nordsecurity / nordvpn-linux Goto Github PK

Hello,
There is a hash mismatch between the Realease file and the deb package that is downloaded from your repo in the version 3.16.4.

Err:1 https://repo.nordvpn.com//deb/nordvpn/debian stable/main amd64 nordvpn amd64 3.16.4
  File has unexpected size (34258180 != 34247196). Mirror sync in progress? [IP: 104.17.49.74 443]
  Hashes of expected file:
   - SHA256:1fb171254799a76e2e8aeceff6d089c96960731e990d8d7e59050857aae9808c
   - SHA1:3540149c8b7f43f52575a8e88542087efc4741d1 [weak]
   - MD5Sum:84a09bb46796a5f5b0fb8b17f1660157 [weak]
   - Filesize:34247196 [weak]
E: Failed to fetch https://repo.nordvpn.com//deb/nordvpn/debian/pool/main/nordvpn_3.16.4_amd64.deb  File has unexpected size (34258180 != 34247196). Mirror sync in progress? [IP: 104.17.49.74 443]
   Hashes of expected file:
    - SHA256:1fb171254799a76e2e8aeceff6d089c96960731e990d8d7e59050857aae9808c
    - SHA1:3540149c8b7f43f52575a8e88542087efc4741d1 [weak]
    - MD5Sum:84a09bb46796a5f5b0fb8b17f1660157 [weak]
    - Filesize:34247196 [weak]

Actual hash sha256:

e0216756905c0aa612e5fcd84f8135e7d18fd353ae50c4d15f33ad2671e597bd  nordvpn_3.16.4_amd64.deb

Hello everyone!

I've had my RPi4 set up as a great travel router for the past year now and it has been working great, until yesterday.
I use NordVPN because this allows me to connect to their obfuscated servers using their official app.

This is what the setup looked like:
[personal device / devices] -> ethernet [RPi4 w/ NordVPN] -> Wi-Fi [ISP Router / Hotel Internet]

However, starting yesterday, I was forced to update the NordVPN app and the Raspberry Pi OS Lite because NordVPN would no longer log in (possibly depreciated due to the old version I was using), and suddenly, my set up doesn't work anymore.

In order to get it to work previously, I would set eth0 with a static IP address by:
sudo nano /etc/dhcpcd.conf
and then adding:

interface eth0
static ip_address=192.168.4.1/24

to the bottom of the file

I then would install dnsmasq and add the following code to the dnsmasq conf file

sudo apt install dnsmasq
sudo nano /etc/dnsmasq.conf
interface=eth0
listen-address=192.168.4.1   # Specify the address to listen on
#bind-interfaces                           # Bind to the interface
server=103.86.96.100                           # Use nord DNS
domain-needed                         # Don't forward short names
bogus-priv                                 # Drop the non-routed address spaces.
dhcp-range=192.168.4.3,192.168.4.20,12h # IP range and lease time

Then I would change sysctl conf to uncomment net ipv4 ip forward = 1

sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1

However, this set up doesn't seem to work anymore, and my ethernet devices, while getting the IP address assigned from the RPi4, are not connecting to the internet anymore.

I noticed after running ifconfig, that the nordvpn interface has changed from tun0 to nordtun, so I tried altering the rc.local file to say

iptables -t nat -A POSTROUTING -o nordtun -j MASQUERADE

but this still hasn't worked.
Any advice? I have been trying to get this to work again but with no luck so far!

I have tried downgrading the version of nordvpn to 3.15.5 and also rolled back the version of RPi OS to pre-bookworm version (bullseye) and I still can't get it to work.

Any advice would be greatly appreciated!

edit

Is it possible to setup multiple VPN tunnels on the same Linux host?

