LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-27-2019, 12:16 PM   #1
johnny23
LQ Newbie
 
Registered: Aug 2009
Location: Edinburgh, UK
Distribution: Slackware
Posts: 27

Rep: Reputation: 26
Slackware 14.2 and NordVPN howto


This is how I do it. Your mileage may vary, E&OE.

1 Download the config files intended for Raspberry Pi:
https://nordvpn.com/api/files/zip

2 Unpack them in /etc/openvpn
...this will give you 2 dirs, one with files for udp and one for tcp

3 make a file with your auth credentials, first line username, second line password. Put it somewhere and make it readable only by root.

4 go to the NordVPN website and find out which server is recommended for your location or choose one by some criteria which suits you

5 in /etc/openvpn do
'ln -s [path to config file you've chosen] nordvpn.conf'
NordVPN reccomends you use udp
For example:
'ln -s /etc/openvpn/ovpn_udp/uk123.nordvpn.com.udp.ovpn nordvpn.conf'

6 for the config file you've chosen, at the line that says 'auth-user-pass' add a space then put the path to your auth file from step 3

7 in /etc/rc.d make rc.openvpn executable

8 modify your /etc/resolv.conf to use the NordVPN DNS

# NordVPN ...
nameserver 103.86.96.100
nameserver 103.86.99.100

9 stop dhcp or whatever clobbering your resolv.conf ...
'chattr +i resolv.conf'


You can now start / stop NordVPN using the rc.openvpn initialisation file. I have it in rc.local[_shutdown] to automatically start / stop NordVPN when my Kodi box runs.
 
Old 04-27-2019, 02:01 PM   #2
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 5,959

Rep: Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655
You may want to look into openresolv as this allows you to change your DNS servers once connected to a VPN (so you don't get DNS leakage when connected to your VPN). I found this program when I setup PIA on my system and was able to get it to work on Slackware and updated the SlackBuild to allow it to work properly on our systems.
 
2 members found this post helpful.
Old 04-28-2019, 02:07 AM   #3
johnny23
LQ Newbie
 
Registered: Aug 2009
Location: Edinburgh, UK
Distribution: Slackware
Posts: 27

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by bassmadrigal View Post
You may want to look into openresolv as this allows you to change your DNS servers once connected to a VPN (so you don't get DNS leakage when connected to your VPN). I found this program when I setup PIA on my system and was able to get it to work on Slackware and updated the SlackBuild to allow it to work properly on our systems.
Maybe the emerging encrypted DNS protocols and tools will fix this ... and possibly make VPN less necessary for many use cases. It would appear to me that without encrypted DNS you're potentially still at the mercy of your router, and downstream ISP routers, unless you set VPN up on your router.
My use case for VPN is to get at stuff otherwise not available in UK.
My quick and dirty solution allows my setup to pass the online DNS leak tests I've tried, FWIW. My router is too dumb to have anything to do with IPv6.

Last edited by johnny23; 04-28-2019 at 02:15 AM.
 
Old 04-28-2019, 01:44 PM   #4
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 5,959

Rep: Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655
Quote:
Originally Posted by johnny23 View Post
Maybe the emerging encrypted DNS protocols and tools will fix this ... and possibly make VPN less necessary for many use cases. It would appear to me that without encrypted DNS you're potentially still at the mercy of your router, and downstream ISP routers, unless you set VPN up on your router.
My use case for VPN is to get at stuff otherwise not available in UK.
My quick and dirty solution allows my setup to pass the online DNS leak tests I've tried, FWIW. My router is too dumb to have anything to do with IPv6.
Normally your /etc/resolv.conf is set by DHCP, which will typically add your router as the primary nameserver. Your router will typically have your ISP's nameservers provided by DHCP from the ISP.

openresolv allows you to automatically add the specified nameservers above the ones listed in /etc/resolv.conf. However, it only adds them and doesn't remove the defaults, so if those added nameservers are not working, it will work its way down the list until it finds one that does work, which could be the one provided by your router.
 
Old 04-29-2019, 03:04 AM   #5
johnny23
LQ Newbie
 
Registered: Aug 2009
Location: Edinburgh, UK
Distribution: Slackware
Posts: 27

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by bassmadrigal View Post
Normally your /etc/resolv.conf is set by DHCP, which will typically add your router as the primary nameserver. Your router will typically have your ISP's nameservers provided by DHCP from the ISP.
Exactly why step 9, resolv.conf becomes immutable and attempts to change it fail so, yes, follow my steps all the way to the end.
 
Old 04-29-2019, 12:45 PM   #6
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 5,959

Rep: Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655
Quote:
Originally Posted by johnny23 View Post
Exactly why step 9, resolv.conf becomes immutable and attempts to change it fail so, yes, follow my steps all the way to the end.
I don't want to connect to these DNS servers when I'm not connected to VPN, so I would prefer it to only be changed when I am connected. I guess not everyone has this desire. That was the only reason I had suggested using openresolv. It allows your resolv.conf to only be changed when connected to VPN and otherwise, it'll use the values provided by your DHCP server.
 
Old 04-30-2019, 04:10 PM   #7
elcore
Member
 
Registered: Sep 2014
Distribution: Slackware
Posts: 590

Rep: Reputation: Disabled
Haven't used Nord so I don't know what they do exactly, however some vpn ops may NAT port 53 to their own server.
If you run into one of those it won't matter where you point resolv.conf except if you point to forwarder which only reads /etc/hosts file.
Maybe you could forward over :443 with TLS that's what google seems to be pushing recently, but it depends on the endpoint I guess.
 
Old 05-12-2019, 04:43 AM   #8
johnny23
LQ Newbie
 
Registered: Aug 2009
Location: Edinburgh, UK
Distribution: Slackware
Posts: 27

Original Poster
Rep: Reputation: 26
On Slackware, just do it my way then go to the VPN testing pages online and see.
 
  


Reply

Tags
nordvpn, slackware, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] NordVPN DNS leak on Mint 18.2 mr.travo Linux - Networking 2 01-16-2018 04:57 PM
nordVPN leak DNS test faild dmatija Linux - Networking 1 10-09-2017 06:56 PM
[SOLVED] problem with iptables and NordVPN/OpenVPN gone_bush Linux - Networking 1 04-27-2017 07:14 PM
LXer: NordVPN for Android LXer Syndicated Linux News 0 09-06-2016 02:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration