Configure wireguard client to connect to NordVPN servers?

Greetings community. I just registered an account a few minutes ago to be part of this topic!

Recently i talked with NordVPN chat support and also send email to their support about “Wireguard Configuration file” , for connecting Wireguard protocol manually without NordVPN app and with it’s Wireguard client.

And they said their technicians already working on it to make it possible to using WireGuard protocol servers manually; and this option will be available in near future. btw I’ve send 'em another emails related this issue and their support said i will nudge technicians to speed up the process and release it as soon as possible!

3 Likes

nothing happened after 1 month.

the world becomes UNSTABLE, unstable in the society.

A secure line may help.

Hi there,

I’m not a gl-inet user. But I know it can run Openwrt. I’ve written a script to connect to Nordvpn wireguard servers. If anyone is interested pm me for details.

Can you share just here pls?

Hi ! Can you share the script , cant send you PM

Nope. I dropped nord and went to torguard.

It’s very simple. All you need is your interface private key. If you have any linux machine, use that or jnstall a vm if you don’t have one. Get their official linux app installed. Install wireguard too. Connect to nordvpn with command:

nordvpn c

After successful connection run

ifconfig nordlynx

write down its IP address somewhere, you’ll need it later.

sudo wg show nordlynx private-key

Output of this command should be something like this:

CKMAE9LARlt2eZHgGnNaSUYiKLLkJN7f3hed/bWm5E8=

This is your private key. Write it down. The key above is just a random key for demo purposes.

Now make sure you have curl and jq installed on your router… These are needed to be able to fetch the config of NordVPN Server. If not installed, go ahead and install

opkg install curl jq

After installation enter the command below to fetch the recommended server config:

curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"|jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'

Output:

uk1818.nordvpn.com #your endpoint host
178.239.166.185 #its ip address
London #city
United Kingdom #country
K53l2wOIHU3262sX5N/5kAvCvt4r55lNui30EbvaDlE= #Server public key
10 #Server load at the time.

Now you can use the data above to configure your OpenWRT WireGuard Interface.

2 Likes

Now… I’m VERY new to this so apologies in advance
I’ve followed [teymur88]'s excellent instructions and used them to populate the Wireguard Client on my Brume-W


All I get is the amber light and no internet connection, Please could someone let me know where I’ve gone wrong? The Listen Port was added automatically, not by me.
Many thanks

You need to set the DNS to something for the internet to work. Without it, only connections to other devices in the VPN network will work.

Try setting it to 1.1.1.1 or 8.8.8.8

I’ve been watching this thread on and off last year and just gave teymur88’s instructions a try myself.

Along with clues from Ades and Johnex posts, I’ve gotten a little further with the settings attached.

Notice that the green connection status dot appears in the VPN sidebar. Additionally, I can see the WG WireGuard symbol on the router homepage replacing the VPN connection symbol I had before it. However, when I check my public IP, it still shows as my ISP provided IP rather than the NordLynx one I’m expecting.

I am using a GL-B1300 on firmware 3.105.

Not sure where else I can be going wrong here and any help is greatly appreciated.

That was simple enough to follow and connected first time, so thanks for that. The only thing not in the instructions which may catch some newbees out, when entering the endpoint host, remember the :51842 port at the end, so from the posted example it would be - `uk1818.nordvpn.com:51842

Just wanted to provide an update that I managed to solve my problem. The allowed IPs required CIDR notation, everything else was fine. Thank you teymur88 for your guide.

I’m finding the Wireguard connection rather hit and miss though and it can be pretty flaky at times for the services I use. During the day I’m getting performance similar if not worse than OpenVPN with speeds of around 9-18Mbps, sometimes upload barely hits 1Mbps. At night it skyrockets to 90Mbps closing in on all my available bandwidth.

Curious of other people’s findings.

I’ve tried a few speedtests and seem to be pretty stable in the 30-40Mbit range.

There are numerous servers, could you be on a congested server? May be worth going through the process again using a different server.

Shouldn’t that be 51820.

Cheers.

Yes, you’re right, port 51820. Don’t know where I got the 51842 from

awesome info teymur88, all was going well until i tried to execute the command “sudo wg show nordlynx private-key” i got the message saying “Unable to access interface: Protocol not supported” if i type in ifconfig it shows nordlynx as an interface, do i need to configure wireguard on linux before it will work at all ?, not that clued up with this i do appologise, i’m running nordvpn version 3.8.10 on ubuntu 18.04 and wireguard-tools v1.0.20200513, i tried getting the private key on an ubuntu 20.10 virtual machine as well to no joy either got the same “Unable to access interface: Protocol not supported” fault. any assistance on this would be greatly appreciated really anxious to get the wireguard/nordlynx protocol running on my gl-mt300n router, openvpn client is rather slow :-(. also is it necessary to have a listening port set on the configuration and if so what do i set it too ? i seen the 2 screenshots above have different set values. thanks

@PigletKing i think you have to install wireguard within Ubuntu at first (sudo apt install wireguard), after that the command works.

@teymur88 thank you very much for the instruction, but after i adjust the parameter i haven’t a connection to the Internet.

To clarify i do step by step the following:

  1. IP-Adress: i get this with the command “ifconfig nordlynx” from inet(?)
  2. Private Key: is showing by “sudo wg show nordlynx private-key
  3. DNS: 1.1.1.1 or 8.8.8.8
  4. Public Key: I get this with “curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"|jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'
  5. Endpoint: Also from the same “curl ...” command above “*.nordvpn.com” & “:51820” on the end
  6. Allowed IPs: 0.0.0.0

@cvgt6: What do you mean with CIDR notation relating to the allowed IPs?

Is there something i missed or confuse?

Thanks for your help!

Greetings,
Pad

Hi,

Allowed ips should be everything: 0.0.0.0/0

Teymur

Hi,

Please install wireguard properly for your linux distro.

WireGuard Installation

Teymur