This guide utilizes the Strongswan packages to manage the IKEv2/IPSec connection on Linux.
Don’t want to manage the VPN setup manually? Download the NordVPN app for Linux, where all you need to do is install the app, log in, and pick the server you want.
This guide covers the basic Debian based guide, however, it should work the same on other distributions.
1. First, make sure you have all the dependencies on your device. You can do that by running the following command:
sudo apt-get update && apt-get upgrade
2. Get the following packages:
sudo apt-get install strongswan-charon
3. Edit the ipsec.secrets file with your NordVPN username and password.
(Please note: copy-pasting the command may lead to issues. It would be best to type out by hand)
sudo nano /etc/ipsec.secrets
4. Change Username with your NordVPN service username, and your password with your NordVPN service password. Your password has to be wrapped inside double-quotes. Notice the spaces after Username, after “:” and after EAP.
Follow the steps below to find the service credentials for manual connection setup:
-
Log into your Nord Account, and click NordVPN.
- Scroll down to Advanced Settings and click Set up NordVPN manually.
- Select the Service credentials tab, where you'll find the Username and Password needed to connect manually.
5. Once again, use the preferred text editor to enter /etc/ipsec.conf file. Do not forget root privileges since the file is write-protected from anyone except root.
sudo nano /etc/ipsec.conf
6. The following config should be like this:
conn NordVPN
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity="USERNAME"
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=SERVER
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%SERVER
rightca="C = PA, O = NordVPN, CN = NordVPN Root CA"
type=tunnel
auto=add
Change SERVER to the hostname of the server you are going to use, and USERNAME to your NordVPN username.
Follow the steps below to find the best server for your connection:
-
Log into your Nord Account, and click NordVPN.
- Scroll down to Advanced Settings and click Set up NordVPN manually.
- Select the Server recommendation tab. According to your location, the best server will be recommended.
- By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.
For this guide, we used the US #1019 server.
right=us1019.nordvpn.com
8. Enter /etc/strongswan.d/charon/constraints.conf file.
sudo nano /etc/strongswan.d/charon/constraints.conf
Inside the file change load = yes to load = no.
9. Download the NordVPN RSA certificate.
sudo wget https://downloads.nordcdn.com/certificates/root.pem -O /etc/ipsec.d/cacerts/NordVPN.pem
10. Now let’s restart ipsec in order to reload all configuration files.
sudo ipsec restart
If you’ve made any typos in /etc/ipsec.conf file you’ll be notified when service will be trying to start.
11. After it’s done, you can connect by launching this command:
sudo ipsec up NordVPN
This command should show the output “Connection NordVPN has been established successfully”.
Note: if you are receiving No config named 'NordVPN' error after running the ipsec up NordVPN command, please refer to this article.
12. To disconnect, simply type:
sudo ipsec down NordVPN
13. If you have any issues with the setup, you can get the logs at this location and send to our support:
sudo cat /var/log/syslog