OS: Fedora 37 Workstation
NordVPN version: 3.16.1
Apr 13 22:20:50 meowpc nordvpnd[60508]: 2023/04/13 22:20:50 [Info] starting vpn Apr 13 22:20:51 meowpc nordvpnd[60508]: 2023/04/13 22:20:51 [nordlynx] ip link set mtu 1420 up dev nordlynx Apr 13 22:20:51 meowpc nordvpnd[60508]: 2023/04/13 22:20:51 [Info] {"type":"node","body":{"public_key":"U3dKnkOJY5P9p6kEbEDGR7+K2+4HmkKK1hTMugq2HQA=","state":"connecting","is_exit":true,"is_vpn":true,"allowed_ips":["0.0.0.0/0"],"endpoints":[{"address":"149.34.253.203:51820","primary":true}],"hostname":null,"allow_incoming_connections":false,"path":"relay"}} Apr 13 22:21:21 meowpc nordvpnd[60508]: 2023/04/13 22:21:21 [Info] {"type":"node","body":{"public_key":"U3dKnkOJY5P9p6kEbEDGR7+K2+4HmkKK1hTMugq2HQA=","state":"disconnected","is_exit":true,"is_vpn":true,"allowed_ips":["0.0.0.0/0"],"endpoints":[{"address":"149.34.253.203:51820","primary":true}],"hostname":null,"allow_incoming_connections":false,"path":"relay"}} Apr 13 22:21:21 meowpc nordvpnd[60508]: 2023/04/13 22:21:21 [Error] TELIO: telio_disconnect_from_exit_nodes: Err(NotStarted) Apr 13 22:21:21 meowpc nordvpnd[60508]: 2023/04/13 22:21:21 [Error] connected to nordlynx server but there is no internet as a result

I have tried uninstalling and reinstalling several times to ensure it was not a fluke, but the results are always the same. I am able to connect without any problems with "nordvpn c" command on v3.15.5, but if I upgrade to v3.16.0, any attempt to connect with "nordvpn c" or even a specific city results in the following error immediately upon hitting enter:

Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.

I have rebooted, logged out and back in, even completely purged nordvpn and reinstalled, but am unable to connect without that error on v3.16.0, however, every time I downgrade back to v3.15.5, it connects just fine.

I'm running Ubuntu Jammy amd64

Can nordlynx and openvpn use the same interface and same IP?
NordLynx calls the interface "nordlynx" and openvpn calls it "nordtun".

And can they have the same IP?
nordlynx is 10.5.0.2 and nordtun is 10.7.2.3

Seems a test parameter was left in the latest release - was cover really intended for the release binary?

The following generated with every exec of nordvpn:
warning: GOCOVERDIR not set, no coverage data emitted

How to do fully disable nordvpn firewall?
If I use "nordvpn set firewall 0" nordvpn iptables nordvpn rules not using in filter iptables table, but Firewall Mark using in mangle iptables table and I still must add adresses and ports to nordvpn whitelist for allow them.

I want use only system firewall (ufw) and not use nordvpn firewall

my env:
NordVPN Version 3.16.7
Ubuntu 22.04.3 LTS
Linux 5.15.0-88-generic

nordvpn settings
Technology: NORDLYNX
Firewall: disabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: disabled
Kill Switch: disabled
Threat Protection Lite: disabled
Notify: disabled
Auto-connect: disabled
IPv6: disabled
Meshnet: disabled
DNS: disabled
LAN Discovery: disabled
Allowlisted ports:
80 (TCP)
443 (TCP)
Allowlisted subnets:

ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From

80/tcp on ens3 ALLOW IN Anywhere
443/tcp on ens3 ALLOW IN Anywhere

Using 3.15, I ve been connecting to captive portals / hotspots (such Starbucks ) and then I activate nordvpn (e.g. nordvpn c us), without having to reboot my Kubuntu. e.g. when I visit Starbucks the next day.

But when I installed 3.16.x I can only connect to the captive portal the first time or after a reboot. The next day, I cannot connect to the captive portal, unless I reboot my machine. I've tried restarting the service including the Network service. Nothing seems to work. I must reboot. This happens not just at Starbuckses but also other captive portals. So for now I downgraded to 3.15.x

The steps of connecting to a portal are as follows:

1. Select wifi (E.g. Starbucks), deactivate nordvpn.
2. Click on browser (e.g. 8.8.8.8) and accept the Starbucks login agreement.
3. Connect to nordvpn c us.

