Setting up Nord VPN on Turris

TDG1999 · March 6, 2021, 3:22pm

Hey all I am wanting to have my Turris have it’s out bandwidth filtered/masked by the Nord VPN service.

Problem is that I am very new at setting anything up on the Turris so if someone has done this before then would you please let me know step-by-step on how to do it?

Thanks!

talisker · March 7, 2021, 6:05pm

NordVPN support WireGuard in is offer NordLynx so I recommend you to install wireguard on your Turris.
The doc is here : https://wiki.turris.cz/doc/en/public/wireguard
Enjoy the speed of wireguard

jinh · April 3, 2021, 12:44pm

Hi,

OpenWRT setup with NordVPN

While OpenWRT can be managed completely using SSH and the terminal, the LuCI WebUI makes many administration tasks easier.

The OpenWRT full releases, such as the current 18.06.x series, ship with the LuCI WebUI installed. But for lower-memory devices, such as those with 4MBytes Flash and/or 32MBytes of RAM, the full install may fail because of lacking sufficient Flash memory so you will have to build your own image with LuCI included. You can find more information here.

If you already have LuCI WebUI installed, skip to the step 3.

Access your router and download the OpenVPN package.

The router flashed with OpenWRT firmware image, initially accepts connection only via the telnet protocol, so you should connect to it via telnet to the IP 192.168.1.1 and change the root password with command passwd. After this command, it accepts a connection via SSH. By default the OpenVPN package isn’t included in the firmware image, so you should install it using opkg:

opkg update
opkg install openvpn-openssl
opkg install ip-full

Download the LuCI WebUI interface.

Now you will need to install the LuCI WebUI component in order to access your OpenWRT routers interface on your browser:

opkg install luci

Download the LuCI WebUI OpenVPN configuration plugin.

By default, the LuCI interface does not come with OpenVPN client configuration capabilities and the following plugin is needed:

opkg install luci-app-openvpn

Step 3 Access the LuCI WebGUI on your browser and set up a VPN connection.

Type in 192.168.1.1 into your browsers address bar

4.1 Navigate to Services > OpenVPN.
4.2 Upload an OpenVPN file.

Name the connection NordVPN > Click on Browse… > Select your .ovpn file > Select Upload

You can get the configuration file here: https://nordvpn.com/servers/tools/ (or for all config file : wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip )

4.3 Edit the configuration

Scroll down until you locate the auth-user-pass line and add NordVPN.auth next to it separated by a space.

Fill in your NordVPN account username and password in the field below and click Save.

Click Save & Apply.

4.5 Configure NAT and Firewall.

Go to Network > Interfaces, and click Add new interface…

Configure the interface as follows:

Name of the new interface: Nord
Protocol of the new interface: Unmanaged
Cover the following interface: Custom Interface: tun0

Navigate to the General Setup tab. Enable the checkbox for Bring up on boot. Afterward, navigate to the Advanced Settings tab and disable the Use built-in IPv6-management option.

Click Save & Apply.

Navigate to the Network > Firewall Settings tab. In the Zones field click Add.

Type the zone name – FWNEW. In the General Settings tab, select the following settings:

Input: reject
Output: accept
Forward: reject
Masquerading: checked
MSS clamping: checked
Covered networks: checked Nord

Set the checkbox for Allow forward from source zones: lan.

Click Save.

Click Save & Apply.

4.6 Connect to NordVPN

Go to Services > OpenVPN. Set the checkbox Enabled for NordVPN, and click Save & Apply. Click start next to the NordVPN.

That is it! You are now connected to NordVPN on your OpenWRT router!

TDG1999 · July 11, 2021, 8:01pm

Some questions @jinh

which file do I choose for the .ovpn? The UDP or the TCP?
I included the NordVPN.auth in the edit of the file but I am unable to find the account username and password? Where should that be? Are you meaning to say type that info out like so?

auth-user-pass NordVPN.auth-mynordusername-mynordpassword
or is it
auth-user-pass NordVPN.auth mynordusername mynordpassword
or
auth-user-pass NordVPN.auth -mynordusername -mynordpassword

TDG1999 · July 12, 2021, 7:46pm

Would be great for feedback on this. I am not able to move pass that step without knowing what format it needs to be in or even if its in the correct place.

AreYouLoco · July 13, 2021, 9:35am

I think openvpn have a possibility to provide auth file instead of user and password. Just read the docs on openvpn client. All the info you need is in that topic and openwrt link provided by @jinh.

Edit:

Now edit the line beginning auth-user-pass in the first text box to included the full path to the username/password .auth file. The full path is visible just above the second text box. For above example:

auth-user-pass /etc/openvpn/NLMiramUDP443E3.auth

Save username/password credentials

cat << EOF > ${OVPN_DIR}/${OVPN_ID}.auth
${OVPN_USER}
${OVPN_PASS}
EOF

So basicly the *.auth file is just your username newline and password below. Remember to set permissions to that file to something secure. So only owner (root) can edit and group can access:
‘chmod 0640 *.auth‘

jinh · July 17, 2021, 12:39pm

1 - it’s your choice I use udp personally, you can check here : https://nordvpn.com/blog/tcp-or-udp-which-is-better/
2 - I did
myuser
mypassword