Guide - How to Configure NordVPN on ER-X (EdgeRouterX)


Hey everyone,

Gohan here. Wanting to share something really cool with you guys.

This guide will show you how to configure your ER-X to connect to NordVPN to protect/secure/hide ALL of your traffic. At the router level.

This is super easy. and once all of the initial config is setup, you can disable and “re-enable” the VPN as needed with 2x different lines of code.

Let’s Get Started! :slight_smile:

Step 1. create a nordvpnauth.txt file (your text editor of choice will work fine)
Step 2. add your NordVPN user acct login info to the nordvpnauth.txt file.
Just like this!

Step 3. Get the NordVPN server config information from here
This is the NordVPN server selection tool. There are tons of other servers, and all you have to do is ask support for a specific one.

Step 4. Download the OpenVPN UDP Config file

once downloded, modify and add some lines.
You will modify auth-user-pass to auth-user-pass /config/openvpn/nordvpnauth.txt
and add route-nopull directly beneath that.
Save the File, and it should look like the one below.

Step 5. Use SSH to sign into your ER-X

This can be done using MobaXterm. PuttY, or your SSH client of choice.

Step 6. perform the following commands
sudo -i
cd /config/
mkdir openvpn
chmod 777 openvpn

Step 7. Copy the nordvpnauth.txt file and the
file to the /config/openvpn directory

Step 7.

Run the following commands in the SSH terminal. (You will need to make some changes to match up with your server config file, network IP Address range and subnet.)

text below for your convenience :slight_smile:

set interfaces openvpn vtun0 config-file /config/openvpn/
set interfaces openvpn vtun0 description ‘OpenVPN tunnel’
set service nat rule 5000 description ‘OpenVPN Clients’
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address
set service nat rule 5000 type masquerade
set protocols static table 1 interface-route next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description ‘traffic from to vtun0’
set firewall modify SOURCE_ROUTE rule 10 source address
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces switch switch0 firewall in modify SOURCE_ROUTE

This will add the vTun0 interface, enable it, the VPN connection, and adjust masqurade tables, along with the firewall.

Step 8. Once done, you can then go to and the top bar will say “Protected” with a new IP number.

This means the link is active! :+1:

To DELETE/Disable the vTun0 interface, please enter the command
delete interfaces openvpn vtun0”, hit enter, and then type “commit”, hit enter. and your good to go!


To Re-ADD/Enable the vTun0 interface (no need to redo all the steps) just type the 2x lines in the beginning. “set interfaces xxxxx” and then “commit” {Make sure you adjust your config-file name below!}

NOTE: By using the SAVE command, you will be saving the current “config” to the boot file.