What I don't understand, what does nordvpn modify that will not allow to reconnect to an captive portal unless I reboot. Any suggestions to try? Is iptables modified in some manner? Anything I should look for?

Operating System: Kubuntu 22.10
KDE Plasma Version: 5.25.5
KDE Frameworks Version: 5.98.0
Qt Version: 5.15.6
Kernel Version: 5.19.0-41-generic (64-bit)
Graphics Platform: X11
Processors: 16 × 12th Gen Intel® Core™ i7-1260P
Memory: 15.3 GiB of RAM
Graphics Processor: Mesa Intel® Graphics
Manufacturer: LG Electronics
Product Name: 14ZB90Q-G.AAC6U1
System Version: 0.1

Connecting to groups using "nordvpn connect --group <group>" seems to work for all groups except Obfuscated_Servers which returns the error "The specified group does not exist."

Tested on Linux Mint 20.3 and Ubuntu 22.04.
The problem seems to have started with version 3.14.2.

$ nordvpn settings
Technology: OPENVPN
Protocol: TCP
Firewall: enabled
Kill Switch: disabled
Threat Protection Lite: disabled
Obfuscate: enabled

$ nordvpn groups
Africa_The_Middle_East_And_India Obfuscated_Servers
Asia_Pacific The_Americas
Europe

$ nordvpn cities united_states
Atlanta Chicago Los_Angeles Miami New_York

$ man nordvpn

• Example 6. Connect to a server in a specific group and country
• $ nordvpn connect --group P2P Germany

$ nordvpn connect --group Obfuscated_Servers United_States
The specified group does not exist.

$ nordvpn connect --group Obfuscated_Servers
The specified group does not exist.

$ nordvpn connect Obfuscated_Servers
The specified server does not exist.

$ nordvpn connect Atlanta
The specified server is not available at the moment or does not support your connection settings.

However "nordvpn connect atlanta" with all lower-case letters does work in 3.16.0.

Please consider using the latest patch of 1.20 (1.20.13 as of this submission) to compile the NordVPN binaries:

stdlib:

• go1.20.1

Location:

• /usr/bin/nordfileshared
• /usr/bin/nordvpn
• /usr/sbin/nordvpnd

https://nvd.nist.gov/vuln/detail/CVE-2023-24538
https://nvd.nist.gov/vuln/detail/CVE-2023-24540

When I add ports (for example 22/ssh, 443/https) to nordvpn whitelist and connect to VPN server, whitelist's ports not work and I can not to connect to them from external network.

o/s ubuntu 20.04

I need to connect to the closest and best server in terms of ping, but the command
nordvpn connect
works randomly and connects to a random country.

my nordvpn settings

Technology: OPENVPN
Protocol: UDP
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: enabled
Kill Switch: disabled
Threat Protection Lite: disabled
Obfuscate: disabled
Notify: disabled
Auto-connect: disabled
IPv6: disabled
Meshnet: disabled
DNS: disabled

Hey,

whenever I connect or disconnect with the nordvpn cli application it does not give control back to the terminal (I've tried waiting for over 20 minutes).
However, I can try to call pkill nordvpn from another terminal, without sudo (!), so it shouldn't actually do anything, but it stops the hang and nordvpn says it is connected afterwards. Same for disconnecting.

Do you have any idea what could cause this?
I'm currently on openSUSE, however, I had the same issue under Ubuntu 22.04.

Here is a video showing the behavior:

Is this codebase also used to build the NordLayer client? Or is the NordLayer client entirely separate?

If the NordLayer client is a separate codebase, do you have plans to also open-source it?

Thanks!

