First of all, let’s install all needed dependencies.
sudo apt install strongswan strongswan-plugin-eap-mschapv2 strongswan-ikev2 libstrongswan-standard-plugins
Now, we need to edit ipsec.secretsfile with your NordVPN username and password.
sudo vim /etc/ipsec.secrets
Username with your NordVPN username and
your password with your password. Your password has to be warped inside double commas, and NOTICE the spaces after username, after “:” and after EAP.
Once again, use preferred text editor to enter
/etc/ipsec.conf file. Do not forget root privileges since file is write-protected from anyone except root.
sudo vim /etc/ipsec.conf
conn NordVPN keyexchange=ikev2 dpdaction=clear dpddelay=300s eap_identity="USERNAME" leftauth=eap-mschapv2 left=%defaultroute leftsourceip=%config right=SERVER rightauth=pubkey rightsubnet=0.0.0.0/0 rightid=%any type=tunnel auto=add
Replace file content with this block of text. Do not forget to change
USERNAME to your NordVPN username you’ve entered in
/etc/ipsec.secrets file. And change
SERVER to prefered NordVPN server.
sudo vim /etc/strongswan.d/charon/constraints.conf
Inside the file change
load = yes to
load = no.
Now we will need to download our NordVPN RSA certificate.
sudo wget https://downloads.nordvpn.com/certificates/root.der -O /etc/ipsec.d/cacerts/NordVPN.der
Now let’s restart ipsec in order to reload all configuration files.
sudo ipsec restart If you’ve made any typos in
/etc/ipsec.conf file you’ll be notified when service will be trying to start.
After it’s done, you can connect by launching this command:
sudo ipsec up NordVPN
This command should show the output “connection NordVPN has been established successfully”.
To disconnect, simply type
sudo ipsec down NordVPN.