Difference between revisions of "NordVPN connection setup HOWTO"

NordVPN provides apps for Linux, but only for .deb and .rpm-based distributions. To use your NordVPN account in Funtoo, openvpn can be used in CLI mode. Here is a quick guide.

1. If you don't have it already, install openvpn.

user $ sudo emerge net-vpn/openvpn

1a. Verify that you have the necessary network devices installed. Just installing openvpn does not automatically activate the tunnel device.

user $ sudo ls /dev/net/
tun

If you don't see "tun" listed or get an error "ls: cannot access '/dev/net': No such file or directory" it means you don't have the tun module loaded. You can load it momentarily by issuing

user $ sudo modprobe tun

...and to get it to autoload at boot the next time, create (as root) a file /etc/modules-load.d/tun.conf with the contents

tun

2. Download the NordVPN connection certificates into a directory of your choice. I keep them in my home folder into a ~/vpn directory.

user $ mkdir ~/vpn
user $ cd ~/vpn
user $ wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
user $ unzip ovpn.zip

The above will create 2 subfolders inside ~/vpn, ovpn_tcp and ovpn_udp. Each holds the CA certificates as individual files for all NordVPN servers, for using the TCP and UDP protocols respectively.

3. Open in your browser https://nordvpn.com/servers/tools/ - this will give you the name of the server NordVPN recommends that you connect to at the moment based on load, your geographic location, etc. Note that the recommended server may change from minute to minute.

Also note that on the right side of the page you can select an alternate country, as well as advanced options such as server type, protocol, security etc.

Assume for the following that the recommended server is, for instance, us3642.nordvpn.com

4. Navigate to the folder containing the certificates for the protocol you want, TCP or UDP (I mostly use TCP) and start the VPN session. You will be prompted 3 times: first for your Funtoo user password (for sudo), next for your NordVPN username, and last for your NordVPN password. The VPN will be then established after you authenticate.

user $ cd ~/vpn/ovpn_tcp
user $ sudo openvpn us3642.nordvpn.com.tcp.ovpn
Password: 
Fri Oct 25 07:57:19 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 24 2019
Fri Oct 25 07:57:19 2019 library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
Enter Auth Username:
Enter Auth Password:

(using above the certificate file corresponding to the server recommended in step 3; change as needed)

Update 2023: the username/password that you must use to connect using the method above are no longer the same username/password that you use to log into your NordVPN account on their website, or into the desktop app. Instead they are autogenerated hashes. To obtain them you have to request them from your account dashboard (at the bottom, click "setup NordVPN manually", and you will have to go through a 2FA process then they will be shown in your dashboard).

One further note, if you want to avoid having to type in the terminal your username and password every time, you can edit the configuration file (such as us3642.nordvpn.com.tcp.ovpn in the example above) and change the line that says

auth-user-pass

to read

auth-user-pass passfile

and also create a text file "passfile" in the same directory that contains your username and password on 2 separate lines (see man openvpn, section "client")

5. To end the VPN connection, use CTRL-C in the terminal to terminate the openvpn process.