Yeah as Alfie wrote any changes NordVPN make to Wireguard need to be made public. You can ask them for a link to the source code changes they made.
Also, im not so sure its a privacy issue. Wireguard requires fixed IP addresses set for each client in the config file, IP’s internally used to identify each connected client INTERNALLY. This is not public in any way. OpenVPN also requires IP’s, but they are not statically set in the config files, they are dynamically issued on each connection, that is the main difference here. So i guess they are worried that if the Feds raid their server farm, all the config files will show all the connections to users, but that is just a poor implementation server side. If you raid an OpenVPN server farm, all the connections are still in memory until the server is shut down, they would be able to link connections in that way too. Having a server kill switch where it shuts down all processes (for OpenVPN) and an extra wipe of all configs (for Wireguard) would be better for them.
BTW you can check threads about NordVPN. They had a massive privacy leak and did not disclose about it until the hack was made public on Twitter, don’t trust them for anything.
Thanx alzhao and Johnex for your comments.
I’m not so technical to be able to have a clear picture of the implementation details of the different VPN solutions. But I understand the general meaning of what you explained.
For Johnex: thanks for your warning about NordVPN, which I use mainly to access restricted streaming services around the world, such as UK-BBC, US-TV and other public broadcasters which impose restrictions on te countries where you’re connectiong from. For my needs it’s perfect, but I understand it’s not ok when one needs strict privacy. Do you know better VPN services when privacy is the main purpose?
Cheers
The real issue with using Wireguard as a VPN is as stated earlier:
Wireguard was designed as a Point-to-Point VPN, not the traditional RoadWarrior or one server, many client configurations which are the traditional model for commercial services.
Trying to blend the P-to-P model of Wireguard with a many client-to-one server model is why NordVPN only support their own application as a connection.
There must be a way around it though. VPN Unlimited are able to offer configs for wireguard. Sure VPN Unlimited is not as big as NordVPN but they are not small either. If they could do it, then Nord definitely can do it.
Greetings community. I just registered an account a few minutes ago to be part of this topic!
Recently i talked with NordVPN chat support and also send email to their support about “Wireguard Configuration file” , for connecting Wireguard protocol manually without NordVPN app and with it’s Wireguard client.
And they said their technicians already working on it to make it possible to using WireGuard protocol servers manually; and this option will be available in near future. btw I’ve send 'em another emails related this issue and their support said i will nudge technicians to speed up the process and release it as soon as possible!
I’m not a gl-inet user. But I know it can run Openwrt. I’ve written a script to connect to Nordvpn wireguard servers. If anyone is interested pm me for details.
It’s very simple. All you need is your interface private key. If you have any linux machine, use that or jnstall a vm if you don’t have one. Get their official linux app installed. Install wireguard too. Connect to nordvpn with command:
nordvpn c
After successful connection run
ifconfig nordlynx
write down its IP address somewhere, you’ll need it later.
sudo wg show nordlynx private-key
Output of this command should be something like this:
CKMAE9LARlt2eZHgGnNaSUYiKLLkJN7f3hed/bWm5E8=
This is your private key. Write it down. The key above is just a random key for demo purposes.
Now make sure you have curl and jq installed on your router… These are needed to be able to fetch the config of NordVPN Server. If not installed, go ahead and install
opkg install curl jq
After installation enter the command below to fetch the recommended server config:
uk1818.nordvpn.com#your endpoint host
178.239.166.185 #its ip address
London #city
United Kingdom #country
K53l2wOIHU3262sX5N/5kAvCvt4r55lNui30EbvaDlE= #Server public key
10 #Server load at the time.
Now you can use the data above to configure your OpenWRT WireGuard Interface.
Now… I’m VERY new to this so apologies in advance
I’ve followed [teymur88]'s excellent instructions and used them to populate the Wireguard Client on my Brume-W
All I get is the amber light and no internet connection, Please could someone let me know where I’ve gone wrong? The Listen Port was added automatically, not by me.
Many thanks
Notice that the green connection status dot appears in the VPN sidebar. Additionally, I can see the WG WireGuard symbol on the router homepage replacing the VPN connection symbol I had before it. However, when I check my public IP, it still shows as my ISP provided IP rather than the NordLynx one I’m expecting.
I am using a GL-B1300 on firmware 3.105.
Not sure where else I can be going wrong here and any help is greatly appreciated.
That was simple enough to follow and connected first time, so thanks for that. The only thing not in the instructions which may catch some newbees out, when entering the endpoint host, remember the :51842 port at the end, so from the posted example it would be - `uk1818.nordvpn.com:51842
Just wanted to provide an update that I managed to solve my problem. The allowed IPs required CIDR notation, everything else was fine. Thank you teymur88 for your guide.
I’m finding the Wireguard connection rather hit and miss though and it can be pretty flaky at times for the services I use. During the day I’m getting performance similar if not worse than OpenVPN with speeds of around 9-18Mbps, sometimes upload barely hits 1Mbps. At night it skyrockets to 90Mbps closing in on all my available bandwidth.
