NordVPN


Recommended Posts

3 minutes ago, Akagami said:

i'm having the same issue, 

nordvpn support gave me this answer

 

Unfortunately, since 3.12.2 update you need to log in through the browser.

 

so headless server and docker apps will have some trouble i think

Yes it does seem there is an upstream issue. My streaming box is also now unable to authenticate with NordVPN.

 

 

I haven't tried it and  its not dockerized within CA yet, but Bubuntux has suggested using the NordLynx version of the app - https://github.com/bubuntux/nordlynx

 

And if anybody else with better docker skills than me can help, here is a link to the Nord Instructions for how to dockerise the app - Official guide to Dockerise NordVPN app

 

 

 

 

 

Link to comment
4 minutes ago, dgs2001 said:

Yes it does seem there is an upstream issue. My streaming box is also now unable to authenticate with NordVPN.

 

 

I haven't tried it and  its not dockerized within CA yet, but Bubuntux has suggested using the NordLynx version of the app - https://github.com/bubuntux/nordlynx

 

 

 im setting up a desktop ubuntu vm to try to login through the app (hoping it works) and get the private key to use that docker.

 

support wont  give out the private key directly

(i tired to extract it throught the windows and android app with no luck)

Link to comment
1 hour ago, Akagami said:

 im setting up a desktop ubuntu vm to try to login through the app (hoping it works) and get the private key to use that docker.

this worked like a charm

 

i got the privatekey,

set up the bubuntux/nordlynx docker and i'm back up and running

Edited by Akagami
Link to comment
24 minutes ago, max25 said:

how did you do to extract the key?

on ubuntu desktop i installed the nordvpn app, wireguard and some extras via terminal

sudo apt install wireguard
sudo apt install jq
sudo apt install curl
sudo apt install net-tools
sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

(i'm not sure if you also need to install the .deb package i had it install while experimenting on other things and dinìdnt bother removing it)

rebooted 

again via terminal logged into nordvpn with 

sudo nordvpn login

you get a link to copypaste in a browser to authenticate (thats why you need desktop version of ubuntu)

set nordlynx protocol and connect to a server

sudo nordvpn set technology nordlynx
sudo nordvpn c

at this point you can get the key with

sudo wg show nordlynx private-key

 

 

Edited by Akagami
Link to comment

set repository to 

ghcr.io/bubuntux/nordlynx

in extra parameters add (the part after --sysctl is if you dont use ipv6)

--device /dev/net/tun --cap-add=NET_ADMIN --sysctl net.ipv6.conf.all.disable_ipv6=1

add your private key variable 

add networks in CDIR you want to be able to acces the vpn from (ex 192.168.0.0/24)

under allowed ip set filters or leave as is for all ip

under query add any filters you want if needed (p2p obfuscsted specific country etc. as per NORDVPN API)

for example for p2p servers

filters\[servers_groups\]\[identifier\]=legacy_p2p

add  any ports you want to be able to acces from lan 

 

 

Immagine.jpg

  • Like 1
Link to comment

Following the information above from Akagami I was unable to get a fresh ubuntu desktop VM logged in to NORD so I had an interesting chat with Nord this morning and they confirmed there is an issue their end which they are working on to do with MFA.

 

Basically even though a browser window shows logged in, if you have MFA active the linux terminal returns "You are not logged in" 

 

Nord confirmed they are trying to fix this and told me i had to dissable MFA in the meantime.

 

Not the best from an otherwise seemingly reliable provider.

 

 

 

 

Link to comment
23 minutes ago, dgs2001 said:

Following the information above from Akagami I was unable to get a fresh ubuntu desktop VM logged in to NORD so I had an interesting chat with Nord this morning and they confirmed there is an issue their end which they are working on to do with MFA.

 

Basically even though a browser window shows logged in, if you have MFA active the linux terminal returns "You are not logged in" 

 

Nord confirmed they are trying to fix this and told me i had to dissable MFA in the meantime.

 

Not the best from an otherwise seemingly reliable provider.

 

 

 

 

 when you open the link in the browser, authenticate and then press on the go back to the application button on, you should get a prompt for wich application to run from there i had nordvpn already selected, when pressed it highlighted the terminal window and i was logged in.

 

you can try to install the .deb package with the gui packet manager (after installing the terminal version) mabe i'ts need to link to the terminal app 

Edited by Akagami
Link to comment
1 hour ago, dgs2001 said:

Following the information above from Akagami I was unable to get a fresh ubuntu desktop VM logged in to NORD so I had an interesting chat with Nord this morning and they confirmed there is an issue their end which they are working on to do with MFA.

 

Basically even though a browser window shows logged in, if you have MFA active the linux terminal returns "You are not logged in" 

 

Nord confirmed they are trying to fix this and told me i had to dissable MFA in the meantime.

 

Not the best from an otherwise seemingly reliable provider.

 

 

 

 

Indeed! Deactivating MFA im NORDVPN Account makes it immediately possible to use the container again. TNXs for the Tipp.

Link to comment

support gave me an alternative:

 

Run nordvpn login command on your Linux device.

Open the provided link in any browser.

Complete the login procedure.

Right-click on the Return to the app button and select "Copy link address".

Run nordvpn login --callback <URL> with the previously copied URL.

Verify that login was successful with nordvpn account

Link to comment

Has anyone found a solution for when the vpn connection drops, the kill switche kills the connection (which is great) but then stays disconnected indefinitely. I would like it to reconnect or at least attempt to reconnect at some point so it doesn't sit there and idle forever. I work a lot on the road and can't manually restart my machine often.

