How to connect to NordVPN with IKEv2/IPSec on Linux

Introduction

This guide will show you how to use StrongSwan to set up a manual IKEv2/IPSec connection to NordVPN on Linux (Debian-based, but works similarly on other distributions).

Before you start

Ensure you can log in to your Nord Account.
Make sure you can access your email account.

Here’s what to do

NOTE: If you use a different package manager, replace apt-get with the one you use.

Make sure your operating system is up-to-date with this command:
```
sudo apt-get update && sudo apt-get upgrade
```
Download the packages by running these commands in the terminal:
```
sudo apt-get install strongswan libcharon-extra-plugins 
```
NOTE: For Arch-based distributions and others, you might not have libcharon packages, as they are in the strongswan package. Therefore, run this command instead:
```
pacman -S strongswan
```
Open the “ipsec.secrets” file. NOTE: Copy-pasting the command may lead to issues. It would be best to type it out by hand.
```
sudo nano /etc/ipsec.secrets
```
Change the username and “your password” as follows:
1. Log in to your Nord Account.
2. Click “NordVPN” on the left side of the browser.
3. Click on “Set up NordVPN manually.”
4. Click "Service credentials."
5. Click "Verify email."
6. You will receive a verification code in your registered email. Type the code in.
7. Use the “Copy” button to copy the service credential username and paste it into the “Username” string.
8. Use the “Copy” button to copy the service credential password and paste it into the “Password” string. The password must be enclosed in double quotes.
  NOTE: Make sure to have a space between username, :, and EAP.
Save and open the “/etc/ipsec.conf” file with root privileges:
```
sudo nano /etc/ipsec.conf 
```

Write this into the configuration file:

conn NordVPN
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity=”Username”
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=SERVER_IP
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%SERVER_HOSTNAME
rightca=/etc/ipsec.d/cacerts/NordVPN.pem
type=tunnel
auto=add

Get your server hostname.
1. Log in to your Nord Account, and click NordVPN.
2. Scroll down to Advanced Settings and click Set up NordVPN manually.
3. Select the Server recommendation tab.
4. Next to Available protocols, select IKEv2/IPSec.
5. Copy the server hostname and use it in your config file.
Change Username to your NordVPN service credentials username from step 4. Fill in the “SERVER_IP” and “SERVER_HOSTNAME” fields with the server hostname you got in step 7. For example, us5783.nordvpn.com.
Open the “constraints.conf” file by writing this command:
```
sudo nano /etc/strongswan.d/charon/constraints.conf
```
Inside the file, change “load = yes” to “load = no”.

Download the NordVPN RSA certificate by running this command:

sudo wget https://downloads.nordcdn.com/certificates/root.pem -O /etc/ipsec.d/cacerts/NordVPN.pem

Restart “ipsec” in order to reload all configuration files:
```
sudo ipsec restart 
```
NOTE: If you have made any typos in the “/etc/ipsec.conf” file, you will be notified when the service starts.
Connect to the “NordVPN” configuration by writing:
```
sudo ipsec up NordVPN 
```
NOTE: If you connected, “ipsec” should output: “Connection NordVPN has been established successfully.” If you don’t get it and you see many “auth_fail” errors, follow these steps:
1. Remove all “ipsec.secrets” files by running:
```
sudo rm /etc/ipsec.sec*
```
2. Create a new “ipsec.secrets” file using this command:
```
sudo nano /etc/ipsec.secrets
```
3. Enter the credentials described in step 4 of the main guide and save the file.
4. Restart the “ipsec” service and try connecting again:
```
sudo ipsec restart 
```
```
sudo ipsec up NordVPN
```

Additional tips

Restart your device.
Try a different network.
Turn off any additional VPN services.

Was this article helpful?

Still having issues?

Live chat

Contact our support to solve an issue live.
Email form

Fill out an email form so we can help you with an issue.

Email us

Our Support team will get back to you within 24 hours. We’ll reply to the email address you provide.

Attach a file (Optional)

Supported formats: JPEG, PNG.

We couldn’t process your form. Please try again or come back later.

By clicking “Submit”, you agree to our Terms of Service and acknowledge our Privacy Policy.

