the Surfshark DNS servers set there. Also, the config file for the Wireguard client uses the same addresses.

What am I waiting for in this 10-minute period? Can I hurry it along by restarting the router?

This should work as well.

So...I have been working with Surfshark not working with the Wireguard configuration file running on my MT6000. My frustration with VPNs, in general stemmed from this.

After hearing back from them, they requested that I try the configuration with another router. I tried it with my older MT3000 and I was able to stream again.

With settings exactly the same, I was unable to stream using the MT6000. I checked the firmware version and discovered I had downloaded and installed version 4.6 on the MT6000. I reinstalled version 4.5.8 which is listed as the latest stable release. I reinstalled a recent backup and all appears to be well with streaming on the MT6000.

There must be some sort of leak in V4.6 that allows the streaming services to detect VPN use. The configuration file used for the Surfshark Wireguard client was the same one for both routers and versions.

How can you have Surfshark dns servers and adguard enabled at the same time?

Have you tried setting the Surfshark DNS in adguard and leaving the DNS config on auto / default

1 Like

I wasn't sure what the priority of DNS settings were, so I took no chances. I changed the DNS server settings everywhere:

I set the Surfshark DNS server addresses in the DNS server settings page manually before turning on Adguard.

After activating Adguard, I then set the Surfshark DNS servers up manually in the Adguard DNS settings.

The DNS server settings in the Surfshark Wireguard config file were already set when I generated the file at the Surfshark site:

[Interface]
Address = 00.00.00.00/00
PrivateKey = ABCXYZ
DNS = 162.252.172.57, 149.154.159.92

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 0.0.0.0/0
PersistentKeepalive = 25
PublicKey = ABCXYZ

Thanks. Do you mean 4.6 beta or 4.6 op24 firmware?

Should be a bug in MT6000 op24 firmware I think.

I don't know where the DNS settings are coming from. My solution was to change them everywhere so it wasn't an issue.

Just for fun, I disabled the VPN and reset the DNS servers in Adguard Home to their default. I went to 'dnsleaktest.com'. Here is a partial screen shot of the results:

I then re-enabled the VPN and ran the test again. I got the same results with or without the DNS server changes in Adguard Home. This indicates that the DNS settings in Adguard Home are being overwritten

I had a previous VPN that had a DNS leak unless I changed the DNS server settings in Adguard Home. It was an OpenVPN client and I don't recall if the config file had DNS server settings or not.

I use the VPN with Sling TV, which is pretty sensitive to VPNs and DNS leaks. I'll leave Adguard Home with the default DNS settings for a while. If I don't get any issues with streaming, then Adguard Home DNS settings aren't being used.

When I was running V4.6, virtually nothing I could do would allow me to stream Sling TV over the VPN. I ran dnsleaktest and it didn't show any other DNS server, but it still didn't work. If I excluded 'movetv.com' from the DNS, it would work.

Reverting back to V4.5.8 solved the problem. When I was running V4.6, here is the file I used to upgrade: 'openwrt-mt6000-4.6.0-0513-1715603647.bin'.

4.5.8 on the Flint 2 always uses the VPN DNS for all requests, including non VPN domains when using "VPN Policy Based on the Target Domain or IP".

4.6.0 Beta allows to only use the VPN DNS over the VPN but you have to configure it correctly, which I think you tried. I have split tunnelling DNS currently working on 4.6.0 on my Flint 2.

The way I do it is set the domains in the list when using the "VPN Policy Based on the Target Domain or IP". Then all those domains have their DNS queries resolved by the DNS server in the Wireguard client.

Are you using a different Client VPN option?

This is purely realted to dns. Get in touch with vpn provide and ask them the dns server ips and moreover when using vpn i always recommend to use vpn dns only.

Originally with V4.6, the VPN client was set to 'Global Proxy'. DNS servers in both Adguard Home and the VPN client were all set to the VPN DNS servers.

When I had problems with Sling TV, that's the setup I was using. I used AH to determine what DNS addresses Sling TV was using. It was using 'sling,com' and 'movetv.com'. I changed the proxy mode to 'VPN Policy Based on the Target Domain or IP ' and added both of those domains. There was no change until I discovered that when AH option, 'AdGuard Home Handle Client Requests ' is set on, it ignores the excluded domains. I turned that option off and I started being able to stream Sling TV. Further experimentation determined that 'sling.com' didn't need to be excluded, but 'movetv.com' did.

While working with Surfshark support, they acknowledged the problem, but couldn't duplicate it. They asked if I had another router to test. I also have a Beryl (MT3000) running firmware 4.5.8. I substituted it for the Flint 2 and was able to stream Sling TV with the VPN running. When checking version numbers on the Flint 2, I realized that I was running a beta version (4.6) of the firmware. To see if that was the problem, I reverted the Flint 2 back to V4.5.8 and everything started working correctly.

I was about to test the MT3000 with the older firmware, but it seems to have updated itself to V4.6.