  • Like 1
Link to comment

Hi everyone, I have followed Akagami information (thank you).

 

It all went well and I can see that I am connected to the NordVPN country I wanted to.

 

I have issue with the DNS resolution however:

I can't ping anything on the Internet (LAN ping works fine). I get "ping: bad address 'www.google.com'.

Same with curl ifconfig.io, I keep getting: "curl: (6) Could not resolve host: ifconfig.io.

 

I have checked /etc/resolv.conf and it all looks fine (nameserver 103.86.96.100 and 103.86.99.100). 

 

Here is my extra parameters:

--device /dev/net/tun --cap-add=NET_ADMIN --sysctl net.ipv6.conf.all.disable_ipv6=1

 

NET_LOCAL is my LAN subnet so this shouldn't be a problem either.

 

Please let me know if you think of anything I could have missed for the DNS resolution.

 

Thanks

 

 

Tmp.png

Link to comment

I've been noticing that this container seems to lose connectivity, which borks connectivity for other containers, more and more lately.  Is there a keep alive function, or can there be one (feature request) that would restart the container/vpn connection and possibly call a script / restart other containers?

 

TIA for any help/suggestions.

Link to comment

I have an issue where I cannot open the web UI of the docker container I have passing through this vpn tunnel.  I double checked my ports, and the LAN net settings and they are correct.  If one looks at the logs though the IP addresses for the subnet are wrong I had accidentally put in 10.10.42.0 once, then corrected it.  My question is where is the location of the config file, and can I manually edit it to correct this issue?

IP tables for ipv4:
filter:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 192.XXX.XXX.XXX/32 -i eth0 -j ACCEPT
-A INPUT -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A INPUT -i eth0 -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A INPUT -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -d 172.17.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 10.10.42.0/24 -i eth0 -j ACCEPT
-A FORWARD -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A OUTPUT -d 192.XXX.XXX.XXX/32 -o eth0 -j ACCEPT
-A OUTPUT -d 10.10.42.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 172.17.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tap+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o nordlynx+ -j ACCEPT
-A OUTPUT -d 172.17.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -d 10.10.42.0/24 -o eth0 -j ACCEPT

nat:

 

Edited by Ender331
Link to comment
11 hours ago, Ender331 said:

I have an issue where I cannot open the web UI of the docker container I have passing through this vpn tunnel.  I double checked my ports, and the LAN net settings and they are correct.  If one looks at the logs though the IP addresses for the subnet are wrong I had accidentally put in 10.10.42.0 once, then corrected it.  My question is where is the location of the config file, and can I manually edit it to correct this issue?

IP tables for ipv4:
filter:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 192.XXX.XXX.XXX/32 -i eth0 -j ACCEPT
-A INPUT -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A INPUT -i eth0 -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A INPUT -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -d 172.17.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -s 172.17.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 10.10.42.0/24 -i eth0 -j ACCEPT
-A FORWARD -s 10.10.42.0/24 -i eth0 -j ACCEPT
-A OUTPUT -d 192.XXX.XXX.XXX/32 -o eth0 -j ACCEPT
-A OUTPUT -d 10.10.42.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 172.17.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tap+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o nordlynx+ -j ACCEPT
-A OUTPUT -d 172.17.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -d 10.10.42.0/24 -o eth0 -j ACCEPT

nat:

 

Ok, for a clarification.  I know my Transmission docker is going through nordvpn, it gets the same ip address.  the issue is I cannot connect to the web UI.  My router is 10.10.42.1, it shows 10.10.42.1/24 as its ip range.  I set the LAN net to 10.10.42.1/24 added thew 9091 port for transmission on TCP, still cannot connect. the logs clearly show that NordVPN forwards to 10.10.42.0/24.  Does anyone know what I am doing wrong, and how can I fix it? Where is the container folder for this, can I manually delete the config?  Have removed, replaced, the container.  Have stopped docker, etc.

 

Link to comment
  • 2 weeks later...
#!/bin/bash

docker stop -t 90 nordvpn
docker stop -t 90 qbittorrent
docker stop -t 90 overseerr
docker stop -t 90 jackett
docker stop -t 90 lidarr
docker stop -t 90 radarr
docker stop -t 90 sonarr
sleep 90
docker start nordvpn
sleep 90
docker start qbittorrent
docker start overseerr
docker start jackett
docker start lidarr
docker start radarr
docker start sonarr

Losing connectivity at least once or twice a day, I can't often check my server to see if it's still working so I've been using the above script on a once a day schedule to at least help keep it going. Does anyone have a more elegant solution to this?

Link to comment

Not sure how to pull this off... but I'd think a script could (possibly?)-.....

 

  • Get the public ip of the server via something like ifconfig.io
  • bash into the nordvpn docker container and run some commands (nordvpn status, curl ifconfig.io, etc., )
  • See if nordvpn status reports "connected"
  • Get the external IP and compare to the public ip
  • restart nordvpn or the container, or a list of containers, etc., if needed. 

 

I'm doing something like this:  (I'm a total noob, so please excuse if it's clunky)

#!/bin/bash

echo Restarting NordVPN
docker restart nordvpn
sleep 10

for value in prowlarr headphones lidarr Overseerr radarr readarr sonarr sabnzbd transmission
do
    echo Restarting: $value 
    docker restart $value 
    sleep 1
done

 

Link to comment

For anyone that wants to test the speed of the container they can run speedtest-cli:

 

Open NordVPN console and run these commands:

sudo apt update

sudo apt install speedtest-cli

speedtest-cli

 

If you reboot or restart the container then you must run the commands again.

Edited by SimpleDino
forgot install word
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.