Your IP: Unknown · Your Status: Unprotected Protected

IKEv2/IPsec

  1. First of all, let’s install all needed dependencies.

    sudo apt install strongswan strongswan-plugin-eap-mschapv2 strongswan-ikev2 libstrongswan-standard-plugins

  2. Now, we need to edit ipsec.secrets​file with your NordVPN username and password.

    sudo vim /etc/ipsec.secrets​

    Change Username with your NordVPN username and your password with your password. Your password has to be warped inside double commas, and NOTICE the spaces after username, after “:” and after EAP.

  3. Once again, use preferred text editor to enter /etc/ipsec.conf file. Do not forget root privileges since file is write-protected from anyone except root.

    sudo vim /etc/ipsec.conf

    conn NordVPN
      keyexchange=ikev2
      dpdaction=clear
      dpddelay=300s
      eap_identity="USERNAME"
      leftauth=eap-mschapv2
      left=%defaultroute
      leftsourceip=%config
      right=SERVER
      rightauth=pubkey
      rightsubnet=0.0.0.0/0
      rightid=%any
      type=tunnel
      auto=add 
    

    Replace file content with this block of text. Do not forget to change USERNAME to your NordVPN username you’ve entered in /etc/ipsec.secrets file. And change SERVER to prefered NordVPN server.

  4. Enter /etc/strongswan.d/charon/constraints.conf file.

    sudo vim /etc/strongswan.d/charon/constraints.conf

    Inside the file change load = yes to load = no.

  5. Now we will need to download our NordVPN RSA certificate.

    sudo wget https://downloads.nordvpn.com/certificates/root.der -O /etc/ipsec.d/cacerts/NordVPN.der

  6. Now let’s restart ipsec in order to reload all configuration files.

    sudo ipsec restart​ If you’ve made any typos in /etc/ipsec.conf file you’ll be notified when service will be trying to start.

  7. After it’s done, you can connect by launching this command:

    sudo ipsec up NordVPN​

    This command should show the output “connection NordVPN has been established successfully”.

  8. To disconnect, simply type

    sudo ipsec down NordVPN.