Wireguard VPN tunneled access (updated for NordVPN)

[ronia]

Hi Everyone,

 

This is an expansion/update on these two extremely helpful guides:

 

Unfortunately, if you're like me, you didn't read either of those guides and purchased 2 years worth of NordVPN and realized that NordVPN does not provide an easy configuration file to setup your WG tunnel.  After much experimenting and failure, I believe I have found the solution to manually create the wireguard tunnel.  

 

First off, you want to follow this guide for getting your nordvpn private/public keys manually.  Note: you will need a Linux OS (an unraid VM works too.  I personally spun up a quick ubuntu instance to do just this).

 

Original guide here: https://gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3

 

But for the most part, in the comments, darki73 created a script for pulling out the relevant information.  Re-posted below for convenience:

#!/usr/env/bin bash

required_packages=()

check_if_connected() {
    if [ -n "$(nordvpn status | grep "Status: Connected")" ]; then
        return 0
    else
        return 1
    fi
}

# Check whether jq package is installed
if ! command -v jq &> /dev/null; then
    required_packages+=("jq")
fi

# Check whether wireguard package is installed
if ! command -v wg &> /dev/null; then
    required_packages+=("wireguard")
fi

# Check if curl package is installed
if ! command -v curl &> /dev/null; then
    required_packages+=("curl")
fi

# Check if nordvpn package is installed
if ! command -v nordvpn &> /dev/null; then
    required_packages+=("nordvpn")
fi

# Install missing packages required to generate the configuration file
if [ ${#required_packages[@]} -gt 0 ]; then
    sudo apt install -y "${required_packages[@]}"
fi

if ! check_if_connected; then
    nordvpn connect
fi

interface_name=$(sudo wg show | grep interface | cut -d " " -f 2)
private_key=$(sudo wg show $interface_name private-key | cut -d " " -f 2)
my_address=$(ip -f inet addr show $interface_name | grep inet | awk '{print $2}' | cut -d "/" -f 1)

api_response=$(curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1")
host=$(jq -r '.[]|.hostname' <<< $api_response)
ip=$(jq -r '.[]|.station' <<< $api_response)
city=$(jq -r '.[]|(.locations|.[]|.country|.city.name)' <<< $api_response)
country=$(jq -r '.[]|(.locations|.[]|.country|.name)' <<< $api_response)
server_public_key=$(jq -r '.[]|(.technologies|.[].metadata|.[].value)' <<< $api_response)

server_identifier=$(echo $host | cut -d "." -f 1)
configuration_file="nordvpn-$server_identifier.conf"

{
    echo "# Configuration for $host ($ip) in $city, $country"
    echo "[Interface]"
    echo "Address = $my_address"
    echo "PrivateKey = $private_key"
    echo ""
    echo "[Peer]"
    echo "PublicKey = $server_public_key"
    echo "AllowedIPs = 0.0.0.0/0"
    echo "Endpoint = $host:51820"
} > "$configuration_file"

if check_if_connected; then
    nordvpn disconnect
fi

 

You'll need to sudo apt-get all the relevant tools above.

 

To be clear: The above script/manual steps pull out the relevant information.  It does not create a useable configuration file.  That would clearly be too easy.  Specifically from this step you want:

 

- Your nordvpn private key (henceforth: private key)

- Your nordvpn public key (henceforth: public key)

- Nordvpn's public key (henceforth: public key 2)

- Nordvpn's server address (henceforth: nord server)

- Your LynxVPN IP address (henceforth: lynx IP)

 

Now you're ready to setup the tunnel.

 

1. Head over to Settings> Network Services>VPN Manager in your Unraid server.

2. Add tunnel.  (Mine became wg1).

3. Setup the interface to look something like this:

4a. Setup the peer to look something like this (for system):

4b. Setup the peer to look something like this (for dockers):

 

5. If the tunnel works you should see the handshake like above.  Also, you can sanity test by downloading the firefox docker and assigning the network type to "Custom: wg2" (or whatever wg tunnel instance).  Then you can navigate to what's my IP or other website to verify the VPN address.

 

 

Hope this helps!

[rabidfibersquirrel]

Thank you for this! I spent a few days setting up the Nordlynx container and have it working beautifully for a few Dockers now. I would like to get this rolling instead for a bit more built-innedness, in addition to facilitating remote access to my server (to include the Dockers).