- Obtain NordVPN API access token from https://my.nordaccount.com/dashboard/nordvpn/access-tokens/
- Fetch NordVPN NordLynx (WG) private key from API https://api.nordvpn.com/v1/users/services/credentials - private key is in value of
nordlynx_private_keyJSON [1] - Fetch NordVPN server configurations from API https://api.nordvpn.com/v1/servers/recommendations?filters[country_id]=<COUNTRY_ID>&filters[servers_technologies][identifier]=wireguard_udp [2] - find desired server where per server JSON keys are:
3.1.station- WG peer endpoint IP address
3.2.technologies[].identifier["wireguard_udp"].metadata[].name["public_key"].value- WG peer public key - on ROS:
4.1. add Wireguard interface with private key from 2nd step
4.2. add Wireguard peer for NordVPN server with public key and endpoint IP from 3rd step, also set there port to51820and Allowed Address to0.0.0.0/0
4.3. add IP address for created Wireguard interface with address value10.5.0.2/24and network10.5.0.0
4.4. add firewall NAT rule insrcnatchain and created Wireguard interface as out interface formasqueradeaction
4.5. setup routing and firewall rules according to your current configuration - see here for some example
NordVPN API endpoints are protected with basic auth where
tokenis username and API access token is password from previous step (Authorizationheader with value: Basic base64(username:password)) ↩︎value for
<COUNTRY_ID>with desired country ID can be fetched from API https://my.nordaccount.com/api/v1/servers/countries (eg. for Spain is202) ↩︎