March 16, 20242 yr Hi Everyone, This is an expansion/update on these two extremely helpful guides: Unfortunately, if you're like me, you didn't read either of those guides and purchased 2 years worth of NordVPN and realized that NordVPN does not provide an easy configuration file to setup your WG tunnel. After much experimenting and failure, I believe I have found the solution to manually create the wireguard tunnel. First off, you want to follow this guide for getting your nordvpn private/public keys manually. Note: you will need a Linux OS (an unraid VM works too. I personally spun up a quick ubuntu instance to do just this). Original guide here: https://gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3 But for the most part, in the comments, darki73 created a script for pulling out the relevant information. Re-posted below for convenience: #!/usr/env/bin bash required_packages=() check_if_connected() { if [ -n "$(nordvpn status | grep "Status: Connected")" ]; then return 0 else return 1 fi } # Check whether jq package is installed if ! command -v jq &> /dev/null; then required_packages+=("jq") fi # Check whether wireguard package is installed if ! command -v wg &> /dev/null; then required_packages+=("wireguard") fi # Check if curl package is installed if ! command -v curl &> /dev/null; then required_packages+=("curl") fi # Check if nordvpn package is installed if ! command -v nordvpn &> /dev/null; then required_packages+=("nordvpn") fi # Install missing packages required to generate the configuration file if [ ${#required_packages[@]} -gt 0 ]; then sudo apt install -y "${required_packages[@]}" fi if ! check_if_connected; then nordvpn connect fi interface_name=$(sudo wg show | grep interface | cut -d " " -f 2) private_key=$(sudo wg show $interface_name private-key | cut -d " " -f 2) my_address=$(ip -f inet addr show $interface_name | grep inet | awk '{print $2}' | cut -d "/" -f 1) api_response=$(curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1") host=$(jq -r '.[]|.hostname' <<< $api_response) ip=$(jq -r '.[]|.station' <<< $api_response) city=$(jq -r '.[]|(.locations|.[]|.country|.city.name)' <<< $api_response) country=$(jq -r '.[]|(.locations|.[]|.country|.name)' <<< $api_response) server_public_key=$(jq -r '.[]|(.technologies|.[].metadata|.[].value)' <<< $api_response) server_identifier=$(echo $host | cut -d "." -f 1) configuration_file="nordvpn-$server_identifier.conf" { echo "# Configuration for $host ($ip) in $city, $country" echo "[Interface]" echo "Address = $my_address" echo "PrivateKey = $private_key" echo "" echo "[Peer]" echo "PublicKey = $server_public_key" echo "AllowedIPs = 0.0.0.0/0" echo "Endpoint = $host:51820" } > "$configuration_file" if check_if_connected; then nordvpn disconnect fi You'll need to sudo apt-get all the relevant tools above. To be clear: The above script/manual steps pull out the relevant information. It does not create a useable configuration file. That would clearly be too easy. Specifically from this step you want: - Your nordvpn private key (henceforth: private key) - Your nordvpn public key (henceforth: public key) - Nordvpn's public key (henceforth: public key 2) - Nordvpn's server address (henceforth: nord server) - Your LynxVPN IP address (henceforth: lynx IP) Now you're ready to setup the tunnel. 1. Head over to Settings> Network Services>VPN Manager in your Unraid server. 2. Add tunnel. (Mine became wg1). 3. Setup the interface to look something like this: 4a. Setup the peer to look something like this (for system): 4b. Setup the peer to look something like this (for dockers): 5. If the tunnel works you should see the handshake like above. Also, you can sanity test by downloading the firefox docker and assigning the network type to "Custom: wg2" (or whatever wg tunnel instance). Then you can navigate to what's my IP or other website to verify the VPN address. Hope this helps!
April 6, 20242 yr Thank you for this! I spent a few days setting up the Nordlynx container and have it working beautifully for a few Dockers now. I would like to get this rolling instead for a bit more built-innedness, in addition to facilitating remote access to my server (to include the Dockers).
August 29, 20241 yr I keep searching this topic. This solution would not be the same as or work for NordVPN Meshnet, correct?
