Внимание: в этом блоге могут описываться события, явления и факты при помощи ненормативной лексики. Убедитесь, что Вы готовы к этому.

четверг, 9 февраля 2017 г.

How to setup NordVPN in a more convenient way

NordVPN allows you to connect to their VPN servers using multiple devices and there are many ways to connect (L2TP, PPTP, IKEv2, OpenVPN etc). One of the best way to connect is via OpenVPN, one of the most flexible and secure protocol.

NordVPN installation instructions for Linux systems can be found here, however NM Gui is laggy as hell and proposed command like method isn't the most convenient because it's not fully automated and requires a lot of typing to change servers and / or start and turn off service.

So here's my way. I don't claim it to be most elegant, but it works for me and is certainly more comfortable.

0. Assumptions.
You have:
  • active NordVPN subscription;
  • OpenVPN, ca-certificates and ZIP installed; 
1. Getting OVPN files. Download and extract .OVPN files the same way as stated in tutorial (steps 3-7).
cd /etc/openvpn/
sudo wget  https://nordvpn.com/api/files/zip
sudo unzip zip
sudo rm zip

2. Autologin. Create pass.txt file in /etc/openvpn/ directory containing your login and pass so it will look like this:
1st line - login, 2nd line - password, make sure there are no extra symbols or spaces. You can make this file not readable for a unpriviledged user if you care about your NordVPN login and password and your environment isn't trusted.

Add a line to all extracted NordVPN files so they will get credentials from pass.txt and you won't have to type it manually. It's better to achieve with simple sed script:

sed -i 's/auth-user-pass/auth-user-pass pass.txt/' *.ovpn

3. Setup and start OpenVPN service. 

Now you need to copy content from certain .ovpn file to your openvpn.conf.
Let's say you want to connect to de101 server using UDP.

sudo cp /etc/openvpn/de101.nordvpn.com.udp1194.ovpn /etc/openvpn/openvpn.conf

After that you need to restart openvpn service so changes will apply:
sudo /etc/init.d/openvpn restart

The command above might be different for a certain Linux distros.
If everything is OK, you will be connected to de101 server.
In case if there are messages like this:
WARNING: openvpn has started, but is inactive
there's no reason to panic, it's totally OK.

4. Make sure OpenVPN daemon is started at the system boot.
It is different for every Linux distro and it's easy to find how to do that. If you're using Ubuntu chances are it will start automatically itself and you won't need to do anything at all.
For some distros like Gentoo however you will need to do:
sudo rc-update add openvpn default

5. Adding aliases.
Edit your ~/.bashrc to simply change servers using command-line aliases.

It's always better to type things like "de100" rather than typing manually a lot of letters.
So I just put things like this in my .bashrc.
For those who don't know what it is, just type this in command line:
cd ~
nano .bashrc
and add following lines after the existing content:

alias de100="sudo /etc/init.d/openvpn stop; sudo cp /etc/openvpn/de100.nordvpn.com.udp1194.ovpn /etc/openvpn/openvpn.conf; sudo /etc/init.d/openvpn start"

alias de101="sudo /etc/init.d/openvpn stop; sudo cp /etc/openvpn/de101.nordvpn.com.udp1194.ovpn /etc/openvpn/openvpn.conf; sudo /etc/init.d/openvpn start"
NOTE: it must be one single line for every alias in your .bashrc even if it looks like I pressed "enter" and broke it into 2 or 3 lines.

Those 2 lines above will add aliases to connect or reconnect to de100 and de101 servers.
And the list goes on -  just copy those lines change "de101" and "de100" to whatever you please from the server list to add more server-changing alieases for example:

alias nl11="sudo /etc/init.d/openvpn stop; sudo cp /etc/openvpn/nl11.nordvpn.com.udp1194.ovpn /etc/openvpn/openvpn.conf; sudo /etc/init.d/openvpn start"
Don't forget to control-O to save it. Changes will apply when you open a new tab in terminal.

After that you can just type de100 or nl11 (or whatever else you put in your .bashrc) in your shell and you will connect or reconnect to appropriate server.

If you're looking for more security and want to block any non-secured internet traffic, check this post.