Guide - How to Configure NordVPN on ER-X (EdgeRouterX)

beginner
guide
reference
#1

Hey everyone,

Gohan here. Wanting to share something really cool with you guys.

This guide will show you how to configure your ER-X to connect to NordVPN to protect/secure/hide ALL of your traffic. At the router level.

This is super easy. and once all of the initial config is setup, you can disable and “re-enable” the VPN as needed with 2x different lines of code.

Let’s Get Started! :slight_smile:

Step 1. create a nordvpnauth.txt file (your text editor of choice will work fine)
Step 2. add your NordVPN user acct login info to the nordvpnauth.txt file.
image
Just like this!

Step 3. Get the NordVPN server config information from here
This is the NordVPN server selection tool. There are tons of other servers, and all you have to do is ask support for a specific one.

Step 4. Download the OpenVPN UDP Config file

once downloded, modify and add some lines.
You will modify auth-user-pass to auth-user-pass /config/openvpn/nordvpnauth.txt
and add route-nopull directly beneath that.
Save the File, and it should look like the one below.

Step 5. Use SSH to sign into your ER-X

This can be done using MobaXterm. PuttY, or your SSH client of choice.

Step 6. perform the following commands
"
sudo -i
cd /config/
mkdir openvpn
chmod 777 openvpn
"

Step 7. Copy the nordvpnauth.txt file and the example.nordvpn.com.udp.ovpn
file to the /config/openvpn directory

Step 7.

Run the following commands in the SSH terminal. (You will need to make some changes to match up with your server config file, network IP Address range and subnet.)


text below for your convenience :slight_smile:

configure
set interfaces openvpn vtun0 config-file /config/openvpn/example.nordvpn.com.udp.ovpn
set interfaces openvpn vtun0 description ‘OpenVPN tunnel’
commit
set service nat rule 5000 description ‘OpenVPN Clients’
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.1.0/24
set service nat rule 5000 type masquerade
commit
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify SOURCE_ROUTE rule 10 description ‘traffic from 192.168.1.0/24 to vtun0’
set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24
set firewall modify SOURCE_ROUTE rule 10 modify table 1
set interfaces switch switch0 firewall in modify SOURCE_ROUTE
commit
save

This will add the vTun0 interface, enable it, the VPN connection, and adjust masqurade tables, along with the firewall.

Step 8. Once done, you can then go to Nordvpn.com and the top bar will say “Protected” with a new IP number.


This means the link is active! :+1:

To DELETE/Disable the vTun0 interface, please enter the command
delete interfaces openvpn vtun0”, hit enter, and then type “commit”, hit enter. and your good to go!

image

To Re-ADD/Enable the vTun0 interface (no need to redo all the steps) just type the 2x lines in the beginning. “set interfaces xxxxx” and then “commit” {Make sure you adjust your config-file name below!}

NOTE: By using the SAVE command, you will be saving the current “config” to the boot file.