Thank you! We've got your message and will get back to you within 24 hours.

Chat functionality relies on cookies. By starting the chat, you agree to their use. Learn more in our Cookie Policy.

{ "chatTitle": "NordVPN Support", "chatCustomText": { "actionPaymentCompleted": "Payment Completed", "actionPaymentError": "An error occurred while processing the card. Please try again or use a different card.", "actionPostbackError": "An error occurred while processing your action. Please try again.", "clickToRetry": "Message not delivered. Click to retry.", "clickToRetryForm": "Form not submitted. Click anywhere on the form to retry.", "connectNotificationText": "Sync your conversation and continue messaging us through your favorite app.", "connectNotificationSingleText": "Be notified when you get a reply.", "conversationListHeaderText": "My conversations", "conversationListRelativeTimeJustNow": "Just now", "conversationListRelativeTimeMinute": "1 minute ago", "conversationListRelativeTimeMinutes": "{value} minutes ago", "conversationListRelativeTimeHour": "1 hour ago", "conversationListRelativeTimeHours": "{value} hours ago", "conversationListRelativeTimeYesterday": "Yesterday", "conversationListTimestampFormat": "MM/DD/YY", "conversationListPreviewAnonymousText": "Someone", "conversationListPreviewCarouselText": "{user} sent a message", "conversationListPreviewFileText": "{user} sent a file", "conversationListPreviewFormText": "{user} sent a form", "conversationListPreviewFormResponseText": "{user} filled a form", "conversationListPreviewImageText": "{user} sent an image", "conversationListPreviewLocationRequestText": "{user} sent a location request", "conversationListPreviewUserText": "You", "conversationTimestampHeaderFormat": "MMMM D, h:mm A", "couldNotConnect": "Offline. You will not receive messages.", "couldNotConnectRetry": "Reconnecting...", "couldNotConnectRetrySuccess": "You're back online!", "couldNotLoadConversations": "Couldn't load conversations.", "emailChangeAddress": "Change my email", "emailDescription": "To be notified by email when you get a reply, enter your email address.", "emailFieldLabel": "Email", "emailFieldPlaceholder": "Your email address", "emailFormButton": "Submit", "emailLinkingErrorMessage": "Please submit a valid email address.", "errorPrefix": "Error:", "fetchHistory": "Load more", "fetchingHistory": "Retrieving history...", "fileTooLargeError": "Max file size limit exceeded ({size})", "fileTypeError": "Unsupported file type.", "formErrorEntryRequired": "This entry is required", "formErrorInvalidEmail": "Email is invalid", "formErrorNoLongerThan": "Must contain no more than ({characters}) characters", "formErrorNoShorterThan": "Must contain at least ({characters}) characters", "formErrorUnknown": "This doesn't look quite right", "formFieldSelectPlaceholderFallback": "Choose one...", "frontendEmailChannelDescription": "To talk to us using email just send a message to our email address and we'll reply shortly:", "headerText": "How can we help?", "imageClickToReload": "Click to reload image.", "imageClickToView": "Click to view {size} image.", "imagePreviewNotAvailable": "Preview not available.", "inputPlaceholder": "Type a message...", "inputPlaceholderBlocked": "Complete the form above...", "introAppText": "Message us below or from your favorite app.", "lineChannelDescription": "To talk to us using LINE, scan this QR code using the LINE app and send us a message.", "linkError": "An error occurred when attempting to generate a link for this channel. Please try again.", "linkChannelPageHeader": "Sync your conversation", "locationNotSupported": "Your browser does not support location services or it's been disabled. Please type your location instead.", "locationSecurityRestriction": "This website cannot access your location. Please type your location instead.", "locationSendingFailed": "Could not send location", "locationServicesDenied": "This website cannot access your location. Allow access in your settings or type your location instead.", "messageError": "An error occured while sending your message. Please try again.", "messageIndicatorTitlePlural": "({count}) New messages", "messageIndicatorTitleSingular": "({count}) New message", "messageRelativeTimeDay": "{value}d ago", "messageRelativeTimeHour": "{value}h ago", "messageRelativeTimeJustNow": "Just now", "messageRelativeTimeMinute": "{value}m