I am using NordVPN on Ubuntu 22.04. Recently I got the usual message in the terminal I get when there's a new version release.
I ran the usual commands:
sudo apt update && sudo apt upgrade

And got the following error:

Get:1 https://repo.nordvpn.com//deb/nordvpn/debian stable/main amd64 nordvpn amd64 3.16.8 [34,3 MB]
Err:1 https://repo.nordvpn.com//deb/nordvpn/debian stable/main amd64 nordvpn amd64 3.16.8
  File has unexpected size (34322100 != 34312370). Mirror sync in progress? [IP: 104.19.159.190 443]
  Hashes of expected file:
   - SHA256:805b9d1a9e56ed1a686a6b3473b0ef80a25e538fd28409f1a21de5df000a9c58
   - SHA1:ee309f998d6fb87459fd77f870ae605da250539e [weak]
   - MD5Sum:42cdb3bb6cff194ea43febade989fed4 [weak]
   - Filesize:34312370 [weak]
E: Failed to fetch https://repo.nordvpn.com//deb/nordvpn/debian/pool/main/nordvpn_3.16.8_amd64.deb  File has unexpected size (34322100 != 34312370). Mirror sync in progress? [IP: 104.19.159.190 443]
   Hashes of expected file:
    - SHA256:805b9d1a9e56ed1a686a6b3473b0ef80a25e538fd28409f1a21de5df000a9c58
    - SHA1:ee309f998d6fb87459fd77f870ae605da250539e [weak]
    - MD5Sum:42cdb3bb6cff194ea43febade989fed4 [weak]
    - Filesize:34312370 [weak]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Version 3.16.0
Perpetual/non-expiring access token being deleted/revoked several times per day resulting in inability to connect to service. Requires login to NordVPN account to generate a new token to establish connection.

Version 3.15.5
No issues. Access token remains intact.

Linux: Ubuntu Ubuntu 22.04.2 LTS

There is an issue connecting to NordVPN on Fedora 37 using OpenVPN. Running:

nordvpn set technology openvpn
nordvpn connect

Results in Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.
The logs reveal:

Mar 20 13:46:04 fedora nordvpnd[28023]: 2023/03/20 13:46:04 [Info] starting vpn
Mar 20 13:46:04 fedora nordvpnd[28023]: debug: /var/lib/nordvpn/openvpn: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory
Mar 20 13:46:04 fedora nordvpnd[28023]: 2023/03/20 13:46:04 [ERROR] /var/lib/nordvpn/openvpn: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory
Mar 20 13:46:07 fedora nordvpnd[28023]: 2023/03/20 13:46:07 [Defer] exit status 127

Manually installing libnsl resolves this issue for me. Perhaps it should be added to the package dependencies.

Hello,
Thank you for maintaining nordvpn-linux.
I cross-compile nordvpn-linux with Go 1.21.6.
I successfully cross-compiled release 3.16.9.
Cross-compiling release 3.17.0 however fails with the following error:

# github.com/NordSecurity/nordvpn-linux/internal
internal/helpers.go:6:30: S (type T) does not satisfy ~[]E

I am not proficient enough in Go to determine what causes this error, let alone how to fix it.
Thank you in advance for your help with this.

Hi,

I am currently using NordVPN Linux, installed on a Ubuntu Server, as a VPN gateway/router for the devices on my network that do not have a native NordVPN app.
From version 3.16.5, the traffic is not anymore transferred through the NordVPN Linux. If I downgrade to version 3.16.3, it works again.
Any suggestions?
Thank you and regards

I've just updated to 3.16.1 and get the error below when trying to connect using nordlynx. Changing the technology setting to openvpn solves the problem. Going back to the previous version 3.15.5-1 there is no problem with nordlynx.

Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.

I was using openvpn/tcp and I switched to wireguard.
It still says:
Current protocol: TCP

I tried:
$ sudo nordvpn set protocol udp
and it said:
Protocol setting is not available when the set technology is not OpenVPN.
The "Current protocol" should be change to UDP I think or it should not be displayed when the technology is nordlynx. :-)

Cannot use NordVPN while connected to eduroam (university) even using obfuscated servers and OpenVPN technology.

It works fine at home or with phone acess point. I contacted support twice, but they couldn't resolve it. And I also don't have technical knowledge to solve.

