How can we help you?

Connecting from countries with internet restrictions on Linux via strongSwan

The setup:

1. Make sure you have all the required dependencies on your device. To do this, run the following command:
sudo apt-get update && apt-get upgrade

2. Next, get the following packages:
sudo apt-get install strongswan libcharon-extra-plugins libcharon-standard-plugins

Note: For Arch-based distributions and others, you might not have libcharon packages, as they are in the strongswan package. Simply run: pacman -S strongswan and that should be enough.

3. Open ipsec.secrets 

sudo nano /etc/ipsec.secrets​


4. Now, change the fields Username and your password for your NordVPN username and password.
Your password must be wrapped inside double-quotes. Also, notice the spaces after Username, “:” and EAP.
To save the changes, press CTRL+O, and then exit nano editor by pressing CTRL+X.

. Once again, use the preferred text editor to enter /etc/ipsec.conf file. Do not forget root privileges since the file is write-protected from anyone except root.

sudo nano /etc/ipsec.conf

6. Copy-paste this into the config:

conn NordVPN

Change USERNAME to your NordVPN email, SERVER_IP to the IP from the list of servers below, for example, and SERVER_HOSTNAME to the hostname of the server from the list below:

8. Enter /etc/strongswan.d/charon/constraints.conf file.
sudo nano /etc/strongswan.d/charon/constraints.conf

Inside the file change load = yes to load = no.

9. Download the NordVPN RSA certificate.
sudo wget -O /etc/ipsec.d/cacerts/NordVPN.der

sudo openssl x509 -inform der -in /etc/ipsec.d/cacerts/NordVPN.der -out /etc/ipsec.d/cacerts/NordVPN.pem

10. Now let’s restart ipsec in order to reload all configuration files.
sudo ipsec restart

If you’ve made any typos in /etc/ipsec.conf file you’ll be notified when the service will begin starting.

11. After it’s done, you can connect by launching this command:
sudo ipsec up NordVPN

This command should show the output “Connection NordVPN has been established successfully”.

12. To disconnect, simply type:
sudo ipsec down NordVPN


Changing the server:

1. Edit the file /etc/ipsec.conf:

sudo nano /etc/ipsec.conf

2. Change the right and rightid fields with ones that correspond with a different server and save the file. For example:


3. Run the commands:

sudo ipsec restart

sudo ipsec up NordVPN


Common errors and their solutions:

No config named 'NordVPN':
If you are receiving No config named 'NordVPN' error after running the ipsec up NordVPN command, please refer to this article.

Error "generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]":

1. Run the command:
sudo rm /etc/ipsec.sec*

2. Create a new ipsec.secret file using the command:
sudo nano /etc/ipsec.secrets​

3. Enter the credentials as described in the step 4 of the main guide, and save the file.

4. Run the commands:

sudo ipsec restart

sudo ipsec up NordVPN




Related Articles

© Copyright 2021 all rights reservedSelf-service byBold360