How can we help you?

EdgeRouter and Ubiquiti setup with NordVPN

Alternatively, you can use this third party tool made by our partners. This tool currently works only on Windows devices.

Here are the instructions on how to setup OpenVPN connection on EdgeRouter via SSH:

  1. Create a new file on your computer and call it nordvpnauth.txt for example. Open it and type in your NordVPN service username in the first line and NordVPN service password in the second line:

    username
    password

    You can find your NordVPN service credentials at the Nord Account dashboard. Copy the credentials using the buttons on the right.

     

  2. Then go to our recommended server utility here. In the server picker, click on the Show available protocols highlight. Now download the server configuration, and it will have all the information needed for this guide.


     
  3. After downloading the server configuration, please open it, for example, uk180.nordvpn.com.udp1194.ovpn, and modify it. Change this line:

    auth-user-pass

    into

    auth-user-pass /config/openvpn/nordvpnauth.txt

    And add an additional line

    route-nopull

    and then save the file.
     
  4. Your configured file should look like this:
     

    client
    dev tun
    proto udp
    remote 185.142.26.196 1194
    resolv-retry infinite
    remote-random
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ping 15
    ping-restart 0
    ping-timer-rem
    reneg-sec 0
    comp-lzo no

    remote-cert-tls server

    auth-user-pass /config/openvpn/nordvpnauth.txt
    route-nopull
    verb 3
    pull
    fast-io
    cipher AES-256-CBC
    auth SHA512

    <ca>
    -----BEGIN CERTIFICATE-----
    MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
    MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
    MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
    BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
    hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
    kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
    XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
    eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
    skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
    MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
    37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
    hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
    Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
    WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
    MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
    LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
    SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
    nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
    k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
    DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
    pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
    k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
    +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
    NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
    wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
    VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
    PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
    -----END CERTIFICATE-----
    </ca>
    key-direction 1
    <tls-auth>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    e685bdaf659a25a200e2b9e39e51ff03
    0fc72cf1ce07232bd8b2be5e6c670143
    f51e937e670eee09d4f2ea5a6e4e6996
    5db852c275351b86fc4ca892d78ae002
    d6f70d029bd79c4d1c26cf14e9588033
    cf639f8a74809f29f72b9d58f9b8f5fe
    fc7938eade40e9fed6cb92184abb2cc1
    0eb1a296df243b251df0643d53724cdb
    5a92a1d6cb817804c4a9319b57d53be5
    80815bcfcb2df55018cc83fc43bc7ff8
    2d51f9b88364776ee9d12fc85cc7ea5b
    9741c4f598c485316db066d52db4540e
    212e1518a9bd4828219e24b20d88f598
    a196c9de96012090e333519ae18d3509
    9427e7b372d348d352dc4c85e18cd4b9
    3f8a56ddb2e64eb67adfc9b337157ff4
    -----END OpenVPN Static key V1-----
    </tls-auth>


  5. Now access your EdgeMax router via SSH. For UNIX-like machines:

    ssh ubnt@routersIPaddress

    You will be asked to enter the password of your EdgeRouter.
     
  6. For Windows devices, download this app: https://www.bitvise.com/ssh-client-download:

    win1.png
     
  7. Then perform these commands:

    sudo -i
    cd /config/
    mkdir openvpn
    chmod 770 openvpn
     
  8. If you're using Linux, disconnect from SSH and then copy the created files nordvpnauth.txt and downloadeded .ovpn file (in this case de609.nordvpn.com.udp.ovpn into your EdgeMax router's /config/openvpn directory via SCP:

    scp nordvpnauth.txt ubnt@routersIPaddress:/config/openvpn
    scp uk180.nordvpn.com.udp1194.ovpn ubnt@routersIPaddress:/config/openvpn
     
  9. In order to copy these files into the EdgeRouter while using Windows, upload them via SFTP:

    win2.png
     
  10. Run the following commands (adjust some of the lines according to your network and file names):

    configure
    set interfaces openvpn vtun0 config-file /config/openvpn/de609.nordvpn.com.udp.ovpn
    set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
    commit
    set service nat rule 5000 description 'OpenVPN Clients'
    set service nat rule 5000 log disable
    set service nat rule 5000 outbound-interface vtun0
    set service nat rule 5000 source address 192.168.1.0/24
    set service nat rule 5000 type masquerade
    commit
    set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
    set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
    set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
    set firewall modify SOURCE_ROUTE rule 10 modify table 1
    set interfaces ethernet eth1 firewall in modify SOURCE_ROUTE
    commit
    save

    Note: in the last command, it can also be ethernet eth2 depending on the used slot for LAN cable, or switch switch0 if you are using a switch interface.

    If you are using different subnet or wish to use only for specific devices, modify 192.168.1.0/24 on all lines to your values.
     
  11. To check the connection log you can type in:

    run show log

    And scroll down till you see Initialization Sequence Completed. That means your router is successfully connected to our service. You can also check this website to check if you are connected.

Additional notes:

  • To disable a VPN, use the following commands:

    configure
    set interfaces openvpn vtun0 disable
    commit
    save

     
  • To re-enable VPN back, use the following commands:

    configure
    delete interfaces openvpn vtun0 disable
    commit
    save

     
  • To change a VPN server, simply upload a new file to your router (step 9) and use the following commands:

    configure
    set interfaces openvpn vtun0 config-file /config/openvpn/new_file.ovpn
    commit
    save

Related Articles

© Copyright 2020 all rights reservedSelf-service byNanorep