Can I connect to the VPN by mobile phone even on the Eduroam network. (NordLYNX technology)

OS: Debian GNU/Linux 12 (bookworm)  
Kernel: 6.1.0-10-amd64 

user@debian:~$ nordvpn status
Status: Connected
Hostname: us8653.nordvpn.com
IP: 62.182.99.226
Country: United States
City: New York
Current technology: NORDLYNX
Current protocol: UDP
Transfer: 92 B received, 41.19 KiB sent
Uptime: 48 seconds

user@debian:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8200ms

user@debian:~$ sudo cat /etc/resolv.conf
# Generated by NordVPN
nameserver 103.86.96.100
nameserver 103.86.99.100

Im using eduroam.config in /var/lib/connman/eduroam.config

Will I have to do all this?

Avoiding local internet restrictions on strongSwan

The Arch Wiki has several references:
ConnMan
Domain_name_resolution
Systemd-resolved

It would be really helpful to allow assigning a node-nickname that would translate -.nord to -.nord so that the various connected peers can be easily identified by the user. Having six to ten nodes named after mountains can be confusing when I'm specifically looking for my "home file share server" but four of the servers are the same OS, and I can't see the non-meshnet IP address of the server or the hostname. (Thanks!)

setgokupikachu@127:$ nordvpn connect
Connecting to United States #9467 (us9467.nordvpn.com)
Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.
setgokupikachu@127:$ nordvpn settings
Technology: OPENVPN
Protocol: UDP
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: enabled
Kill Switch: disabled
Threat Protection Lite: enabled
Obfuscate: enabled
Notify: enabled
Auto-connect: enabled
IPv6: enabled
Meshnet: disabled
DNS: disabled
setgokupikachu@127:~$

...
Even with OpenVPN selected (that NordVPN told me to switch to before, it's not working. Also, the manual VPN option in my connection settings in the OS doesn't work either.

Debian uses systemd and systemd sends all it's output to syslog.

It's important to me, as a system administrator, to monitor syslog for any issues on a system.

The output from nordvpn is driving me crazy, though. Can we find a a way or an option to turn off 'info' and/or TELIO output? Since that was introduced most of my syslog is filled up with that.

I even created a nordvpn wrapper to suppress this:

$ cat /etc/systemd/system/nordvpnd.service.d/override.conf 
[Service]
ExecStart=
ExecStart=/usr/local/bin/nordvpnd_wrapper
$ cat /usr/local/bin/nordvpnd_wrapper 
#!/bin/sh
/usr/sbin/nordvpnd | grep -v "TELIO"

But I'm not really excited about deploying this to all my servers that I run nordvpn on.

what ports (source and destination) should be allowed in firewall for nordvpn nordlynx work in linux?

Hi, I was contributing to NordTray to add country selection support, only to find out that nordvpn countries output a list that's not usable when fed to nordvpn connect, despite the help page says otherwise. For example:

$ nordvpn c Singapore

results in The specified server is not available at the moment or does not support your connection settings. but:

$ nordvpn c sg

works. Due to this, I must hit the undocumented public API to get the country list alongside their code. I expect to get the useful list from nordvpn countries instead as I expect using an undocumented public API is kind of fragile.

The readme, in the section below the installation link, says, in the supported distros, that Arch is supported.
However, inspecting the install script and/or actually running it, there is no support for Arch (via the Pacman package manager).

Either add support (preferable) or change the readme.

Linux Mint 20.3 (bare metal), NordVPN version 3.17.0.
IPv6 is disabled on system and NordVPN app.

Technology: NORDLYNX
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: enabled
Kill Switch: enabled
Threat Protection Lite: disabled
Notify: disabled
Auto-connect: disabled
IPv6: disabled
Meshnet: disabled
DNS: disabled
LAN Discovery: disabled
Allowlisted subnets:
192.168.1.0/24

Steps to reproduce:

• connect to VPN
• visit https://dnscheck.tools/
• site correctly detects NordVPN exit IP and NordVPN DNS servers
• close browser
• suspend computer (via GUI)
• wait 5s
• wake computer
• 'nordvpn status' shows connected to the same server
• https://dnscheck.tools/ now detects the NordVPN exit IP and my ISP DNS servers

After disconnect and reconnect to VPN the NordVPN DNS servers are detected again.
Also tested with version 3.16.9 and it is working OK. I do not have the same problem when using 3.16.9, only 3.17.0 seems to be affected.