ago", "messageTimestampFormat": "h:mm A", "messageDelivered": "Delivered", "messageSeen": "Seen", "messageSending": "Sending...", "messageTooLongError": "Max message size limit exceeded ({size}).", "messengerChannelDescription": "Connect your Facebook Messenger account to be notified when you get a reply and continue the conversation on Facebook Messenger.", "newConversationButtonText": "New Conversation", "notificationSettingsChannelsDescription": "Sync this conversation by connecting to your favorite messaging app to continue the conversation your way.", "notificationSettingsChannelsTitle": "Other Channels", "notificationSettingsConnected": "Connected", "notificationSettingsConnectedAs": "Connected as {username}", "prechatCaptureGreetingText": "Hi there 👋\nTo start off, we'd like to know a little bit more about you:", "prechatCaptureNameLabel": "Your name", "prechatCaptureNamePlaceholder": "Type your name...", "prechatCaptureEmailLabel": "Email", "prechatCaptureEmailPlaceholder": "name@company.com", "prechatCaptureConfirmationText": "Hi there! I’m the AI Nordbot here to assist you. How can I help you today?", "prechatCaptureMailgunLinkingConfirmation": "You'll be notified here and by email at {email} once we reply.", "sendButtonText": "Send", "settingsHeaderText": "Settings", "shareLocation": "Location", "smsBadRequestError": "We were unable to communicate with this number. Try again or use a different one.", "smsCancel": "Cancel", "smsChangeNumber": "Change my number", "smsChannelDescription": "Connect your SMS number to be notified when you get a reply and continue the conversation over SMS.", "smsChannelPendingDescription": "Check your messages at {number} to confirm your phone number.", "smsContinue": "Send", "smsInvalidNumberError": "Please submit a valid phone number.", "smsLinkCancelled": "Link to {appUserNumber} was cancelled.", "smsLinkPending": "Pending", "smsPingChannelError": "There was an error sending a message to your number.", "smsSendText": "Send me a text", "smsStartTexting": "Start Texting", "smsTooManyRequestsError": "A connection for that number was requested recently. Please try again in {minutes} minutes.", "smsTooManyRequestsOneMinuteError": "A connection for that number was requested recently. Please try again in 1 minute.", "smsUnhandledError": "Something went wrong. Please try again.", "syncConversation": "Sync conversation", "tapToRetry": "Message not delivered. Tap to retry.", "tapToRetryForm": "Form not submitted. Tap anywhere on the form to retry.", "telegramChannelDescription": "Connect your Telegram account to be notified when you get a reply and continue the conversation on Telegram", "unsupportedMessageType": "Unsupported message type.", "unsupportedActionType": "Unsupported action type.", "uploadDocument": "File", "uploadInvalidError": "Invalid file.", "uploadPhoto": "Image", "uploadVirusError": "A virus was detected in your file and it has been rejected", "viberChannelDescription": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, scan the QR code using the Viber app.", "viberChannelDescriptionMobile": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, install the Viber app and tap Connect.", "viberQRCodeError": "An error occurred while fetching your Viber QR code. Please try again.", "wechatChannelDescription": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, scan this QR code using the WeChat app.", "wechatChannelDescriptionMobile": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, save this QR code image and upload it QR code scanner.", "wechatQRCodeError": "An error occurred while fetching your WeChat QR code. Please try again.", "whatsappChannelDescriptionDesktop": "Sync your account to WhatsApp by scanning the QR code or clicking the link below.\nThen", "whatsappChannelDescriptionMobile": "Sync your account to WhatsApp by clicking the link below.\nThen", "whatsappLinkingError": "An error occurred while fetching your WhatsApp linking information. Please try again." }, "chatCustomScreenReaderAnnouncement": { "supportTyping": "{author} is typing", "supportSays": "{author} says:", "sentImage": "{author} sent an image", "sentFile": "{author} sent a file", "sentCarousel": "{author} sent a carousel", "sentLocation": "{author} sent a location" } }

How to connect to NordVPN with IKEv2/IPSec on Linux

Introduction

Before you start

Here’s what to do

Additional tips

Related articles