How can we help you?

EdgeRouter and Ubiquiti setup with NordVPN

EdgeRouter routers with EdgeOS firmware version 2.0.9 and later support long passwords and can be used to establish a connection to our servers using the OpenVPN protocol. If you are using an older version of the firmware, please update it before following this guide. Instructions on how to update the router firmware can be found on the official Ubiquiti website.

Here are the instructions on how to set up an OpenVPN connection to NordVPN servers on EdgeRouter via SSH:

1. Create a new file on your computer and call it "nordvpnauth.txt. "Open it and type in your NordVPN service username in the first line and NordVPN service password in the second line:

username
password

You can find your NordVPN service credentials through your Nord Account. Copy the credentials using the buttons on the right.To set up NordVPN on EdgeRouter or Ubiquiti, you will need your credentials from your Nord Account

2. Go to our recommended server utility. In the server picker, click on “Show available protocols” and download the “OpenVPN UDP” server configuration file. It will have all the information needed for this guide.
NordVPN’s recommended server utility lets you download server configuration files for VPN protocols

3. Open the downloaded server configuration file (for example, “de978.nordvpn.com.udp1194.ovpn”) and make the following changes:

  • Change the line “auth-user-pass” to “auth-user-pass /config/openvpn/nordvpnauth.txt” (without the quotation marks.)
  • After “auth-user-pass /config/openvpn/nordvpnauth.txt,” insert a new line with “route-nopull” (again, without the quotation marks.)
  • Save the file.

Your configured file should look like this:

client
dev tun
proto udp
remote 5.180.62.90 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass /config/openvpn/nordvpnauth.txt
route-nopull

verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>

4. Now access your EdgeMax router via SSH.

  • For UNIX-like machines, use the command “ssh ubnt@routersIPaddress” (no quotation marks) and enter your EdgeRouter password.
  • For Windows devices, download this app.

 In the downloaded SSH client, enter your username and click “Log in” to access your router
 

5. Then perform these commands:

sudo -i
cd /config/
mkdir openvpn
chmod 770 openvpn

6. If you're using Linux, disconnect from SSH and copy the created “nordvpnauth.txt” and the downloaded “.ovpn” (in this case “de978.nordvpn.com.udp.ovpn”) files into your EdgeMax router's “/config/openvpn” directory via SCP:

scp nordvpnauth.txt ubnt@routersIPaddress:/config/openvpn
scp de978.nordvpn.com.udp1194.ovpn ubnt@routersIPaddress:/config/openvpn

To copy these files into the EdgeRouter while using Windows, upload them via SFTP. The default port for the SFTP connection is 22:

To continue NordVPN setup for EdgeRouter or Ubiquiti, upload the configuration files using SFTP

7. Use SSH again to connect to your router and run the following commands (adjusting some lines according to your network and file names):

configure
set interfaces openvpn vtun0 config-file /config/openvpn/de978.nordvpn.com.udp.ovpn
set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'
commit
set service nat rule 5000 description 'OpenVPN Clients'
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.1.0/24
set service nat rule 5000 type masquerade
commit
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces ethernet eth1 firewall in modify SOURCE_ROUTE
commit
save

Note: In the last command, it can also be “ethernet eth2,” depending on which slot is used for the LAN cable, or “switch switch0” if you are using a switch interface.

If you are using a different subnet (or want to set up the connection for specific devices only), modify 192.168.1.0/24 on all lines to your values.

8. To check the connection log, type in:

run show log

Scroll down until you see “Initialization sequence completed.” That means your router has successfully connected to our service. You can also check our “What is my IP?” page to see if you are connected to NordVPN.

 

 

Additional notes:

  • To disable a VPN, use the following commands:

    configure
    set interfaces openvpn vtun0 disable
    commit
    save
     
  • To re-enable a VPN after disabling it, use the following commands:

    configure
    delete interfaces openvpn vtun0 disable
    commit
    save
     
  • To change your VPN server, simply upload a new file to your router (as descriptive in step 9) and use the following commands:

    configure
    set interfaces openvpn vtun0 config-file /config/openvpn/new_file.ovpn
    commit
    save

 

Related Articles
© Copyright 2022 all rights reservedSelf-service by