I have a Ubuntu VM for testing purposes, but I'm not able to Power-Off - Suspend from within the VM. I appealed to the Reddit community for help testing but without success.

Please let me know if more information is required. Thanks!

Hi
I know Nordvpn support split tunneling for Windows. Is it possible to support Linux as well?

Hello,

As title says, with nordlynx protocol, the connectivity check on Fedora (37) fails. It shows with a question mark inside of the wifi symbol in the status bar.

This is kept in /usr/lib/NetworkManager/conf.d/20-connectivity-fedora.conf and contains:

Enable connectivity checking for NetworkManager.
See man NetworkManager.conf.

Note that connectivity checking works badly with rp_filter set to
strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
[connectivity]
enabled=true
uri=http://fedoraproject.org/static/hotspot.txt
response=OK
interval=300

Setting enabled=false will get rid of the check (and the question mark). I guess the check does not go through wireguard. I have not been able to check with openvpn technology due to the other bug recorded on Fedora

It seems to be because rp_filter is set to "2" which I guess is "strict"

Thanks open sourcing it!

I was attempting to remote into my Raspberry Pi 4 via meshnet and was unsuccessful until I disconnected the Raspberry pi from NordVPN. In my opinion, this should not be possible.

Steps to reproduce:

Connect to NordVPN from both my Windows 11 desktop and my Raspberry Pi linux machines.

I installed ufw after connecting, for what that's worth:
sudo apt install -y ufw

Execute the following in the Raspi machine:

% sudo ufw allow ssh
% sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT

Attempt to ssh from the Windows 11 machine:
> ssh [email protected]
(times out)

Disconnect from NordVPN on the raspi machine:

% nordvpn d

(successfully disconnected)

Attempt to SSH from Windows 11 to raspi again:

> ssh [email protected]
(successfully SSH'd into raspi)

The raspi machine still has its nordlynx interface with the meshnet IP assigned to it, and the iptables appear to be unaltered after disconnecting from NordVPN (they still show the many rules applied by NordVPN).

Expected results:
Upon disconnecting from NordVPN, I should see my iptables and/or ufw rules returned to the state they were in prior to connecting to NordVPN, and the NordVPN meshnet IP address should no longer be linked to this device, much less be up and alive, and allowing remote access.

 sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     6    --  100.77.67.170        0.0.0.0/0            tcp dpt:49111 /* nordvpn */
DROP       0    --  100.77.67.170        169.254.0.0/16       /* nordvpn */
DROP       0    --  100.77.67.170        192.168.0.0/16       /* nordvpn */
DROP       0    --  100.77.67.170        172.16.0.0/12        /* nordvpn */
DROP       0    --  100.77.67.170        10.0.0.0/8           /* nordvpn */
ACCEPT     0    --  100.77.67.170        0.0.0.0/0            /* nordvpn */
ACCEPT     6    --  100.90.21.70         0.0.0.0/0            tcp dpt:49111 /* nordvpn */
DROP       0    --  100.90.21.70         169.254.0.0/16       /* nordvpn */
DROP       0    --  100.90.21.70         192.168.0.0/16       /* nordvpn */
DROP       0    --  100.90.21.70         172.16.0.0/12        /* nordvpn */
DROP       0    --  100.90.21.70         10.0.0.0/8           /* nordvpn */
ACCEPT     0    --  100.90.21.70         0.0.0.0/0            /* nordvpn */
ACCEPT     6    --  100.100.83.76        0.0.0.0/0            tcp dpt:49111 /* nordvpn */
DROP       0    --  100.100.83.76        169.254.0.0/16       /* nordvpn */
DROP       0    --  100.100.83.76        192.168.0.0/16       /* nordvpn */
DROP       0    --  100.100.83.76        172.16.0.0/12        /* nordvpn */
DROP       0    --  100.100.83.76        10.0.0.0/8           /* nordvpn */
ACCEPT     0    --  100.100.83.76        0.0.0.0/0            /* nordvpn */
ACCEPT     0    --  <REDACTED>      0.0.0.0/0            /* nordvpn */
ACCEPT     0    --  100.64.0.0/10        0.0.0.0/0            ctstate RELATED,ESTABLISHED ctorigsrc  <REDACTED> /* nordvpn */
DROP       0    --  100.64.0.0/10        0.0.0.0/0            /* nordvpn */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       0    --  100.64.0.0/10        169.254.0.0/16       /* nordvpn-exitnode-transient */
DROP       0    --  100.64.0.0/10        192.168.0.0/16       /* nordvpn-exitnode-transient */
DROP       0    --  100.64.0.0/10        172.16.0.0/12        /* nordvpn-exitnode-transient */
DROP       0    --  100.64.0.0/10        10.0.0.0/8           /* nordvpn-exitnode-transient */
ACCEPT     0    --  0.0.0.0/0            100.64.0.0/10        ctstate RELATED,ESTABLISHED /* nordvpn-exitnode-permanent */
DROP       0    --  0.0.0.0/0            100.64.0.0/10        /* nordvpn-exitnode-permanent */
DROP       0    --  100.64.0.0/10        0.0.0.0/0            /* nordvpn-exitnode-permanent */

