3.5 KiB
The CLI instructions you're interested in offer a more hands-on approach to setting up NordVPN on an OpenWrt router. This method is ideal if you're comfortable using the command line and want more control over the VPN configuration. Here's a simplified version of the process, broken down into manageable steps:
1. Access Router via SSH
Connect to your OpenWrt router using SSH. The default IP is usually 192.168.1.1 unless you have changed it. The default username is root.
2. Install Necessary Packages
Update your package list and install the required OpenVPN packages:
opkg update
opkg install openvpn-openssl ip-full luci-app-openvpn
(Optional) Install nano for easier file editing:
opkg install nano
3. Download OpenVPN Configuration
Use NordVPN's server recommendation tool to find the best server and download its configuration file directly to your router:
wget -P /etc/openvpn https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/[server-name].udp.ovpn
Replace [server-name] with the actual server name, such as uk2054.nordvpn.com.
4. Configure OpenVPN
Edit the downloaded .ovpn file to include your NordVPN credentials:
nano /etc/openvpn/[server-name].udp.ovpn
Modify the auth-user-pass line to point to a credentials file:
auth-user-pass /etc/openvpn/credentials
Create the credentials file:
echo "YourUsername" > /etc/openvpn/credentials
echo "YourPassword" >> /etc/openvpn/credentials
chmod 600 /etc/openvpn/credentials
5. Enable OpenVPN to Start on Boot
Ensure OpenVPN starts automatically with your router:
/etc/init.d/openvpn enable
6. Set Up Networking and Firewall
Create a new network interface for the VPN and configure the firewall to route traffic through the VPN:
Network Interface Configuration:
uci set network.nordvpntun=interface
uci set network.nordvpntun.proto='none'
uci set network.nordvpntun.ifname='tun0'
uci commit network
Firewall Configuration:
uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall
7. Configure DNS
Change DNS settings to use NordVPN DNS or another preferred DNS service:
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='103.86.96.100'
uci add_list network.wan.dns='103.86.99.100'
uci commit
8. Prevent Traffic Leakage (Optional)
To enhance security, add custom rules to block all traffic if the VPN disconnects:
echo "if (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT; fi" >> /etc/firewall.user
9. Start the VPN
Start the OpenVPN service and verify it's running properly:
/etc/init.d/openvpn start
10. Check Connection Status
Visit NordVPN's homepage or another site like ipinfo.io to check your IP address and ensure your traffic is routed through the VPN.
This setup should give you a robust and secure VPN connection on your OpenWrt router using NordVPN. If you encounter any issues, you may need to review the configuration steps or consult NordVPN's support for further troubleshooting.