Please refer to the Tutorials page.
Yes, you can. For more information about the servers compatible with P2P, see our article.
We have got our own DNS servers so there should be no leaks. If you still experience a DNS leak, please make sure you are connected to VPN and clean the cache and cookies from your browser.
Kill Switch is a technology that terminates a process when the VPN connection drops. You can use it with our custom NordVPN software for Windows, macOS and iOS devices.
Note: The Kill Switch in the iOS app does not terminate any specific applications; instead, it disables the system-wide Internet access if you are not connected to a VPN server. It is available in NordVPN for iOS 2.2.2 or later.
Double VPN is a security solution when the data is encrypted twice through a multi-node farm. The encryption is double AES-256-CBC. The user connects to the first node, where the data is encrypted. Then the secured data travels to the second node, gets encrypted again and only then reaches the Internet.
Currently we have servers in Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Costa Rica, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, India, Ireland, Israel, Italy, Latvia, Luxembourg, Malaysia, Mexico, Moldova, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Russia, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Ukraine, the United Kingdom, the United States, and Vietnam. You can find a dynamic list here.
It depends on various criteria. If you connect to the closest server, you may expect around 30% loss in bandwidth speed.
All ports are open on our servers, except SMTP and Netbios for outgoing connections. For the SMTP incoming port, you can alternatively use ports 465 or 587. Of course, since we do not provide any port-forwarding, no incoming connections can go through.
No, but we are planning to add the support of IPv6 in 2018.
A total of 6 devices can be connected with one NordVPN account at the same time. However, there is one limitation. If you connect multiple devices to the same server, you must choose different protocols for the VPN connections (TCP and UDP are different protocols, so you can connect one device to TCP and the other to UDP). That means a total of 3 devices can be connected to the same server at once – through IKEv2, OpenVPN TCP and OpenVPN UDP. If you have three more devices at home, you can connect them to another server – again, with different protocols.
We do not store any logs.
When you connect to NordVPN, a VPN “tunnel” is created. This is another word for a connection between you and our server. All data in this ‘’tunnel” is encrypted so that only you know the content of what is being sent. The data is encrypted with a 256-Bit key. This is an excellent level of security that allows maintaining good levels of performance, even on older machines and lower powered devices such as phones and netbooks.
Yes, you can, but you will have to send us a request at support(at)nordvpn(dot)com. Please note that you might need to prove you are the owner of the account.
Please log in to your profile using your username and password. Click the Change Password tab and type your current password. Then enter the new password and repeat it in the next field. Click the Update button and give our system 2-3 minutes to synchronize your new password before trying to sign in.
Go to the Lost Password page, enter your email address and press Get New Password. You will receive an email to confirm that you want to retrieve your password. Click the link in the email, and you will shortly receive another email with a temporary password. Please log in to your profile using your temporary password and choose a new password. Please note that you will not be able to use the temporary password for VPN connections.
You can do that from our Contact Us page. There you can search our smart Help Center for an answer or directly email us at support(at)nordvpn(dot)com. You will receive an answer within 48 hours. Billing emails will be answered within 72 hours.
This will help us understand your problem and solve your connection issue.
We have a 30-day money-back guarantee policy for accounts in good standing. If you would like to test our service before you purchase it, you can always sign up for a free 3-day trial. You can find guidelines for getting the free trial here. Users who purchased our services through the Apple App Store cannot be refunded.
No, but you are able to pay via PayPal, Braintree (credit card), Paymentwall and crypto currencies.
Register your VPN affiliate account. You will be able to start referring people to our site then. If you have any questions, contact us at support(at)nordvpn(dot)com.
Send us an email to support(at)nordvpn(dot)com, and we will provide it. We currently offer dedicated IP addresses in the United States (Buffalo, NY; Los Angeles, CA; Dallas, TX; Matawan, NJ), Germany (Frankfurt), the United Kingdom (London), and the Netherlands (Amsterdam). Please note that you would need to pay extra for a dedicated IP address.
Smart TV and Apple TV do not support built-in VPN. The only way to set it up is by configuring VPN on your router. That way, your smart TV or Apple TV will get the VPN connection from your router.
We would recommend you to purchase DD-WRT or Tomato-compatible router and set it up with NordVPN.
Since every computer on a network is assigned with an IP address to retrieve information, all activity performed online has an IP signature. Just like your Internet Service Provider (ISP), every webpage tracks the IP addresses of their visitors to collect user-oriented data, and this is done without the agreement of the visitors.
All kinds of user identification can be collected by tracking IP addresses. For example, a website can gather information such as user’s ISP, actual location and other data that can be stored and used at the discretion of the website owners.
At present, search engine giants such as Google use IP addresses as well to associate a search pattern and online activity with every single user. This is done to deliver more targeted ads, but with the kind of information that is being collected, it is worrying to note that Google is in a position to profile Internet users quite accurately.
Here are the instructions on how to set up your DD-WRT router with NordVPN’s configuration.
Like on any route, congestion can slow a fast connection to a halt. When you connect to nordvpn.com, you have to go through your ISP who then connects you to us. If it happens to take a route that is either very busy or very long, it means your connection will be slow. This can happen anywhere along the route, although we monitor our network 24/7 to ensure we are not the cause.
A proxy server, or a “proxy,” is a device that acts as a gateway between a local network (e.g., all the computers at one company or in one building) and a larger-scale network such as the Internet. When you try to access a website or any other resource available from various servers over the Internet, your computer sends a request to the proxy server, which then processes the request and returns the result you were looking for.
Proxies are used for a number of reasons such as to filter web content, to go around restrictions such as parental blocks, to screen downloads and uploads and to provide privacy when surfing the Internet.
If you want to browse privately, using a proxy can hide your IP address. For example, if you visit a website via a proxy server, the website will see a request from the proxy IP rather than your own, which makes it difficult (but not impossible) to track you.
Socket secure (or “SOCKS”) is a protocol for handling TCP traffic through a proxy server. SOCKS Version 5 adds additional support for security and UDP. SOCKS proxies do not interpret network traffic, which means they are not able to understand what is being passed from the client to the server and vice versa, and that makes the connection secure.
SOCKS uses a handshake protocol to inform the proxy software about the connection that the client is trying to make. It’s capable of transferring all information from a client to a server even through firewalls because the web server views the SOCKS proxy as the client.
HTTP protocol is the standard proxy protocol for the Internet, specifically designed to transfer website data. HTTP proxies are mainly used to fetch and receive within that protocol, rather than other types of network connections (unlike SOCKS, which can accommodate virtually any protocol, program or type of traffic). That includes specific network ports, through which all HTTP traffic is usually routed.
Due to these factors, HTTP proxies are the more common of the two types, and usually, people refer to them when they talk about proxy use.
Also, SOCKS proxies operate at what’s called a “lower level” than the HTTP proxy. However, that actually makes them more secure. Unlike a SOCKS server, an HTTP proxy server does understand and interpret the network traffic that passes between the client and downstream server, which means that the company that owns it could be logging users’ data.
An IP address stands for an Internet Protocol address and serves as a personal identifier for your computing device. Your Internet Service Provider (ISP) assigns a unique IP address to identify your device or network among all the others connected to the Internet.
Thanks to IP addresses, data can successfully reach its destination on the web – similarly to your home address, which allows a letter carrier to deliver your mail. To put it simply, IP addresses are necessary for sending and receiving data on the Internet: when connected devices talk to each other, they address themselves by IP address.
An IP address is a numeric label. The way it is composed depends on the Internet Protocol version. Currently, most ISPs use IPv4 to assign IP addresses to their clients. IPv4 addresses are based on 32 binary bits and consist of four numbers, varying from 0 to 255 and separated by dots, for example, 184.108.40.206.
With the evolution of the Internet technology and growing demand for IP addresses, a slight panic for running out of possible unique identifiers had risen. For this reason, the IPv6 version of the Internet protocol was introduced to expand numeric labeling options.
IPv6 addressing is based on 128 binary bits. An IPv6 address consists of 8 segments separated by colons instead of dots, for example, fr28:3ffe:0000:0000:0000:0000:4587:9312. Number groups containing only 0 are often omitted to save space. Instead, a double colon is used to indicate the gap so that it is fr28:3ffe::4587:9312.
A personal Virtual Private Network (VPN) refers to a network solution that is used to encrypt users’ Internet traffic and mask their online identity by hiding their IP address. Therefore, the main purpose of this technology is to help you stay secure and private when browsing the Internet.
Typically, when you connect to the Internet, your Internet Service Provider (ISP) receives the request and redirects you to the website you intend to visit. As your Internet traffic passes through your ISP, they can see everything you do online. What’s more, they can track users’ behavior and sell their personal details to advertisers and other third parties.
Here’s when a VPN comes into play. It redirects your Internet traffic through a remote VPN server, this way hiding your IP address and encrypting all of the information that is sent or received. With a VPN on, all the data you send and receive travels via an encrypted tunnel, so that nobody can steal your private information or spy on your online activities.
Virtual private network technology is based on the concept of tunneling. VPN tunneling involves generating and retaining a logical network connection (which may contain intermediate hops). In this connection, packets built in a specific VPN protocol format are encapsulated inside some other base or carrier protocol, then transmitted between server and VPN client and finally de-encapsulated on the receiving side.
For Internet-based Virtual Private Networks, packets in one of several VPN protocols are encapsulated within (IP) packets. VPN protocols also support encryption and authentication to keep the tunnels secure.
There are a number of VPN protocols which are used to secure the transferring of data traffic over a public network. Each protocol differs fractionally in the way data is kept secure. NordVPN uses OpenVPN and IKEv2/IPSec as standard protocols for its desktop and mobile applications and TLS v1.2 for its encrypted browser extensions.
OpenVPN is an open source software application that executes virtual private network (VPN) techniques for producing safe site-to-site or point-to-point connections in remote access facilities and bridged or routed configurations. OpenVPN uses a custom security protocol which utilizes TLS/SSL for key exchange. It is able to traverse firewalls and network address translators (NATs).
OpenVPN allows peers to authenticate each other using username and password, certificates, or a pre-shared secret key. When used in a multi-client server configuration, it allows the server to launch an authentication certificate for every user using certificate authority and signature. It uses the OpenSSL encryption library broadly as well as TLSv1.2/SSLv3 protocols and consists of many control and security features.
IKEv2 is a state-of-the-art protocol option, which combines speed with stability and security. A unique aspect of IKEv2 lies in its ability to hop between connections. For example, it can automatically jump from WiFi to a cell network without losing or dropping the secure VPN connection. When combined with Internet Protocol Security (IPsec), it significantly increases security and privacy of the user by employing very strong cryptographic algorithms and keys.
NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys. IPsec then secures the tunnel between the client and server using the strong AES256.
The Domain Name System (DNS) is responsible for resolving domain names such as “nordvpn.com” into actual IP addresses to connect to. It translates the long, complex and hard-to-remember numeric names of web servers into human language, and the other way around.
So whenever your computer needs to connect to a certain website, such as when you enter “www.google.com” into your browser, it first contacts a DNS server and requests the unique IP address of that site. This procedure is a crucial piece of how the Internet works.
If you are trying to keep your online activities secure and private with a VPN service, it is extremely important that all the traffic originating from your computer is routed through the VPN network. That includes the above-mentioned DNS requests – they should go through the VPN tunnel to your VPN provider’s DNS servers, rather than those of your ISP.
However, your system may for some reason revert to the default DNS servers, resulting in your ISP being able to see what websites you are visiting.
1. Our custom application for Windows, macOS, Android and iOS has a DNS leak protection feature implemented automatically, which will prevent your DNS from leaking.
2. Use NordVPN DNS servers.
In order to get NordVPN’s DNS servers please contact our support team. To set it, go to:
Windows: Control Panel → Network and Sharing Center → Change Adapter Settings → Right-click on your ‘Local Area Connection’ and select Properties → Click on the ‘Internet Protocol Version 4 (TCP/IPv4) and select Properties → Click on the ‘Use the following DNS server addresses’ and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your Local Area Connections!
Mac: System Preferences → Network → Choose your network device → Advanced → DNS tab and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your network devices!
Linux: Network applet → Edit Connections → Edit your network device → Ipv4 Settings → Choose Automatic (DHCP) addresses only and add DNS servers in the textbox with every server address to be separated by a comma. Please mind that you need to set DNS servers for ALL your network devices!
You can check your DNS leak at the DNS leak test webpage.
Anti-DDos servers are suggested for a less interrupting connection, since they have an advanced stability checking system.
For OpenVPN connection, we use the AES 256 CBC algorithm. IKEv2/IPSec ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys.
UDP is mainly used for online streaming and downloading. TCP is more reliable but a little slower than UDP and usually used for web browsing.
If you want to uninstall any of our applications, please refer to this tutorial here.
1723, 443 TCP and 1194 UDP ports should be open; also your firewall/router/ISP must allow pass-through for PPTP/VPN. Typically working: embedded Microsoft firewall in Windows, Linksys/D-Link/TP-Link/ASUS Router manufactured after year 2007, ADSL broadband. Typically not-working: not-Microsoft firewall, Netgear/Trend Router, all router-integrated ADSL modems. If you get error 619 with ADSL connection, please remove home router and disable not-Microsoft firewall software.
As soon as you connect to our VPN server, your device is assigned a new IP address and new DNS resolvers. All of your Internet traffic is encrypted and tunneled to our VPN server. Once there, it is decrypted and allowed to travel to its intended destination. Your local ISP will only see a single encrypted data stream between you and our VPN server. Your ISP can no longer monitor, log or control your Internet usage and you can bypass your ISP restrictions.