I can only SSH into this raspi machine from my Windows 11 machine. I cannot even ping the NordVPN IP on the raspi machine from any other host besides itself and the Windows 11 machine.

Please add to the output from the 'nordvpn status' command - The current status of the meshnet should be reported as well. "Status:Disconnected" is misleading as it leads to thinking that nordvpn (and thus nordvpnd) are idle. The full output from 'nordvpn meshnet peer list' could be pared down to "Meshnet: X connections available" or the like.

I'm getting a lot these and my wifi drops out.
Is this related to nordvpn?

$ sysctl net.netfilter.nf_conntrack_max                                 
net.netfilter.nf_conntrack_max = 524288

uname -a
Linux xxxx 5.10.103+ #1529 Tue Mar 8 12:19:18 GMT 2022 armv6l GNU/Linux

$ file /usr/bin/nordvpn
/usr/bin/nordvpn: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, Go BuildID=A77UBy0ryYuKhMAtauZW/hPIExoS28CMZlu4N8Ho9/U9RlU9HbLzpRkxWXmbp-/KridFo84JH3EyZSD6NVa, BuildID[sha1]=0af7a84ffb23bb6da802f10466886e0fd096e6fe, stripped

$ cat /etc/apt/sources.list.d/nordvpn.list 
deb https://repo.nordvpn.com//deb/nordvpn/debian stable main

$ nordvpn
Segmentation fault

Installed version:

nordvpn/stable,now 3.16.9 armhf [installed]

While I see the use in notifying users of a new service that is available, Meshnet has been available for a good amount of time now so it is a little frustrating to still be notified of its existence every time I attempt to connect to NordVPN. While I know that it is possible to remove the message from cli/messages.go, that solution is hacky and only accessible to people who have the skills to be able to build from source. Instead, it would be much more user friendly to allow disabling it through a command such as 'nordvpn set meshnet-available-message disabled'.

Summary:

Notifications uses non-existing icon /var/lib/nordvpn/icon.svg

Detail:

The notify function uses the constant IconPath when sending notifications:

where IconPath is defined in constants; typically as /var/lib/nordvpn/icon.svg:

On install the icon file is copied to /usr/share/icons/hicolor/scalable/apps/nordvpn.svg :

but no link or copy is made to /var/lib/.

One could define IconPath to use the /usr/share/icons path. (Or if any other approach is better).

Quick Fix:

A quick fix for most until remedied.

sudo ln -s /usr/share/icons/hicolor/scalable/apps/nordvpn.svg /var/lib/nordvpn/icon.svg

In the nordvpnd.service file, you define both:

[Unit]
After=network-online.target
Wants=network-online.target
[Install]
WantedBy=default.target

This causes a transitive dependency of default.target (usually graphical.target) on network-online.target, meaning that the entire boot process will now wait until a network connection has been established before allowing users to log in.. I think this presents an unnecessary source of slowdown, typically 30s longer boot times on my end (laptop establishing wifi connection), and I think the situation needs to somehow be re-evaluated.

