How can we help you?

EdgeRouter and Ubiquiti setup with NordVPN

These instructions have been written using this EdgeRouter device: EdgeRouter ERLite-3 FW v1.9.1 and using a Linux OS.

Here are the instructions on how to setup OpenVPN connection on EdgeRouter via SSH:

  1. Create a new file on your computer and call it nordvpnauth.txt for example. Open it and type in your NordVPN Username in the first line and Password in the second line:

    username
    password
     
  2. Then go to our recommended server utility here. In the server picker, click on the Show available protocols highlight. Now download the server configuration, and it will have all the information needed for this guide.


     
  3. After downloading the server configuration, please open it, for example, uk180.nordvpn.com.udp1194.ovpn, and modify it. Change this line:

    auth-user-pass

    into

    auth-user-pass /config/openvpn/nordvpnauth.txt

    And add an additional line

    route-nopull

    and then save the file.
     
  4. Your configured file should look like this:
     

    client
    dev tun
    proto udp
    remote 81.92.202.27 1194
    resolv-retry infinite
    remote-random
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ping 15
    ping-restart 0
    ping-timer-rem
    reneg-sec 0
    comp-lzo no

    explicit-exit-notify 3

    remote-cert-tls server

    #mute 10000
    auth-user-pass /config/openvpn/nordvpnauth.txt
    route-
    nopull

    verb 3
    pull
    fast-io
    cipher AES-256-CBC
    auth SHA512

    <ca>
    -----BEGIN CERTIFICATE-----
    MIIEyjCCA7KgAwIBAgIJAIJQKnN0hrs8MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
    VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
    Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRdWsxODAubm9yZHZw
    bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
    ZHZwbi5jb20wHhcNMTcxMDMxMDk1MzA2WhcNMjcxMDI5MDk1MzA2WjCBnjELMAkG
    A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
    B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEXVrMTgwLm5vcmR2
    cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
    cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DPbQsNb
    3K5/GyVTinII66vRErSzBGAs6/9pPROhMCklLNN0SU3WKZ3bpFiD9kOncy5ovUdX
    9N2FgI2zq64DrDkrqqSwZBhJ0s+thRki1CP+S/coQRm9dmRCRWnWckj7hfQP2v6K
    JLoU9OmzNaB4AqKbz2vCK/KKzFysVIaLaOB5nEvcuQxK//3iPEesVsLFKIH3wPid
    vIU3BNPL0H4LQo575ESl68m9W8vw9Qr2QSqekMYGzCAt9foqZa949TqQdwPxPEJZ
    ipysiM7Cc/mZ715orHO8k4yLUZKAr0Gf4w6XWZZIe59geU4wFcculFAw7rgkTHjd
    ac5iQy7VIZhUOwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFOeP101ulK7VUnM4xiZd
    8kjdDQvQMIHTBgNVHSMEgcswgciAFOeP101ulK7VUnM4xiZd8kjdDQvQoYGkpIGh
    MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
    MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRdWsx
    ODAubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
    EGNlcnRAbm9yZHZwbi5jb22CCQCCUCpzdIa7PDAMBgNVHRMEBTADAQH/MA0GCSqG
    SIb3DQEBCwUAA4IBAQBPfd2qNy6cKr93lGZEjcm2ERR8Mr63q5m4BdzIOCHNq+Tf
    No/MZg0yhkwfHdCoBk1XaRPoWWnNa3ZpvnjLLHmao5rART3UAELBb6g7gxwa8i3O
    GnTOwUteYOjR1luEUfCeSXoIdrKgqjSrrE9uQzh6Qi96OA4HmGU7C6f9jA5D4S63
    z4YzcfbDsJyBFbp0ZSb9RBpgMtfsjQ+znEs3k1+1MxOIsOb8tZg/G4cdvVCnpsoz
    z4FYJJblOF0pxPt5FqHvzKXj5KIffM/lCONqvISwXSwJSgNXITBjQEAcuf9xbSyF
    HrQGe1YmVWoVh1/gDyUV8WiTBOElxG6qYZsJNcFT
    -----END CERTIFICATE-----
    </ca>
    key-direction 1
    <tls-auth>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    60172281b2188b25bcccd802ec6f62ef
    e0e896aa1461d0010c908392cf183a25
    3048c07983053ea2f0050643d31ea314
    5a34643b18f2485d5c82e5bd5d8b38b7
    c3b031239d513e128fc2d28e9293a4c6
    6c4d5ab22c4f524228c4e898b3f064f5
    ba0afb3bd1e4293311b1f3affbe66239
    051b9a4602025c34698986009be24414
    191298fad92f4ebe667b7ee71abc8f45
    c58c5f617e2d431832679cee179f5e49
    8cfb575a898f4d76a9027df7495e2286
    3882f9949add71ffcf8261f6e1a6a38b
    5821617dbbdf66f1e9084c66ca85def8
    dae83918d39f8817152dc43d74807eb7
    154716234c1caf31bb57a1cd6402d200
    e4fdc905fb183e6ebd5c9af0e54902ab
    -----END OpenVPN Static key V1-----
    </tls-auth

  5. Now access your EdgeMax router via SSH. On UNIX-like machines:

    ssh ubnt@routersIPaddress

    type in the password of your EdgeRouter.
     

  6. On Windows download this app: https://www.bitvise.com/ssh-client-download :

    win1.png

  7. Then perform these commands:

    sudo -i
    cd /config/
    mkdir openvpn
    chmod 777 openvpn
     

  8. If you're using Linux, disconnect from SSH and then copy the created files nordvpnauth.txt and uk180.nordvpn.com.udp1194.ovpn into your EdgeMax routers /config/openvpn directory via scp:

    scp nordvpnauth.txt ubnt@routersIPaddress:/config/openvpn
    scp uk180.nordvpn.com.udp1194.ovpn ubnt@routersIPaddress:/config/openvpn
     

  9. In order to copy these files into the EdgeRouter while using Windows, upload them via SFTP:

    win2.png
     

  10. Run the following commands (adjust some of the lines according to your network and file names):

    configure
    set interfaces openvpn vtun0 config-file /config/openvpn/uk180.nordvpn.com.udp1194.ovpn
    set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
    commit
    set service nat rule 5000 description 'OpenVPN Clients'
    set service nat rule 5000 log disable
    set service nat rule 5000 outbound-interface vtun0
    set service nat rule 5000 source address 192.168.1.0/24
    set service nat rule 5000 type masquerade
    commit
    set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
    set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
    set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
    set firewall modify SOURCE_ROUTE rule 10 modify table 1
    set interfaces switch switch0 firewall in modify SOURCE_ROUTE
    commit
    save

    If you are using different subnet or wish to use only for specific devices, modify 192.168.1.0/24 on all lines to your values.
     

  11. To check the connection log you can type in:

    run show log

    And scroll down till you see "Initialization Sequence Completed". That means your router is successfully connected to our service. You can also check this website to check if you are connected.

Related Articles

© Copyright 2019 all rights reservedSelf-service byNanorep