has anyone gotten NordVPN to work?

  • hi I trying NordVpn trial 3 days.. I followed there instructions but it doesn't work I using latest pfsense… it just keeps pending under status.. has anyone with nordvpn liked it and how they get it to work

  • I use it and like it. Here are some screen shots of a working client config for UDP (some info obscured but it shouldn't detract from the example). Note that some of their older servers still use SHA-1 instead of SHA-512. If you need assistance beyond just the client config, let me know. I should note that I have had trouble with some of their servers showing "Pending" for a long time as you describe. It's worth trying other servers if that happens. Also I should note that this is a client config intended for policy routing (i.e. selectively assigning traffic to the VPN using firewall rules). If you just want all traffic to go through the VPN when it's connected, uncheck the "Don't pull routes" setting.


  • I followed your steps I kinda got it to work she logs in now... but it sends data it shows.. but I cant receive.. so trying to use websites I get block so under status I can have like 200k/5k so it sends 200k data but I don't get any returns what you do to get it to work

  • @comet424 Do you have the "Don't pull routes" option checked like I do, and are then assigning traffic to the gateway associated with your VPN client interface using firewall rules? The basic steps after getting a working client connection up - at least using the settings from my screen shots - are to add an interface associated with that client connection, add a gateway associated with that interface (which I think pfSense may do automatically for you now), add outbound NAT rules, and then assign traffic to the new gateway. Some additional steps are required to route DNS queries through your VPN, but not performing those steps wouldn't cause you to be unable to load any web sites, because it would just perform DNS via your WAN interface the same way it always has. From that list, does it sound like you've done all these steps? It may be best if you could post some screen shots of your configuration (firewall rules, outbound NAT, etc.).

    When you say "trying to use websites I get block" what exactly do you mean? What is the exact error that you see in your browser?

  • @TheNarc I have no idea anymore erased all and tried nordvpns setup again
    they then told me to try changing the LZO to adaptive still doesn't work I can get it to connect but I cant receive data as you have some check marks where nordvpn has it checked off I tried both ways.. I frustrated I asked them to make a video or it be nice a video for fsense 2.4.3-release or if you can make youtube from start to end.. as you pull your hair out

    as I told them some settings they show aren't in 2.4.3 yet its a tutorial for 2.4.3

    so confusing lol
    its probably a check mark.. or this order the ADD up or down location which I don't see a purpose whatever ports you add should read the entire list not whats on the top of list first I don't get that part but meh lol

  • oh forgot your last comment

    blocked as you cant access.. page cant be found...
    when you click OpenVPN status shows 500k sent 6k received..
    so it sends data out but will not allow data throught the firewall. onto the network..

    so page cant be found till you shut off nordvpn client then I get the internet back

  • @comet424 It looks like they have updated their tutorial since I last consulted it. They used to explicitly advise using adaptive compression, and it's interesting that they say to leave UDP Fast I/O unchecked. Maybe I should update my config :) But the fact remains that my configuration is working, so I doubt your problems have to do with the client config if you have it set up the same as mine. I see that they also say to set the IPv4 Configuration Type for the interface assigned to the VPN client to DHCP. Mine is set to None (and again, it works). When you navigate to Status > Gateways, does your VPN gateway show as Online? If gateway monitoring thinks it's down, the gateway won't be used. Although without additional configuration steps, in that case traffic will just be routed through the default gateway (your WAN), so I wouldn't expect a complete inability to load sites.

  • 0_1532097328863_nord14.JPG
    gate way shows pending so not sure lol and I had copied yours and his so I not sure where I go lol

  • 1_1532097740743_nord16.JPG 0_1532097740743_nord15.JPG

    I told nordvpn I don't get the IP address after the opt -
    but they haven't solved that.. as there docs show a ip address after opt -
    in the general setup

  • @comet424 Okay that's definitely a problem (pending status on the gateway). Also you probably want to get rid of the NORDVPN_VPNV6 gateway. NordVPN doesn't support IPv6. But in any case . . . try this. Go to System > Routing and click the pencil icon next to the NORDVPN_DHCP gateway to edit it. Set the Monitor IP to a public DNS server like Google's or, then click Save and apply the settings. Then check Status > Gateways again. If it still shows pending, edit the gateway again and just click Save and apply without changing anything. I've had issues with dpinger (the process responsible for gateway monitoring) in conjunction with gateways associated to VPN clients. Often after rebooting my pfSense machine (which thankfully is rarely needed) I'll need to do this myself (just the Save and apply without any changes).