August 29, 20241 yr Thanks so much for the post. This helped and got it working for me. The only issue I have noticed is the inability to access the webgui for a number of containers behind a docker tunnel, if I too am accessing remotely from another wireguard tunnel. I am not sure if it is something to do with routing or not? I confirmed that I can access the webgui of the containers if I am on the local network. The remote tunnel is run on my router rather than the unraid system, so I also don't know if that is causing me the issue or not. Any thoughts or suggestions?
August 29, 20241 yr 4 minutes ago, t7br7 said: Thanks so much for the post. This helped and got it working for me. The only issue I have noticed is the inability to access the webgui for a number of containers behind a docker tunnel, if I too am accessing remotely from another wireguard tunnel. I am not sure if it is something to do with routing or not? I confirmed that I can access the webgui of the containers if I am on the local network. The remote tunnel is run on my router rather than the unraid system, so I also don't know if that is causing me the issue or not. Any thoughts or suggestions? To access those containers you won't be able to click on to the WebGUI, but you should be able to access them by IP:Port. That's how I do it via Tailscale and other methods.
August 29, 20241 yr On 8/29/2024 at 1:43 PM, rabidfibersquirrel said: To access those containers you won't be able to click on to the WebGUI, but you should be able to access them by IP:Port. That's how I do it via Tailscale and other methods. I did think that may have been the issue too. I was used to this when I had the containers running through another VPN container. But even when I attempt access by IP:Port, it still doesn't work. EDIT: I decided to use the WG tunnel from Unraid to connect to my home network instead. When I access this way, rather than through the tunnel from my router, I can access the WebGUI of the other tunneled containers. Edited December 11, 20241 yr by t7br7 Updated information on how I resolved the issue.
December 11, 20241 yr My goal is to use NorthVPN at least for the qbittorrent docker, and maybe the plex docker. I'm already using CloudFlare tunnels to acces other services in my unraid. What's the best way to do that? a docker? the built-in vpn as per this guide?
December 11, 20241 yr 3 hours ago, Kedryn said: My goal is to use NorthVPN at least for the qbittorrent docker, and maybe the plex docker. I'm already using CloudFlare tunnels to acces other services in my unraid. What's the best way to do that? a docker? the built-in vpn as per this guide? Was there a particular reason you were thinking of using VPN for Plex? I have a similar setup to you. I use Cloudflare/Reverse Proxy for some external facing content (or content others want to access) but then use WG VPN for remote access to everything else. Either way, I followed the guide above and it works well. The benefit of the inbuilt WG in Unraid is the ability to auto start and not need the array running.
December 12, 20241 yr 11 hours ago, t7br7 said: Was there a particular reason you were thinking of using VPN for Plex? I have a similar setup to you. I use Cloudflare/Reverse Proxy for some external facing content (or content others want to access) but then use WG VPN for remote access to everything else. Either way, I followed the guide above and it works well. The benefit of the inbuilt WG in Unraid is the ability to auto start and not need the array running. I want to use my unraid serve as a "blackbox" being able to move it from place to place if needed. Main problem is configuring port forwarding, main solution is not having to do that using tunnels. I'm using CF for almost everything (*arr, calibre, etc. etc.), but the free tier will get picky if i start streaming videos to friends or downloading torrents, so i'm looking for another solution for those. I'll try above solution, then, thanks.
December 12, 20241 yr I've configured my WG (NorthVPN) and it's working on wg0 then i switched the "firefox" docker network to wg0 and the docker seems fine but i can't access it anymore using 172.16.0.190:3000 (172.16.0.x is my network) I also tried leaving default network ("dockernet" 172.18.0.x) and ADDING the wg0 network to the docker. I can access it, but it wont use wg0 gateway, only the default (dockernet) one. Edited December 12, 20241 yr by Kedryn
December 12, 20241 yr 9 hours ago, Kedryn said: I've configured my WG (NorthVPN) and it's working on wg0 then i switched the "firefox" docker network to wg0 and the docker seems fine but i can't access it anymore using 172.16.0.190:3000 (172.16.0.x is my network) I also tried leaving default network ("dockernet" 172.18.0.x) and ADDING the wg0 network to the docker. I can access it, but it wont use wg0 gateway, only the default (dockernet) one. I have the same firefox container in my setup. Have you tried running an IP check from the firefox container when it's connected to wg0? I usually just use "curl ifconfig.me" in the container console. Does it show an IP for your VPN? I'm just wondering if the connection is working for the container or if there is an issue somewhere.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.