[Instruction] Config NordVPN wireguard (Nordlynx) on OpenWrt

I just tried that, by setting the "Create / Assign firewall-zone" value to "WAN" in the newly created "NordLynx" interface:


But that doesn't seem to do the trick (even after a reboot of my OpenWrt device): my external IP is still visible/unchanged when checking via sites like "hidemyass". Am I forgetting something?

Show us your wireguard config.
/ Network.
Peer and interface setting

Sure, here you go:

I've done everything as explained above.

And the peers tab:

LuCI > Network > Interfaces > NORDLYNX > Edit

  • Peers > Route Allowed IPs > Check

Save > Save & Apply

1 Like

check route allowed IPs

That was definitely doing "something", but leaves me with a non-working internet connection after a reboot. When unchecking it again (and rebooting the router) brings the internet up again, but brings me back to the old issue. I guess the NORDLYNX bridge hasn't been configured well in that case, right?

Take a look at Solved: nordvpn OpenWrt wireguard client. Compare the contents of your network and firewall files to the contents in section "B - Via configuration files" and post back with the results.

Since you already have the correct public/private keys (which is something they are not willing to provide at this time (I tried)), maybe this will allow you to find the cause it's not (yet) working.

2 Likes

are you sure the endpoint port is 51820? and what about listen port?

also, your ip adresses in interface, needs CIDR notation, not?? /24, /32

Thanks guys! That link solved my problem. Adding the dns-record to the "network" config file solved my problem. I added both NordVPN DNS servers to my NordLynx interface:

option dns '103.86.96.100 103.86.99.100'

After a reboot, everything worked fine.

I guess that was what the topic starter meant with "adding a dns"... :wink: It seems a little strange that you can't add it through the LuCI interface though...

1 Like

Thanks, @Armin, great guide!

But I'm getting different results from running the NordVPN app on my desktop machine. Having the wg tunnel in the router is giving me less speed and leaking DNS (a bunch of OpenDNS addresses). Could use some help diagnosing this, I'm not a networking guy :stuck_out_tongue:

Here's my network config file:

 config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd6d:6172:a852::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ifname 'eth2 eth3'
        option ipaddr '192.168.1.1'

 config interface 'wan_tim'
        option ifname 'eth0'
        option proto 'pppoe'
        option password 'guest'
        option ipv6 'auto'
        option username 'guest'
        option metric '10'

 config interface 'wg_nordvpn'
        option proto 'wireguard'
        list addresses '10.5.0.2'
        option private_key 'private_key_here'
        option dns '103.86.96.100 103.86.99.100'
        option gateway '10.5.0.0'

config wireguard_wg_nordvpn
        option public_key 'public_key_here'
        option persistent_keepalive '25'
        list allowed_ips '0.0.0.0/0'
        option route_allowed_ips '1'
        option endpoint_host '209.14.0.243'

What other configs should I provide?

Nevermind, fixed the DNS leaks. All I had to do was disable "Use DNS servers advertised by peer" on my pppoe interface.

Speed is probably just a server thing, probably need to try different ones.

Thanks again for the guide!

I am getting the below error when try to install nordvpn on Ubuntu..

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.nordcdn.com:443

When I try to access the URL direct from Firefox, I get the below error:

Secure Connection Failed

An error occurred during a connection to downloads.nordcdn.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Can anyone help?

This forum is for OpenWRT, not Ubuntu and not NordVPN. However, this link may be useful for you: https://www.google.com/search?q="OpenSSL+SSL_connect%3A+SSL_ERROR_SYSCALL"

True, but to follow the above steps I need to install NordVPN on linux.

What happens if you try to go to https://downloads.nordcdn.com/ in your web browser?

Gets the below error:

Secure Connection Failed

An error occurred during a connection to downloads.nordcdn.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.

Really? What web browser are you using? Lynx?

This is what I see in my web browser:

Regardless, it's not an OpenWRT issue.

There's both your answer and a recommendation for your next step.

1 Like

Yes I see the attached response on Windows 10. For Ubuntu Firefox, the one I provided.

I am already contacting NordVPN support now. Thanks.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.