ronia Posted March 16 Share Posted March 16 Hi Everyone, This is an expansion/update on these two extremely helpful guides: Unfortunately, if you're like me, you didn't read either of those guides and purchased 2 years worth of NordVPN and realized that NordVPN does not provide an easy configuration file to setup your WG tunnel. After much experimenting and failure, I believe I have found the solution to manually create the wireguard tunnel. First off, you want to follow this guide for getting your nordvpn private/public keys manually. Note: you will need a Linux OS (an unraid VM works too. I personally spun up a quick ubuntu instance to do just this). Original guide here: https://gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3 But for the most part, in the comments, darki73 created a script for pulling out the relevant information. Re-posted below for convenience: #!/usr/env/bin bash required_packages=() check_if_connected() { if [ -n "$(nordvpn status | grep "Status: Connected")" ]; then return 0 else return 1 fi } # Check whether jq package is installed if ! command -v jq &> /dev/null; then required_packages+=("jq") fi # Check whether wireguard package is installed if ! command -v wg &> /dev/null; then required_packages+=("wireguard") fi # Check if curl package is installed if ! command -v curl &> /dev/null; then required_packages+=("curl") fi # Check if nordvpn package is installed if ! command -v nordvpn &> /dev/null; then required_packages+=("nordvpn") fi # Install missing packages required to generate the configuration file if [ ${#required_packages[@]} -gt 0 ]; then sudo apt install -y "${required_packages[@]}" fi if ! check_if_connected; then nordvpn connect fi interface_name=$(sudo wg show | grep interface | cut -d " " -f 2) private_key=$(sudo wg show $interface_name private-key | cut -d " " -f 2) my_address=$(ip -f inet addr show $interface_name | grep inet | awk '{print $2}' | cut -d "/" -f 1) api_response=$(curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1") host=$(jq -r '.[]|.hostname' <<< $api_response) ip=$(jq -r '.[]|.station' <<< $api_response) city=$(jq -r '.[]|(.locations|.[]|.country|.city.name)' <<< $api_response) country=$(jq -r '.[]|(.locations|.[]|.country|.name)' <<< $api_response) server_public_key=$(jq -r '.[]|(.technologies|.[].metadata|.[].value)' <<< $api_response) server_identifier=$(echo $host | cut -d "." -f 1) configuration_file="nordvpn-$server_identifier.conf" { echo "# Configuration for $host ($ip) in $city, $country" echo "[Interface]" echo "Address = $my_address" echo "PrivateKey = $private_key" echo "" echo "[Peer]" echo "PublicKey = $server_public_key" echo "AllowedIPs = 0.0.0.0/0" echo "Endpoint = $host:51820" } > "$configuration_file" if check_if_connected; then nordvpn disconnect fi You'll need to sudo apt-get all the relevant tools above. To be clear: The above script/manual steps pull out the relevant information. It does not create a useable configuration file. That would clearly be too easy. Specifically from this step you want: - Your nordvpn private key (henceforth: private key) - Your nordvpn public key (henceforth: public key) - Nordvpn's public key (henceforth: public key 2) - Nordvpn's server address (henceforth: nord server) - Your LynxVPN IP address (henceforth: lynx IP) Now you're ready to setup the tunnel. 1. Head over to Settings> Network Services>VPN Manager in your Unraid server. 2. Add tunnel. (Mine became wg1). 3. Setup the interface to look something like this: 4a. Setup the peer to look something like this (for system): 4b. Setup the peer to look something like this (for dockers): 5. If the tunnel works you should see the handshake like above. Also, you can sanity test by downloading the firefox docker and assigning the network type to "Custom: wg2" (or whatever wg tunnel instance). Then you can navigate to what's my IP or other website to verify the VPN address. Hope this helps! Quote Link to comment
rabidfibersquirrel Posted April 6 Share Posted April 6 Thank you for this! I spent a few days setting up the Nordlynx container and have it working beautifully for a few Dockers now. I would like to get this rolling instead for a bit more built-innedness, in addition to facilitating remote access to my server (to include the Dockers). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.