If you follow me on Minds, you may know that I have been toying around with Unix more lately. Namely, through that PinePhone which I purchased in January, and Raspberry Pi in early February. Through my journey, I figured it wouldn’t hurt to learn how to manually set up NordVPN especially if you are using embedded Unix devices. The kind that might not have a Desktop UI or might not even have a NordVPN app. After some digging, I found some stuff but nothing works quite as I want. It took me a few days researching then applying over and over what I will share with you today. How to manually set up NordVPN using OpenVPN on Linux.
The prerequisite here is that you know how to open a terminal and how to connect to a device through SSH. Let’s jump right onto the device. No screenshots today as I took notes while exploring and didn’t think about it at the moment. Also, I repeated this process enough that you can trust it will all work as I said. Good? Let’s jump into it!
The first thing to do is to make sure your system is up-to-date by running the following commands:
sudo apt-get update && sudo apt-get upgrade
Now that it’s done, let’s install OpenVPN with the following command:
sudo apt-get install openvpn
If it’s not done yet, install the unzip utility with the following command:
sudo apt-get install unzip
Next, go to the OpenVPN root folder as all the action will now happen from there.
See, it’s all been easy so far so I didn’t lie about that. Now that OpenVPN is installed, let’s get on with the NordVPN part. Don’t worry we will be back to touching OpenVPN soon enough.
Luckily for us, NordVPN has a bunch of OpenVPN compatible configuration files that we can use. In order to do so we just need to download them with the following command:
sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
Once the download completes we can extract the archive right then and there:
sudo unzip ovpn.zip
After the extraction ends, you can delete the archive.
sudo rm ovpn.zip
Now you should see two folders named “ovpn_udp” and “ovpn_tcp”. Each will contain configurations for UDP VPN connections and TCP VPN connections. You can pick either but my personal pick is UDP because of reasons.
Let’s go into the UDP folder at /etc/openvpn/ovpn_udp/ and list the configurations available.
cd ovpn_udp && ls -al
You can see a bunch of configurations files with names ending in .nordvpn.com.udp.ovpn. These are the files we’re interested in. You can pick any but there is a way to have a better idea of what you will be choosing.
We can do just that by going to the NordVPN tools page. It will show you the country you’re in with the recommended server to be as close to your current performance levels as possible. You can change that to another country and pick the server you like based on the features it offers and such. For this example, I chose to get a Cyprus server as you can see below:
Now that we have a server of choice, let’s make sure that the configuration works. You can do so by running the following command:
sudo openvpn /etc/openvpn/ovpn_udp/cy13.nordvpn.com.udp.ovpn
This will start OpenVPN with a configuration connecting you to that Cyprus server we chose earlier. It will ask for your username and password at some point. Careful, these will not be your regular Nord credentials but your Nord service credentials. You can find these in your NordAccount dashboard under “Advanced configuration/Service credentials (manual setup)”.
If there is no error, the program won’t stop itself due to the way it was started. Kill it with ^C or Ctrl+C. Time to edit a few files to start OpenVPN as a service to that it runs automatically when booting your device.
While I used to be a Vi guy when it comes to remote file editing, through this journey I discovered and fell in love with Nano. It’s much better and easier to use. Anyone choosing to use Vi when Nano is available is a psychopath that deserves everything coming their way.
Where was I? Yep, the config. The first thing we will edit is our Cyprus server configuration using Nano.
sudo nano /etc/openvpn/ovpn_udp/cy13.nordvpn.com.udp.ovpn
You will find a line matching the below:
Replace it with this one
Now save and close the file. If you’ve been following each step and were curious, you may realise there is no file at /etc/openvpn/auto-auth.txt. That’s because we will create it right now. This is the file where we will store the service credentials. First, open it.
sudo nano /etc/openvpn/auto-auth.txt
Enter the service username on the first line and service password on the second in that fashion:
Once done, close the file. Now, we have one last issue to tackle before we can get our VPN setup working automatically on startup. The OpenVPN daemon is written in such a way that it will try and load configuration from .conf files, not .ovpn. Also, looking at the code, it seems like we need the config file to be in there. Worry not my friends there is an easy fix for that. We’ll just rename and move our config file. Here we can do so with the following command:
sudo mv /etc/openvpn/ovpn_udp/cy13.nordvpn.com.udp.ovpn /etc/openvpn/cy13.conf
We’re almost there, now that the file is in the right location, we can update the default config to select it. Let’s open that file:
sudo nano /etc/default/openvpn
Below the line that reads:
Add the following line:
Close and save the file, then reboot the device.
Upon restart, connect to the device remotely one last time to make sure it all worked. Validate your network connection using traceroute:
sudo traceroute 220.127.116.11
It will track the route packets taken from your device to one of Google’s DNS (18.104.22.168). The second hop IP should be that of the VPN server you’re going through. Copy it and paste it into an IP lookup tool like this one. It will give you a country and even a city that should match the country and server you chose.
Finally, we’re done, thank you for reading, and I hope to see you next time.