How can we help you?

Connecting from countries with internet restrictions on Linux via strongSwan

The setup:

1. Make sure you have all the required dependencies on your device. To do this, run the following command:
sudo apt-get update && apt-get upgrade


2. Next, get the following packages:
sudo apt-get install strongswan libcharon-extra-plugins libcharon-standard-plugins

Note: For Arch-based distributions and others, you might not have libcharon packages, as they are in the strongswan package. Simply run: pacman -S strongswan and that should be enough.
 

3. Open ipsec.secrets 

sudo nano /etc/ipsec.secrets​


 

4. Now, change the fields Username and your password for your NordVPN username and password.
Your password must be wrapped inside double-quotes. Also, notice the spaces after Username, “:” and EAP.
To save the changes, press CTRL+O, and then exit nano editor by pressing CTRL+X.

5
. Once again, use the preferred text editor to enter /etc/ipsec.conf file. Do not forget root privileges since the file is write-protected from anyone except root.

sudo nano /etc/ipsec.conf

6. Copy-paste this into the config:

conn NordVPN
        keyexchange=ikev2
        dpdaction=clear
        dpddelay=300s
        eap_identity="USERNAME"
        leftauth=eap-mschapv2
        left=%defaultroute
        leftsourceip=%config
        right=SERVER_IP
        rightauth=pubkey
        rightsubnet=0.0.0.0/0
        rightid=%SERVER_HOSTNAME
        rightca=/etc/ipsec.d/cacerts/NordVPN.pem
        type=tunnel
        auto=add

Change USERNAME to your NordVPN email, SERVER_IP to the IP from the list of servers below, for example 172.105.20.56, and SERVER_HOSTNAME to the hostname of the server from the list below:

8. Enter /etc/strongswan.d/charon/constraints.conf file.
sudo nano /etc/strongswan.d/charon/constraints.conf

Inside the file change load = yes to load = no.
 

9. Download the NordVPN RSA certificate.
sudo wget https://downloads.nord-help.com/certificates/root.der -O /etc/ipsec.d/cacerts/NordVPN.der

sudo openssl x509 -inform der -in /etc/ipsec.d/cacerts/NordVPN.der -out /etc/ipsec.d/cacerts/NordVPN.pem


10. Now let’s restart ipsec in order to reload all configuration files.
sudo ipsec restart

If you’ve made any typos in /etc/ipsec.conf file you’ll be notified when the service will begin starting.
 

11. After it’s done, you can connect by launching this command:
sudo ipsec up NordVPN

This command should show the output “Connection NordVPN has been established successfully”.


12. To disconnect, simply type:
sudo ipsec down NordVPN

 

Changing the server:

1. Edit the file /etc/ipsec.conf:

sudo nano /etc/ipsec.conf

2. Change the right and rightid fields with ones that correspond with a different server and save the file. For example:

right=45.79.113.73
rightid=us5733.nordvpn.com

3. Run the commands:

sudo ipsec restart

sudo ipsec up NordVPN

 

Common errors and their solutions:

No config named 'NordVPN':
If you are receiving No config named 'NordVPN' error after running the ipsec up NordVPN command, please refer to this article.
 

Error "generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]":

1. Run the command:
sudo rm /etc/ipsec.sec*

2. Create a new ipsec.secret file using the command:
sudo nano /etc/ipsec.secrets​

3. Enter the credentials as described in the step 4 of the main guide, and save the file.

4. Run the commands:

sudo ipsec restart

sudo ipsec up NordVPN

 

 

 

Related Articles

© Copyright 2021 all rights reservedSelf-service byBold360