How to Configure and Use NordVPN on OpenWRT

OpenWRT firmware-based routers use telnet protocol to connect you to the internet. If you’re using such a router, you’ve to set it up to accept the SSH connection in order to configure NordVPN on it. Moreover, the OpenWRT firmware image doesn’t include the OpenVPN package by default. So, you need to install it manually before you can run the OpenVPN client for NordVPN on your OpenWRT router. Here we’ve provided a step-by-step guide to help you perform the process from scratch and use NordVPN on OpenWRT. Have a look.

1. First, visit this IP, 192.168.1.1, to open your router's management page. 

2. Next, change the root password with the 'passwd' command to set your router to accept SSH connection. 

3. Now, run the below commands in a terminal window to install the OpenVPN package.

opkg update
opkg install openvpn-openssl
opkg install ip-full

4. Once the installation is complete, set OpenVPN to launch automatically whenever your router starts by using the following command

/etc/init.d/openvpn enable

5. Next, visit the NordVPN website.

6. Click the Grab the Deal button and choose a subscription on the next screen. 

7. Enter your complete details now and complete your purchase

8. Wait for a confirmation on your subscription next. 

9. When you get that, click here to access the configuration file of your preferred VPN server; then, click on Show available protocols under the server IP and hit Download config for TCP or UDP to save the .ovpn file locally. 

10. Next, copy the .ovpn file using WinSCP or PSCP on Windows and scp command on Linux.

11. Now, paste it to the /etc/openvpn folder on your router's filesystem. 

12. After that, you've to add the word 'secret' to the auth-user-pass string to ensure you don't have to enter your NordVPN service credentials each time OpenVPN starts.

13. The string should look like this, auth-user-pass secret.

14. You have to create a file 'secret' in the same /etc/openvpn folder; this file will contain two entries, i.e., username and password, in separate lines. 

15. You can find this username and password on your online NordVPN account dashboard; check the Service credentials under the Advanced configuration tab.

NordVPN service credentials

16. Next, configure OpenVPN by changing .ovpn extension to .conf

17. Alternatively, you can put the file name specifically in /etc/config/openvpn and use the uci command-

uci set openvpn.nordvpn=openvpn
uci set openvpn.nordvpn.enabled='1'
uci set openvpn.nordvpn.config='/etc/openvpn/al1.nordvpn.com.tcp.ovpn'
uci commit openvpn

18. The file /etc/config/openvpn will contain the following strings. 

  • config openvpn 'nordvpn'
  • option enabled '1'
  • option config '/etc/openvpn/al1.nordvpn.com.tcp.ovpn'

19. Create a new firewall zone next and add the below forwarding rule from LAN to VPN

uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall

20. The file etc/config/firewall will now contain the below strings:

config zone

  • option name 'vpnfirewall'
  • option input 'REJECT'
  • option output 'ACCEPT'
  • option forward 'REJECT'
  • option masq '1'
  • option mtu_fix '1'
  • list network 'nordvpntun'

config forwarding

  • option src 'lan'
  • option dest 'vpnfirewall'

21. You've to configure the DNS servers next with the following command; use NordVPN DNS for the WAN interface of your router.

uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='103.86.96.100'
uci add_list network.wan.dns='103.86.99.100'
uci commit

22. Now, the file /etc/config/network will contain wan with the below-mentioned strings.

  • config interface 'wan'
  • option ifname 'eth0.2'
  • option force_link '1'
  • option proto 'dhcp'
  • option peerdns '0'
  • list dns '103.86.96.100'
  • list dns '103.86.99.100' 

23. You can also add GoogleDNS with the following command:

uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
uci commit

24. Now, you have to create the file 99-prevent-leak within the folder /etc/hotplug.d/iface/ with the following script:

#!/bin/sh
if [ "$ACTION" = ifup ] && (ip a s tun0 up) && (iptables -C forwarding_rule -j REJECT); then
iptables -D forwarding_rule -j REJECT
fi
if [ "$ACTION" = ifdown ] && (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then
iptables -I forwarding_rule -j REJECT
fi

25. Once done, your VPN connection will be established, and your status will be Protected, which you can check from the top of your router's management page. 

That's all! Now you know how to configure and use NordVPN on OpenWRT. If you've further queries, drop us a comment through the below button. Thanks for reading!

Latest
How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari