Please refer to the Tutorials page.
Yes, you can. More information about the working servers you can find at our article
We have got our own DNS servers so there should be no leak. If you still see the DNS leak, please make sure you are connected to VPN and also remove cache and cookies from your browser.
Kill switch is a technique that terminates the process when the VPN connection drops out. You can use it with our custom NordVPN software for Windows, Mac OS and iOS devices. Note: the Kill switch in the iOS app does not terminate any specific applications, instead it disables system-wide internet access if you are not connected to a VPN server. It is available in the iOS application from app version 2.2.2
The user connects to the first node where the data is encrypted. Then the encrypted data flows to the second node and gets encrypted again and only then reaches the internet. The Double VPN server list can be found at servers page.
Currently we have servers in Austria, France, the United States, the United Kingdom, Spain, the Netherlands, Italy, South Africa, Romania, Brazil, Poland, Australia, Sweden, Hong Kong, Switzerland, Russia, Lithuania, Canada, Singapore, Germany, Latvia, Albania, Belgium, Bulgaria, Costa Rica, Czech Republic, Denmark, Egypt, Estonia, Finland, Greece, Hungary, Iceland, India, Ireland, Israel, Luxembourg, Malaysia, Mexico, Moldova, New Zealand, Norway, Portugal, Romania, Slovakia, South Korea, Taiwan, Thailand, Turkey, Ukraine, Vietnam. You can find a dynamic list here.
It depends on various criteria. If you connect to the closest server you may expect around a 30% loss in bandwidth speed.
All ports are open on our servers except SMTP and Netbios for outgoing connections.
For SMTP incoming port you can alternatively use 465 or 587 ports.
Of course, since we do not provide any port-forwarding, no incoming connections can go through.
No, but we are planning to add the support of IPv6 in 2017.
A total of 6 devices can be connected with 1 NordVPN account at the same time. However, there is only one limit. If you connect devices to the same server, you must choose different protocols for the VPN connections (TCP and UDP are different protocols hence you can connect one device to TCP other to UDP). That means that a total of 4 devices can be connected to a server at once – through L2TP, PPTP, OpenVPN TCP and OpenVPN UDP. If you have two more devices at home you can connect them to another server with any two protocols.
We do not store any logs.
When you connect to NordVPN.com the ‘Tunnel” is created. This is another word for a connection between us and you. All data in this ‘Tunnel” is encrypted so that only you know the content of what is being sent. The data is encrypted to 256 Bits. This is an excellent level of security whilst maintaining good levels of performance, even on older machines and lower powered devices such as Phones and Netbooks.
Yes, you can, but you need to send us the request at firstname.lastname@example.org – please note that you might need to prove you are the owner of the account.
Please login to your Profile using your username and password. In the field “Password” enter new password and in field “Confirm password” enter confirmation password then click “Update” button. Give our system 2-3 minutes to synchronize your new password and retry with your new VPN password.
Go to Lost Password page, enter your email address and press Get New Password. You will receive an email to confirm that you want to retrieve your password. Click on the link that is in the email and you will receive another email shortly with a new password. Please login to your Profile using your new password and change the password. Please note, that you will not be able to use the received password for VPN connections.
Please fill out Contact Us form. You will receive an answer in up to 48 hours. Billing e-mails will be answered within 72 hours. Also you can email us at support(at)nordvpn.com.
At first we highly suggest you to check out our Help Center. If you did not find the required information please fill the Contact Us form. What information you should provide us?
1. Your Operating System
2. Server on which you are trying to connect. ex: vpn.nordvpn.com
3. Error name /code (screen of your error is preferable)
This will help us to understand your problem and solve your connection issue.
We have a 30-day money back guarantee policy for accounts in good standing. If you would like to test our service before you purchase it, you can always sign up for a free 3-day trial. You can find guidelines for getting the free trial here: https://nordvpn.com/free-trial/. Users who purchased our services through Apple App Store or Google Play Store cannot be refunded.
Yes, we do offer a 3-day free trial. For guidelines, visit our Help Center: https://nordvpn.com/free-trial/.
No, but you are able to pay via PayPal, BitCoins, Braintree (credit card) and Paymentwall.
Register your VPN affiliate account. You will be able to start referring people in to our site then. If you have questions contact us at: support[at]nordvpn.com
Use Contact Us form or write to support(at)nordvpn(dot)com and we will provide it. Currently, we offer dedicated IP addresses in the United States and the United Kingdom (no IPs left in the UK). Please note, that you would need to pay additionally for a dedicated IP address.
SmartTV and Apple TV does not support built-in VPN. The only way to set it up is by setting up your router with VPN. In that way your SmartTV or Apple TV will have the VPN connection from your router. Nonetheless, NordVPN will start offering smartDNS very soon.
We would recommend you to purchase a DD-WRT or Tomato compatible router and set it up with NordVPN.
Since every computer in a network is assigned with an IP address to retrieve information, all activity performed online has an IP signature. Just like your Internet Service Provider (ISP), every webpage tracks the IP address of a visitor to collect user-oriented data and this is done without the agreement of the visitor.
All kinds of user identification can be collected by tracking this IP address, and straightaway, the website can gather wide variety of information such as ISP, actual location and other information that can be stored and used respectively to the discretion of the website.
At present, search engine giants such as Google are using IP addresses as well to associate search pattern and online activity with every single user. This is being done to send more targeted ads, but with the kind of information that is being collected, it is worrying to note that Google is in a position to profile and internet user quite accurately.
Here are the instructions on how to setup your DD-WRT router with NordVPN’s configuration.
Like any route, congestion can slow what should be a fast connection to a halt. When you connect to nordvpn.com you have to go through your ISP who then connects you to us. If it happens to take a route that is either very busy or very long it means your connection will be slow. This can happen anywhere along the route although we monitor our network 24 hours a day to ensure we are not the cause.
In computer networks, proxy server acts as intermediary for queries from internet users seeking resources from other servers. User joins the proxy server, requesting some service, such as webpage, connection, file or other resource available from other server and the proxy server estimates the request as a way to control and simplify its’ complexity. Nowadays, most proxy servers facilitate the access to the content on the World Wide Web (WWW).
Proxy server has plenty of potential purposes including:
Socket Secure (SOCKS) is an Internet protocol which routes network packets between server and a client through a proxy server. In addition SOCKS5 provides authentication therefore only authorized users can access the server. SOCKS server proxies connects through TCP to a wilful IP address and provides values for UDP packets to be forwarded.
SOCKS operates at Layer5 of the Open System Interconnection reference model. It has three layers – transport layer, an intermediate layer between the presentation layer and the session layer.
SOCKS performs at a lower level that HTTP proxying: SOCKS takes advantage of handshake protocol to report the proxy software about the connection the client attempts to make and so operates as transparently as possible while an HTTP proxy could interpret and copy headers (for instance to invoke another underlying protocol, such as File Transfer Protocol (FTP). Nevertheless HTTP proxy normally forwards an HTTP request to the eligible HTTP server). Although HTTP proxy has a variant model in mind, the CONNECT method permits forwarding TCP connections. Nevertheless SOCKS proxies may work in reverse and forward UDP traffic while HTTP proxies can’t. HTTP proxies usually are more aware of the HTTP protocol and they perform higher-level filtering. However that normally only applies to POST and GET methods but not the CONNECT method.
Rob wishes to communicate with Jack over the internet, but a firewall between them operates on his network. Therefore Rob is not authorized to associate with Jack directly. Hence Rob connects to the SOCKS proxy on his network and informing SOCKS proxy about the connection he wills to make to Jack. SOCKS proxy starts a connection through the firewall and eases the communication between Rob and Jack.
Rob wishes to download a web page from Jack who runs a web server. Rob can’t directly join Jack’s server as firewall has been put on his network. To get in touch with the server Rob connects to his network HTTP proxy. His web browser communicates straight to the proxy in the same way it would communicate directly with Jack’s server if it could. It transmits a standard HTTP request header. The HTTP proxy connects to Jack’s server and then sends back to Rob any data Jack’s server returns.
An IP address is a virtual address that indicates the computer location in a network. It is used to ascribe an identity which always is unique to every computer that has internet access and it is similar to actual physical address.
Internet Protocol (IP) address is keen for data transferring between computers or networks. Due to the scope of the internet, data gathering would be almost impossible without a reference point such as unique IP address.
For example, when you browse the internet, your computer will link URL request with your IP address which will transmit the request over the internet to retrieve information. Information or the resulting data will only be sent back to the IP address that initiated the request. Accordingly, similar to a normal physical address, two IP addresses are needed for the successful transfer of data between two different systems.
An IP address can be recognized quite easily. Basic IP address contains 4 different numbers separated by dots. For example, your IP address (22.214.171.124) consists of 4 different numbers separated by 3 dots. Each computer has a unique IP address which is assigned by the Internet Service Provider. The set of 4 numbers separated by dots is an element of the Internet Protocol v4 (IPv4) and supports 32 bits.
Nevertheless, regarding to the increase in demand of IP addresses, the new Internet Protocol v6 (IPv6) is existing as well. An IPv6 address contains 8 different elements separated by a colon (:) instead of a dot. Unlike IPv4, the IPv6 version can also consist of letters and is able to provide more addresses as such a system supports up to 128 bits.
A Virtual Private Network (VPN) is network technology that secures network connection over a public network such as private network owned by a service provider or the Internet. Government agencies, large corporations and educational institutions use VPN technology to enable users securely connect to a private network.
VPN can connect multiple pages over a great distance just like Wide Area Network (WAN). VPN is often used to extend intranets worldwide to spread news and information to a wide user base. Educational institutions use VPN to associate campuses that can be spread across the country or around the world.
In order to access the private network, an internet user must be authenticated by a unique ID and password. An authentication token if mainly used to access a private network through a personal ID number (PIN) which must be entered by user. The PIN is a unique authentication code that changes in accordance with particular frequency as a rule around every 30 seconds.
There are a number of VPN protocols which are used to secure the transferring of data traffic over a public network. Each protocol differs fractionally in the way data is kept secure.
IP security (IPSec) is used to secure connection over the Internet. IPSec can use tunneling or transport mode to encrypt data traffic in a VPN. Difference between these two modes is that tunneling encrypts the entire data packet while transport mode encrypts only the message within the data packet (also known as payload). IPSec is is frequently specified as a security overlay for its’ use as a security layer for other protocols.
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) use cryptography tu secure connections over the Internet. Both protocols use a “handshake” authentication method that involves a negotiation of network parameters between server machines and the client. An authentication process involving certificates is used in order to initiate connection successfully. Certificates as cryptographic keys and they are stored on the client and the server.
Point-to-Point Tunneling Protocol (PPTP) is another tunneling protocol which is used to link a distant client to a private server over the Internet. PPTP is one of the most broadly used VPN protocol because of its’ simple configuration and upkeep. This protocol is included with Windows™ Operating System.
Layer 2 Tunneling Protocol (L2TP) is a protocol which is used to tunnel data connections traffic between two sites over the Internet. L2TP is often used together with IPSec to protect the transfer of L2TP data packets over the Internet. In this case IPSec acts as a security layer. Unlike PPTP, VPN execution using L2TP/IPSec requires the use of certificates or a shared key.
VPN technology employs complex encryption to guarantee security and stop any malicious interception of data between private websites. All traffic over VPN is encrypted using algorithms to protect data entity and privacy. VPN framework is governed by strict rules and standards to guarantee a private communication channel between sites. Corporate network admins are liable for execution and disposal of VPN, deciding the extent of a VPN and monitoring network traffic across the network firewall. A VPN administrators must constantly check the overall architecture and extent of the VPN to assure communications are kept private.
Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel with features that allow traffic to pass through firewalls that block L2TP/IPsec and PPTP traffic. SSTP provides a technology to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of Point to Point Protocol allows support for powerful authentication methods such as EAP-TLS. The use of HTTPS means that traffic will flow through TCP port 443, a port which is commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key encryption, negotiation and integrity checking.
Point-to-Point Tunneling Protocol (PPTP) is a network protocol which enables the secure transfer of data from a remote client to a private company server by creating a virtual private network across IP/TCP-based data networks. PPTP supports multi-protocol, on-demand, virtual private networking over the public networks such as the Internet.
The networking technology of Point to Point Tunelling Protocol is an extension of the remote access PPP defined in the certification by the Internet Engineering Task Force (IETF) titled “The Point to Point Protocol for the Transmission of Multi Protocol Datagrams over PP Links,” referenced to as RFC (Request For Comments) 1171. The Point to Point Tunneling Protocol is a network protocol that encapsulates PPP packets into Internet Protocol datagrams for transmission over the Internet or other public IP/TCP-based networks. PPTP can also be used in private LAN to LAN networking.
The PPTP extension of PPP is clarified in the document titled “Point to Point Tunneling Protocol ,” PPTP – ppext – draft-ietf – 00. Text – pptp. A plan of this document was submitted to the IETF in June, 1996 by the firms of the PPTP Forum, which includes Ascend Communications, Microsoft Corporation, ECI Telematics, US Robotics and3Com/Primary Access.
Layer Two Tunneling Protocol (L2TP) is an amplification of the Point to Point Tunneling Protocol (PPTP) and it is used by an Internet service provider (ISP) to approve the operation of a virtual private network (VPN) over the Internet. Layer 2 Tunneling Protocol merges the best features of two other tunneling protocols: L2F from Cisco Systems and PPTP from Microsoft. The two main component parts that make up L2TP are the the L2TP Network Server (LNS), which is the instrument that terminates and possibly authenticates the Point-to-Point Protocol stream and L2TP Access Concentrator (LAC), it is the device that physically terminates a call.
PPP defines a means of encapsulation to send multiprotocol packets over layer two (L2) point to point links. Normally, a user connects to a network access server (NAS) through dialup POTS, ADSL, ISDN, or other service and runs Point-to-Point Protocol over that connection. In this configuration, the PPP and L2 session endpoints are both on the same network access server.
L2TP uses packet-switched network connections to able the endpoints to be located on different machines. The user has a Layer 2 connection to an access concentrator, which tunnels individual Point-to-Point Protocol frames to the network access server, therefore the packets can be processed separately from the destination of the circuit termination. This indicates that the connection can close at a local circuit concentrator, eliminating all possible long-distance charges, among other benefits. There is no difference in the operation from the user’s point of view.
OpenVPN is an open source software application that executes virtual private network (VPN) techniques for producing safe site-to-site or point-to-point connections in remote access facilities and bridged or routed configurations. OpenVPN uses a custom security protocol which utilizes TLS/SSL for key exchange. It is able to traverse firewalls and network address translators (NATs). James Yonan wrote it and published it under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using username and password, certificates, or a pre-shared secret key. When used in a multi-client server configuration, it allows the server to launch an authentication certificate for every user using certificate authority and signature. It uses the OpenSSL encryption library broadly as well as TLSv1/SSLv3 protocols and consists of many control and security features.
VPN supports two types of tunneling – compulsory and voluntary. Both types of tunneling are commonly used.
In voluntary tunneling, the VPN user manages connection setup. Firstly the client makes a connection to the carrier network provider (an Internet Service Provider in the case of Internet VPNs). After this, the VPN client application creates the tunnel to a Virtual Private Network server over this live connection.
The carrier network provider manages VPN connection setup, in compulsory tunneling. When the client at first makes an ordinary connection to the carrier, the carrier in turn at once brokers a VPN connection between a VPN server and that client. From the client’s position, Virtual Private Network connections are set up in just one step while the two-step procedure required for voluntary tunnels.
Compulsory VPN tunneling authorizes clients and associates them with specific Virtual Private Network servers using logic built into the broker device and it is sometimes called the Point of Presence Server (POS), VPN Front End Processor (FEP) or Network Access Server (NAS). Compulsory tunneling hides the info of VPN server connectivity from the VPN clients and efficiently transfers management control over the tunnels from users to the ISP. In exchange, service providers must take on the additional burden of installing and maintaining FEP devices.
Virtual private network technology is based on the concept of tunneling. VPN tunneling involves generating and retaining a logical network connection (which may contain intermediate hops). On this connection, packets built in a specific VPN protocol format are encapsulated inside some other base or carrier protocol, then transmitted between server and VPN client and finally de-encapsulated on the receiving side.
For Internet-based Virtual Private Networks, packets in one of several VPN protocols are encapsulated within (IP) packets. VPN protocols also support encryption and authentication to keep the tunnels secure.
When using privacy service like NordVPN, it is very important that all of your Internet traffic originating from your machine is routed through VPN network. If any traffic is leaked outside of the VPN connection to the network, any adversary monitoring the traffic will be able to log all your activity.
Domain Name System (DNS) is used to translate domains such as www.nordvpn.com into a numerical IP addresses for instance 126.96.36.199 which are required for routing data packets on the Internet. Whenever your device contacts a server on the world wide web, such as the entered URL in your browser, your computer send a request to a DNS server for the IP address. Most of the Internet Service Providers assign their controlled DNS servers to the customers and use it for logging and recording Internet activity made by you.
Sometimes, even when connected to the VPN network, the operating system resume to use default DNS servers instead of using the anonymous DNS servers.
How to solve the DNS leak?
1. Our custom application for Windows, Mac OS X, Android and iOS has a DNS leak protection feature implemented automatically, which will prevent your DNS from leaking.
2. Use NordVPN DNS servers.
To set it go to: Windows: Control Panel → Network and Sharing Center → Change Adapter Settings → Righ-click on your ‘Local Area Connection’ and select Properties → Click on the ‘Internet Protocol Version 4 (TCP/IPv4) and selectProperties → Click on the ‘Use the following DNS server addresses’ and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your Local Area Connections!
Mac: System Preferences → Network → Choose your network device → Advanced → DNS tab and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your network devices!
Linux: Network applet → Edit Connections → Edit your network device → Ipv4 Settings → Choose Automatic (DHCP) addresses only and add DNS servers in the textbox with every server address to be separated by a comma. Please mind that you need to set DNS servers for ALL your network devices!
You can check your DNS leak at the DNS leak test webpage.
Double VPN is a security solution when the data is encrypted twice through multi-node farm. The encryption is double AES-256-CBC.
Anti DDos servers are suggested for a less interrupting connection, since they have an advanced stability checking system.
For L2TP/IPSec it is AES-256. For OpenVPN – 256 bit SSL encryption. PPTP uses MPPE-128 encryption.
UDP is mainly used for online streaming and downloading. TCP is more reliable but a little slower than UDP and usually used for web browsing.
For PPTP or L2TP connections just delete the NordVPN connection under “Network Connections” in the “Control Panel” on Windows. If you are using our custom software, simply go to C:/Program Files/NordVPN folder and run the ‘Uninstall’ file.
1723, 443 TCP and 1194 UDP ports should be open, also your firewall/router/ISP must allow pass-through for PPTP/VPN. Typical working: embedded Microsoft firewall in Windows, Linksys/D-Link/TP-Link/ASUS Router manufactured after year 2007, ADSL broadband. Typical not-working: not-Microsoft firewall, Netgear/Trend Router, all router-integrated ADSL modem. If you get error 619 with ADSL connection, please remove home router and disable not-Microsoft firewall software.
As soon as you connect to our VPN server your computer is assigned a new IP address and new DNS resolvers. Then all of your Internet traffic is encrypted and is tunneled to our VPN server. Once there, it is decrypted and allowed to travel to its intended destination. Your local ISP will only see a single encrypted data stream between you and our VPN server. Your ISP can no longer monitor, log or control your Internet usage and you can bypass your ISP restrictions.