Author's Picture
Author: Joel Gray Published: 1 February 2024 Read Time: ~6 minutes

How to Install and Configure NordVPN on a Linux Server

Skip To Install Steps

Why do I need a VPN?

Virtual Private Networks (VPNs) are essential tools for enhancing your internet privacy and security, especially on servers handling sensitive data. It does this by masking your IP address, this makes internet activities more anonymous and allowing you to bypass geo-restrictions. We will go through how to install and configure NordVPN.

VPNs are commonly used for secure remote access, safeguarding data on public Wi-Fi, and bypassing internet censorship. Key strategies involve IP masking for anonymity, data encryption for security, and bypassing regional content restrictions. However, their effectiveness depends on the VPN provider’s reliability and adherence to privacy policies.

This is why I use NordVPN, it’s a popular choice due to its strong security features and it’s extensive and reliable server network.

NordVPN Benefits Gif

This is my rifle VPN. There are many like it but this one is mine

Rifleman’s Creed

Note: If you sign up to NordVPN using my affiliate link I make a small percentage, which is used to pay for and upgrade my server and website. I’ve been using NordVPN for years and I use it to protect many of my servers. I’ve never had connection issues and it’s super affordable. 10/10 for me!

How to install NordVPN

In this blog post, I’ll guide you through the process of installing and configuring NordVPN on a Linux server, specifically Debian-based and Arch Linux systems.

Note: Do not connect to NordVPN until you configure your whitelist, you risk being locked out of your server, which is not good if you don’t have physical access.

SSH into your Sever

  1. First we need to SSH into the server. We use the format ssh $USER@$SERVERIP to ssh, you should insert your own values. When I’m installing software I like to temporarily login as root until the install is complete, but a user with sudo access will do.
ssh [email protected]

Debian/Ubuntu

Download the NordVPN Package

  1. Next we need to change directories to /opt and download the .deb file. I advise you search for the latest release URL from the NordVPN Release Page but it will be something like the URL below.
cd /opt
wget -qnc https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_3.17.0_i386.deb

Install the NordVPN Package

  1. Install it using the Debian package manager. If you’ve downloaded a later version be sure to update the name of the package in this command to match yours.
sudo dpkg -i nordvpn_3.17.0_i386.deb
  1. If you get install errors we can force apt to download any missing dependencies with the following command. It can be worthwhile running this command anyway as it will have no adverse effects.
sudo apt-get install -f

Arch Linux

Install Yay Package Installer

  1. If you don’t already have Yay installed, checkout our blog on how to install yay on Arch linux.

Install the NordVPN Package

  1. Install it using Yay Aur Helper. There are a few options for installing it but I use the nordvpn-bin package as it seems to be stable.
yay -S nordvpn-bin

How to Configure NordVPN

When using NordVPN on a Linux desktop with a GUI/WM or Desktop Environment, it’s very straightforward and normally won’t mess with any network settings. However, I’ve found that when installing on a server that it can interfere with some of my services/processes. So, we’re going to address this to make sure you don’t have the same issues as me.

1: Logging into NordVPN

Logging into NordVPN

On a desktop environment you would normally use the command nordvpn login and this would give you a link to complete the sign in via your browser, clearly this isn’t possible on a server install so we need to create a log on token.

  1. Go to NordVPN.com on another device
  2. Click on ‘NordVPN’ under ‘Services’ on the left menu
  1. Scroll down and click ‘Set up NORDVPN manually’ under the ‘Manual setup’ section
  1. Click ‘Generate new token’ under the ‘Access Token’ section
  1. Select ‘Doesn’t expire’ so we don’t have to repeat this process in the future.
  2. Click ‘Generate Token’
  1. Copy the access token that appears (the token in this image was not used and has been deleted)
  1. Now we can login on our server using the token method
nordvpn login --token $YOUR_TOKEN_HERE

2: Enabling NordVPN

Enabling NordVPN on Startup

The following commands will ensure NordVPN is running, that it is enabled to start on system boot and check the current status of the NordVPN service.

sudo systemctl start nordvpnd
sudo systemctl enable nordvpnd
sudo systemctl status nordvpnd

You should see an output similar to this:

At this stage the NordVPN service is active but we are not connected to a VPN yet, configure your Whitelist before activating a VPN connection.

3: Set VPN Method

Make NordVPN use OpenVPN

NordVPN installs by default using their VPN service NordLynx, but I’ve found that making it use OpenVPN works better for me. This is an optional step.

nordvpn set technology OpenVPN

4: Whitelisting

Defining a Whitelist for NordVPN

By default NordVPN will try to route ALL your servers traffic through the VPN connection but this can cause issues with SSHing to the system or accessing exposed services. For example if you don’t enable the whitelist you may not be able to SSH into your machine anymore, and if you’re exposing services like Plex to the internet they will no longer be accessible.
So let’s whitelist some important IPs and Ports before we activate NordVPN.

  1. Allow access for all local connections – this will ensure you can access any SMBs etc. My devices are all on the same subnet I.e they have an IP in the following format: 192.168.1.X so I run the following command to allow all devices on the subnet to have access.
nordvpn whitelist add subnet 192.168.1.0/24

This will allow any devices that have an IP in the range 192.168.1.0 to 192.168.1.255 to connect.

  1. If you have different networks or subnets in your home network you can use the following command, or edit the command to match your networks needs.
nordvpn whitelist add subnet 192.168.0.0/16

This will allow any devices that have an IP in the range 192.168.0.0 to 192.168.255.255 to connect.

  1. Allow access on port 22 to prevent SSH lockout
nordvpn whitelist add port 22

5: Connect VPN

Connecting to the VPN

There’s a few ways to connect to the VPN, it can be manual or auto and based on the best connection with lowest latency or the best connection in a specific country.

  1. Manual connect

Manual connection with be closed on a reboot or if there is a service restart, you will have to run this command again to re-enable the VPN connection.

Connect to best connection anywhere:

nordvpn connect

Connect to best connection in Ireland:

nordvpn connect Ireland
  1. Auto-Connect (Recommended)

Auto-connect will enable your system to auto reconnect to the VPN network automatically following a service restart or a reboot.

Auto-connect to best connection anywhere:

nordvpn set autoconnect on

Auto-connect to best connection in Ireland:

nordvpn set autoconnect on Ireland

6: Verify Connection

Verify your connection

  1. You should test your internet connection by pinging a website and waiting for a response.
ping graycode.ie
  1. Running the nordvpn status command
nordvpn status

Troubleshooting

If you encounter issues with your connection after this please try the following:

  • Restart NordVPN Service: sudo systemctl restart nordvpnd
  • Reboot your system
  • Try steps again in case you missed something
  • Swap from NordLynx to OpenVPN: nordvpn set technology OpenVPN
  • Try changing NordVPN DNS settings: nordvpn set dns 1.1.1.1 1.0.0.1