[Instruction] Config NordVPN wireguard (Nordlynx) on OpenWrt

oochiewallie1981 · March 9, 2021, 3:46pm

I just tried that, by setting the "Create / Assign firewall-zone" value to "WAN" in the newly created "NordLynx" interface:

But that doesn't seem to do the trick (even after a reboot of my OpenWrt device): my external IP is still visible/unchanged when checking via sites like "hidemyass". Am I forgetting something?

PerkelSimon · March 9, 2021, 3:51pm

Show us your wireguard config.
/ Network.
Peer and interface setting

oochiewallie1981 · March 9, 2021, 3:54pm

Sure, here you go:

I've done everything as explained above.

oochiewallie1981 · March 9, 2021, 3:55pm

And the peers tab:

vgaetera · March 9, 2021, 3:58pm

LuCI > Network > Interfaces > NORDLYNX > Edit

Peers > Route Allowed IPs > Check

Save > Save & Apply

PerkelSimon · March 9, 2021, 3:59pm

check route allowed IPs

oochiewallie1981 · March 9, 2021, 4:14pm

That was definitely doing "something", but leaves me with a non-working internet connection after a reboot. When unchecking it again (and rebooting the router) brings the internet up again, but brings me back to the old issue. I guess the NORDLYNX bridge hasn't been configured well in that case, right?

cesarvog · March 9, 2021, 4:15pm

Take a look at Solved: nordvpn OpenWrt wireguard client. Compare the contents of your network and firewall files to the contents in section "B - Via configuration files" and post back with the results.

Since you already have the correct public/private keys (which is something they are not willing to provide at this time (I tried)), maybe this will allow you to find the cause it's not (yet) working.

PerkelSimon · March 9, 2021, 4:18pm

are you sure the endpoint port is 51820? and what about listen port?

also, your ip adresses in interface, needs CIDR notation, not?? /24, /32

oochiewallie1981 · March 9, 2021, 6:19pm

Thanks guys! That link solved my problem. Adding the dns-record to the "network" config file solved my problem. I added both NordVPN DNS servers to my NordLynx interface:

option dns '103.86.96.100 103.86.99.100'

After a reboot, everything worked fine.

I guess that was what the topic starter meant with "adding a dns"... It seems a little strange that you can't add it through the LuCI interface though...

rafaelagp · March 17, 2021, 3:50am

Thanks, @Armin, great guide!

But I'm getting different results from running the NordVPN app on my desktop machine. Having the wg tunnel in the router is giving me less speed and leaking DNS (a bunch of OpenDNS addresses). Could use some help diagnosing this, I'm not a networking guy

Here's my network config file:

 config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd6d:6172:a852::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ifname 'eth2 eth3'
        option ipaddr '192.168.1.1'

 config interface 'wan_tim'
        option ifname 'eth0'
        option proto 'pppoe'
        option password 'guest'
        option ipv6 'auto'
        option username 'guest'
        option metric '10'

 config interface 'wg_nordvpn'
        option proto 'wireguard'
        list addresses '10.5.0.2'
        option private_key 'private_key_here'
        option dns '103.86.96.100 103.86.99.100'
        option gateway '10.5.0.0'

config wireguard_wg_nordvpn
        option public_key 'public_key_here'
        option persistent_keepalive '25'
        list allowed_ips '0.0.0.0/0'
        option route_allowed_ips '1'
        option endpoint_host '209.14.0.243'

What other configs should I provide?

rafaelagp · March 17, 2021, 4:50am

Nevermind, fixed the DNS leaks. All I had to do was disable "Use DNS servers advertised by peer" on my pppoe interface.

Speed is probably just a server thing, probably need to try different ones.

Thanks again for the guide!

bmelika · March 18, 2021, 9:59pm

I am getting the below error when try to install nordvpn on Ubuntu..

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.nordcdn.com:443

When I try to access the URL direct from Firefox, I get the below error:

Secure Connection Failed

An error occurred during a connection to downloads.nordcdn.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Can anyone help?

iplaywithtoys · March 18, 2021, 10:02pm

This forum is for OpenWRT, not Ubuntu and not NordVPN. However, this link may be useful for you: https://www.google.com/search?q="OpenSSL+SSL_connect%3A+SSL_ERROR_SYSCALL"

bmelika · March 18, 2021, 10:09pm

True, but to follow the above steps I need to install NordVPN on linux.

iplaywithtoys · March 18, 2021, 10:12pm

What happens if you try to go to https://downloads.nordcdn.com/ in your web browser?

bmelika · March 18, 2021, 10:15pm

Gets the below error:

Secure Connection Failed

An error occurred during a connection to downloads.nordcdn.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.

iplaywithtoys · March 18, 2021, 10:17pm

Really? What web browser are you using? Lynx?

This is what I see in my web browser:

Regardless, it's not an OpenWRT issue.

There's both your answer and a recommendation for your next step.

bmelika · March 18, 2021, 10:19pm

Yes I see the attached response on Windows 10. For Ubuntu Firefox, the one I provided.

I am already contacting NordVPN support now. Thanks.

system · March 28, 2021, 11:26pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.