medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa054cb4cb307ea1fdaab9c8d6f598db51147e1e
the_information_nexus/tech_docs/NordVPN.md
Whisker Jones aeba9bdb34 structure updates
2024-05-01 12:28:44 -06:00

197 lines
6.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Absolutely, lets streamline the steps to set up NordVPN on a fresh OpenWrt device using CLI commands. This guide assumes you have basic knowledge of how to access your router via SSH and that OpenWrt is already installed on your device.
### Step 1: Access Your Router
Connect to your router via SSH:
```bash
ssh root@192.168.1.1
```
Replace `192.168.1.1` with your router's IP address if it has been changed from the default.
### Step 2: Update and Install Necessary Packages
Update the package manager and install OpenVPN and the necessary IP utilities:
```bash
opkg update
opkg install openvpn-openssl ip-full
```
### Step 3: Download and Set Up NordVPN Configuration Files
Choose a NordVPN server that you want to connect to and download its OpenVPN UDP configuration. You can find server configurations on the NordVPN website.
1. **Download a server config file directly to your router**:
Replace `SERVERNAME` with your chosen server's name.
```bash
wget -P /etc/openvpn https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/SERVERNAME.udp.ovpn
```
2. **Rename the downloaded configuration file for easier management**:
```bash
mv /etc/openvpn/SERVERNAME.udp.ovpn /etc/openvpn/nordvpn.ovpn
```
### Step 4: Configure VPN Credentials
NordVPN requires authentication with your service credentials.
1. **Create a credentials file**:
Open a new file using `nano`:
```bash
nano /etc/openvpn/credentials
```
Enter your NordVPN username and password, each on a separate line. Save and close the editor.
2. **Modify the NordVPN configuration file to use the credentials file**:
```bash
sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/credentials/' /etc/openvpn/nordvpn.ovpn
```
### Step 5: Enable and Start OpenVPN
1. **Automatically start OpenVPN with the NordVPN configuration on boot**:
```bash
echo 'openvpn --config /etc/openvpn/nordvpn.ovpn &' >> /etc/rc.local
```
2. **Start OpenVPN manually for the first time**:
```bash
/etc/init.d/openvpn start
```
### Step 6: Configure Network and Firewall
Ensure the VPN traffic is properly routed and the firewall is configured to allow it.
1. **Edit the network configuration**:
Add a new interface for the VPN:
```bash
uci set network.vpn0=interface
uci set network.vpn0.ifname='tun0'
uci set network.vpn0.proto='none'
uci commit network
```
2. **Set up the firewall to allow traffic from LAN to the VPN**:
```bash
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].network='vpn0'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci commit firewall
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
uci commit firewall
```
3. **Restart the firewall to apply changes**:
```bash
/etc/init.d/firewall restart
```
### Step 7: Test the Connection
Check if the VPN connection is active and working:
```bash
ping -c 4 google.com
```
You should now be connected to NordVPN through your OpenWrt router using the configured OpenVPN setup. This streamlined guide ensures you have a clear path through the configuration process with easy-to-follow CLI commands.
---
The CLI instructions you're interested in offer a more hands-on approach to setting up NordVPN on an OpenWrt router. This method is ideal if you're comfortable using the command line and want more control over the VPN configuration. Here's a simplified version of the process, broken down into manageable steps:
### 1. Access Router via SSH
Connect to your OpenWrt router using SSH. The default IP is usually `192.168.1.1` unless you have changed it. The default username is `root`.
### 2. Install Necessary Packages
Update your package list and install the required OpenVPN packages:
```bash
opkg update
opkg install openvpn-openssl ip-full luci-app-openvpn
```
(Optional) Install `nano` for easier file editing:
```bash
opkg install nano
```
### 3. Download OpenVPN Configuration
Use NordVPN's server recommendation tool to find the best server and download its configuration file directly to your router:
```bash
wget -P /etc/openvpn https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/[server-name].udp.ovpn
```
Replace `[server-name]` with the actual server name, such as `uk2054.nordvpn.com`.
### 4. Configure OpenVPN
Edit the downloaded .ovpn file to include your NordVPN credentials:
```bash
nano /etc/openvpn/[server-name].udp.ovpn
```
Modify the `auth-user-pass` line to point to a credentials file:
```plaintext
auth-user-pass /etc/openvpn/credentials
```
Create the credentials file:
```bash
echo "YourUsername" > /etc/openvpn/credentials
echo "YourPassword" >> /etc/openvpn/credentials
chmod 600 /etc/openvpn/credentials
```
### 5. Enable OpenVPN to Start on Boot
Ensure OpenVPN starts automatically with your router:
```bash
/etc/init.d/openvpn enable
```
### 6. Set Up Networking and Firewall
Create a new network interface for the VPN and configure the firewall to route traffic through the VPN:
**Network Interface Configuration:**
```bash
uci set network.nordvpntun=interface
uci set network.nordvpntun.proto='none'
uci set network.nordvpntun.ifname='tun0'
uci commit network
```
**Firewall Configuration:**
```bash
uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall
```
### 7. Configure DNS
Change DNS settings to use NordVPN DNS or another preferred DNS service:
```bash
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='103.86.96.100'
uci add_list network.wan.dns='103.86.99.100'
uci commit
```
### 8. Prevent Traffic Leakage (Optional)
To enhance security, add custom rules to block all traffic if the VPN disconnects:
```bash
echo "if (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT; fi" >> /etc/firewall.user
```
### 9. Start the VPN
Start the OpenVPN service and verify it's running properly:
```bash
/etc/init.d/openvpn start
```
### 10. Check Connection Status
Visit NordVPN's homepage or another site like `ipinfo.io` to check your IP address and ensure your traffic is routed through the VPN.
This setup should give you a robust and secure VPN connection on your OpenWrt router using NordVPN. If you encounter any issues, you may need to review the configuration steps or consult NordVPN's support for further troubleshooting.
Reference in New Issue View Git Blame Copy Permalink