Skip to content

Set up NordVPN by using OpenVPN on postmarketOS

Posted in Tutorials

Some time ago I wrote a guide to set up NordVPN by using NordVPN on Raspberry Pi 4 running Xbian. Since I’ve been toying around a lot more with the Pinephone I decided to figure out whether I could make it work there. Today we will go through the steps of setting up NordVPN by using OpenVPN on postmartketOS. Let’s jump into it!

The first thing to do is to make sure your system is up-to-date by running the following commands:

sudo apk update && sudo apk upgrade

Now that it’s done, let’s install OpenVPN with the following command:

sudo apk add openvpn

postmarketOS should already come with the unzip utility but if you can’t find it, install the unzip utility with the following command:

sudo apk add unzip

Next, go to the OpenVPN root folder as all the action will now happen from there.

cd /etc/openvpn

See, it’s all been easy so far so I didn’t lie about that. Now that OpenVPN is installed, let’s get on with the NordVPN part. Don’t worry we will be back to touching OpenVPN soon enough.

Luckily for us, NordVPN has a bunch of OpenVPN compatible configuration files that we can use. In order to do so we just need to download them with the following command:

sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip

Once the download completes we can extract the archive right then and there:

sudo unzip ovpn.zip

After the extraction ends, you can delete the archive.

sudo rm ovpn.zip

Now you should see two folders named “ovpn_udp” and “ovpn_tcp”. Each will contain configurations for UDP VPN connections and TCP VPN connections. You can pick either but my personal pick is UDP because of reasons.

Let’s go into the UDP folder at /etc/openvpn/ovpn_udp/ and list the configurations available.

cd ovpn_udp && ls -al

You can see a bunch of configuration files with names ending in .nordvpn.com.udp.ovpn. These are the files we’re interested in. You can pick any but there is a way to have a better idea of what you will be choosing.

We can do just that by going to the NordVPN tools page. It will show you the country you’re in with the recommended server to be as close to your current performance levels as possible. You can change that to another country and pick the server you like based on the features it offers and such. For this example, I chose to get a Brasil server as you can see below:

Pretending we’re enjoying the carnival while under London rain

Now that we have a server of choice, let’s make sure that the configuration works. You can do so by running the following command:

sudo openvpn /etc/openvpn/ovpn_udp/br75.nordvpn.com.udp.ovpn

This will start OpenVPN with a configuration connecting you to that Brasil server we chose earlier. It will ask for your username and password at some point. Careful, these will not be your regular Nord credentials but your Nord service credentials. You can find these in your NordAccount dashboard under “Advanced configuration/Service credentials (manual setup)”.

If there is no error, the program won’t stop itself due to the way it was started. Kill it with ^C or Ctrl+C. Time to edit a few files to start OpenVPN as a service to that it runs automatically when booting your device.

While I used to be a Vi guy when it comes to remote file editing, through this journey I discovered and fell in love with Nano. It’s much better and easier to use. Anyone choosing to use Vi when Nano is available is a psychopath that deserves everything coming their way.

Where was I? Yep, the config. The first thing we will edit is our Brasil server configuration using Nano.

sudo nano /etc/openvpn/ovpn_udp/br75.nordvpn.com.udp.ovpn

You will find a line matching the below:

auth-user-pass

Replace it with this one

auth-user-pass /etc/openvpn/auto-auth.txt

Now save and close the file. If you’ve been following each step and were curious, you may realise there is no file at /etc/openvpn/auto-auth.txt. That’s because we will create it right now. This is the file where we will store the service credentials. First, open it.

sudo nano /etc/openvpn/auto-auth.txt

Enter the service username on the first line and service password on the second in that fashion:

username
password

Once done, close the file. Now, we have one last issue to tackle before we can get our VPN setup working automatically on startup. The OpenVPN daemon is written in such a way that it will try and load configuration from .conf files, not .ovpn. Also, looking at the code, it seems like we need the config file to be in there. Worry not my friends there is an easy fix for that. We’ll just rename and move our config file. Here we can do so with the following command:

sudo mv /etc/openvpn/ovpn_udp/br75.nordvpn.com.udp.ovpn /etc/openvpn/br75.conf

We’re almost there, now that the file is in the right location, we can create a symlink to it. That symlink would have the default config filename /etc/openvpn/openvpn.conf. It will need to point to our config file. The advantage of using a symlink here is that we can have several server configurations and easily switch from one VPN config to the next by pointing the symlink to a different config file.

 sudo ln -sf /etc/openvpn/br75.conf /etc/openvpn/openvpn.conf

The -f flag replaces the destination file if existing so you could use this command to switch from one config to the next.

Now, we will enable an OpenVPN service with the command below:

sudo rc-update add openvpn default

Now reboot the device.

sudo reboot

Upon restart, you can just open your browser and lookup your IP:

IP shows we’re in Brasil

Unfortunately had to use Firefox since there’s no proper browser for arm64 Linux devices and DDG cause I’m lazy.

Back to the point, even though this will tell you your IP is in Brasil, other tools will point to your actual location. How come? Not sure yet. My guess is that the tool in the image above seems to rely on your IPv4 to determine location while other tools might check your IPv6. It’s possible that OpenVPN does have a bug or maybe the daemon mode does not support this. I might have a look at that later on to figure it out.

Finally, we’re done, thank you for reading, and I hope to see you next time.

Cover by Stefan Coders from Pexels

Be First to Comment

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    %d bloggers like this: