Security

How to Configure and Use NordVPN on OpenWRT

By Srijani Ghosh / April 29, 2022

OpenWRT firmware-based routers use telnet protocol to connect you to the internet. If you’re using such a router, you’ve to set it up to accept the SSH connection in order to configure NordVPN on it. Moreover, the OpenWRT firmware image doesn’t include the OpenVPN package by default. So, you need to install it manually before you can run the OpenVPN client for NordVPN on your OpenWRT router. Here we’ve provided a step-by-step guide to help you perform the process from scratch and use NordVPN on OpenWRT. Have a look.

1. First, visit this IP, 192.168.1.1, to open your router's management page. 

2. Next, change the root password with the 'passwd' command to set your router to accept SSH connection. 

3. Now, run the below commands in a terminal window to install the OpenVPN package.

opkg update
opkg install openvpn-openssl
opkg install ip-full

4. Once the installation is complete, set OpenVPN to launch automatically whenever your router starts by using the following command

/etc/init.d/openvpn enable

5. Next, visit the NordVPN website.

6. Click the Grab the Deal button and choose a subscription on the next screen. 

7. Enter your complete details now and complete your purchase

8. Wait for a confirmation on your subscription next. 

9. When you get that, click here to access the configuration file of your preferred VPN server; then, click on Show available protocols under the server IP and hit Download config for TCP or UDP to save the .ovpn file locally. 

10. Next, copy the .ovpn file using WinSCP or PSCP on Windows and scp command on Linux.

11. Now, paste it to the /etc/openvpn folder on your router's filesystem. 

12. After that, you've to add the word 'secret' to the auth-user-pass string to ensure you don't have to enter your NordVPN service credentials each time OpenVPN starts.

13. The string should look like this, auth-user-pass secret.

14. You have to create a file 'secret' in the same /etc/openvpn folder; this file will contain two entries, i.e., username and password, in separate lines. 

15. You can find this username and password on your online NordVPN account dashboard; check the Service credentials under the Advanced configuration tab.

NordVPN service credentials

16. Next, configure OpenVPN by changing .ovpn extension to .conf

17. Alternatively, you can put the file name specifically in /etc/config/openvpn and use the uci command-

uci set openvpn.nordvpn=openvpn
uci set openvpn.nordvpn.enabled='1'
uci set openvpn.nordvpn.config='/etc/openvpn/al1.nordvpn.com.tcp.ovpn'
uci commit openvpn

18. The file /etc/config/openvpn will contain the following strings. 

19. Create a new firewall zone next and add the below forwarding rule from LAN to VPN

uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall

20. The file etc/config/firewall will now contain the below strings:

config zone

config forwarding

21. You've to configure the DNS servers next with the following command; use NordVPN DNS for the WAN interface of your router.

uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='103.86.96.100'
uci add_list network.wan.dns='103.86.99.100'
uci commit

22. Now, the file /etc/config/network will contain wan with the below-mentioned strings.

23. You can also add GoogleDNS with the following command:

uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
uci commit

24. Now, you have to create the file 99-prevent-leak within the folder /etc/hotplug.d/iface/ with the following script:

#!/bin/sh
if [ "$ACTION" = ifup ] && (ip a s tun0 up) && (iptables -C forwarding_rule -j REJECT); then
iptables -D forwarding_rule -j REJECT
fi
if [ "$ACTION" = ifdown ] && (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then
iptables -I forwarding_rule -j REJECT
fi

25. Once done, your VPN connection will be established, and your status will be Protected, which you can check from the top of your router's management page. 

That's all! Now you know how to configure and use NordVPN on OpenWRT. If you've further queries, drop us a comment through the below button. Thanks for reading!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari