EdgeRouter routers with EdgeOS firmware version 2.0.9 and later support long passwords and can be used to establish a connection to our servers using the OpenVPN protocol. If you are using an older version of the firmware, please update it before following this guide. Instructions on how to update the router firmware can be found on the official Ubiquiti website.
Here are the instructions on how to set up an OpenVPN connection to NordVPN servers on EdgeRouter via SSH:
1. Create a new file on your computer and call it "nordvpnauth.txt. "Open it and type in your NordVPN service username in the first line and NordVPN service password in the second line:
You can find your NordVPN service credentials through your Nord Account. Copy the credentials using the buttons on the right.
2. Go to our recommended server utility. In the server picker, click on “Show available protocols” and download the “OpenVPN UDP” server configuration file. It will have all the information needed for this guide.
3. Open the downloaded server configuration file (for example, “de978.nordvpn.com.udp1194.ovpn”) and make the following changes:
- Change the line “auth-user-pass” to “auth-user-pass /config/openvpn/nordvpnauth.txt” (without the quotation marks.)
- After “auth-user-pass /config/openvpn/nordvpnauth.txt,” insert a new line with “route-nopull” (again, without the quotation marks.)
- Save the file.
Your configured file should look like this:
4. Now access your EdgeMax router via SSH.
- For UNIX-like machines, use the command “ssh ubnt@routersIPaddress” (no quotation marks) and enter your EdgeRouter password.
- For Windows devices, download this app.
5. Then perform these commands:
chmod 770 openvpn
6. If you're using Linux, disconnect from SSH and copy the created “nordvpnauth.txt” and the downloaded “.ovpn” (in this case “de978.nordvpn.com.udp.ovpn”) files into your EdgeMax router's “/config/openvpn” directory via SCP:
scp nordvpnauth.txt ubnt@routersIPaddress:/config/openvpn
scp de978.nordvpn.com.udp1194.ovpn ubnt@routersIPaddress:/config/openvpn
To copy these files into the EdgeRouter while using Windows, upload them via SFTP. The default port for the SFTP connection is 22:
7. Use SSH again to connect to your router and run the following commands (adjusting some lines according to your network and file names):
set interfaces openvpn vtun0 config-file /config/openvpn/de978.nordvpn.com.udp.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
set service nat rule 5000 description 'OpenVPN Clients'
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.1.0/24
set service nat rule 5000 type masquerade
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces ethernet eth1 firewall in modify SOURCE_ROUTE
Note: In the last command, it can also be “ethernet eth2,” depending on which slot is used for the LAN cable, or “switch switch0” if you are using a switch interface.
If you are using a different subnet (or want to set up the connection for specific devices only), modify 192.168.1.0/24 on all lines to your values.
8. To check the connection log, type in:
run show log
Scroll down until you see “Initialization sequence completed.” That means your router has successfully connected to our service. You can also check our “What is my IP?” page to see if you are connected to NordVPN.
- To disable a VPN, use the following commands:
set interfaces openvpn vtun0 disable
- To re-enable a VPN after disabling it, use the following commands:
delete interfaces openvpn vtun0 disable
- To change your VPN server, simply upload a new file to your router (as descriptive in step 9) and use the following commands:
set interfaces openvpn vtun0 config-file /config/openvpn/new_file.ovpn