$nordvpn s autoconnect 1
when i change my computer state i am logged out or not connected to what is the reason that i
"$ nordvpn s killswitch 1 "
sys: kali
kernel version: linux 6.1.0-kali9-amd64

I have a static nameserver defined in /etc/dhcpcd.conf that is being overwritten and not being returned to /etc/resolv.conf after disconnecting from NordVPN.

Before connecting to NordVPN:

# Generated by resolvconf
nameserver 192.168.50.13

After connecting to NordVPN:

# Generated by NordVPN
nameserver 103.86.96.100
nameserver 103.86.99.100

After disconnecting from NordVPN:

# Generated by resolvconf
nameserver 103.86.96.100
nameserver 103.86.99.100

$nordvpn s autoconnect 1
when i change my computer state i am logged out or not connected to what is the reason that i
"$ nordvpn s killswitch 1 "
sys: kali
kernel version: linux 6.1.0-kali9-amd64

nordvpn autoconnect does not work

For examle I use nordvpn set autoconnect enable Germany
After system restart I have
Nov 11 11:30:05 nordvpnd[615]: 2023/11/11 11:30:05 [Error] picking servers: The specified server does not exist.
Nov 11 11:30:05 nordvpnd[615]: 2023/11/11 11:30:05 [Error] err1: | err2: The specified server does not exist.
Nov 11 11:30:05 nordvpnd[615]: 2023/11/11 11:30:05 [Warning] will retry( 8 ) auto-connect after: 35s

my env:
NordVPN Version 3.16.7
Ubuntu 22.04.3 LTS
Linux 5.15.0-88-generic

nordvpn settings
Technology: NORDLYNX
Firewall: disabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: disabled
Kill Switch: disabled
Threat Protection Lite: disabled
Notify: disabled
Auto-connect: disabled
IPv6: disabled
Meshnet: disabled
DNS: disabled
LAN Discovery: disabled
Allowlisted ports:
80 (TCP)
443 (TCP)
Allowlisted subnets:

I have VPS with public internet ipv4 address and nordvpn client. This ip assigned automatically from vps provider dhcp server.
When I connect to nordvpn server from vps, vps ip address lease time does not renew so after after ip lease time expire vps becomes unavailable from the Internet.

Only if I manualy add dhcp server or ports to nordvpn whitelist lease time prolongation works.

Can You fix this problem?

my current environment
Ubuntu 22.04.3 LTS
NordVPN 3.16.5

Hi there,
i am trying to run meshnet on a debian which runs iptables that blocks everything that is not explicitly allowed. That way, i am not able to connect my other devices via meshnet with the meshnet server running on my debian (expectable). Could you tell me, which port i do have to open for the subnet meshnet is using?

thx

Hi
Thanks for become open source. But, I know not everyone likes command line and it will be really helpful to release GUI version similar to Windows counterpart. what do you think?

Where is this message from:
nordvpnd[495]: 2023/03/26 14:09:36 quic transport needs reconnect, err: Application error 0x100 (remote)
It was in daemonlog.txt from
$ sudo journalctl -u nordvpnd > ./daemonlog.txt

I suddenly have a problem with NordVPN not connecting in several containers (or virtual machines). The latest NordVPN v3.16.3 and login works fine with token on all these containers. But will not connect (I tried several nodes).

Whoops! Connection failed. Please try again. If the problem persists, contact our customer support.

It appears as if this is a wider problem since I have it both on a Debian Bullseye Crostini LXD running on a Chromebook as well as a couple Ubuntu 22.04 Docker containers. NordVPN has been working on both of those

The Ubuntu 22.04 host system on the same network continues to work fine.

Tried both technologies

• nordvpn set technology OpenVPN (both TCP and UDP)
• nordvpn set technology NordLynx

Attached daemonlog:
daemonlog.txt