  • 1_1532098649051_nord18.JPG 0_1532098649051_nord17.JPG
    didn't help
    I did the saving 4 times no changes
    also somewhere its already set for so said its already in use lol

    and unable to delete the vpn ip6 no trashcan go figures

  • @comet424 Okay try configuring your VPN interface like I have mine (IPv4 Configuration Type set to None instead of DHCP). Then try the save/apply on the VPN gateway again. If gateway monitoring doesn't think it's up, it's not going to work. You could also temporarily disable gateway monitoring on the VPN gateway to at least get proof of concept that it will work once it considers the gateway to be online.

  • nope still doesn't work I noticed now my received data higher then sent
    but its still pending nothing changed lol ugh

  • @comet424 Try disabling gateway monitoring on the VPN gateway. That should mean it will always be considered Online. If you can use it then, it at least confirms that the monitoring is your only problem (or at least the only problem that's outright preventing you from using the VPN client connection at all). Then the question is why gateway monitoring isn't working, because it sure seems like you have it configured the same way I do. Maybe post screen shots of both your VPN interface and VPN gateway configurations?

  • not sure which is the vpn gateway I turned dhcp back on for the nordvpn and I got it out of pending... mode but still no interenet nothing

    2_1532118637576_nord2c.JPG 1_1532118637576_nord2b.JPG 0_1532118637575_nord2a.JPG

  • and I disabled the monitoring like you said

  • @comet424 Well that makes things even more deeply confusing. I hate to keep asking for screen shots, but I've got no other ideas at the moment. Could you maybe post your outbound NAT config and the firewall rule(s) that you're using to assign traffic to the VPN gateway?

  • well u know this stuff more then me I still new to pfsense.. but all this headache stuff I think a asus router is better lol I went to pfsense as you hear its the best but I have headaches lol
    as I wanted secure home network
    and I don't understand this Add Up Add Down like whatever you add it should just go through the list like port forwarding not whats on top first lol
    but here are the pics
    2_1532120546117_nord3c.JPG 1_1532120546117_nord3b.JPG 0_1532120546117_nord3a.JPG

  • @comet424 That looks fine to me. What do you mean by "Add Up Add Down?" I know you referred to that in a much earlier post too so I should have asked then, but it's not clear to me what part of the configuration that applies to. I'm wondering a little about DNS, though it doesn't seem like your configuration is wrong. Assuming you're using Windows, have you tried opening a command prompt and doing a DNS query (e.g. nslookup cnn.com) while the VPN is enabled?

  • so if I reneable monitoring it goes back to pending.. yes running windows
    and its this thing 0_1532121638281_nord3d.JPG
    see bottom left.. you have ADD up or ADD Down and apparently from what I was told pfsense reads the ports in the order you put it up so most important is at top of your list I guess.. really the entire list should be importat reason you put it in there...
    as for your nslook up I guess it just points to my own computer
    Server: pfSense.mikeshouse.mine.nu

    Non-authoritative answer:
    Name: mikeshouse.mine.nu
    Aliases: cnn.com.mikeshouse.mine.nu

  • probably should have stuck with an asus router this just one big headache lol

  • @comet424 Ah I get it, yeah the order matters because more than one rule may match. In the screen shot you posted, for example, if the port is 500, both of those rules will match, but you want the rule that you made specially for port 500 to be the one that's applied. And it operates on a "first match" principle, so you want the more specific rule to come first.

    Your DNS is working, so that's good but still doesn't explain why your VPN tunnel isn't. What about your firewall rule(s)? So not the outbound NAT, but whatever rule or rules you added to the firewall to direct traffic to the VPN gateway? I apologize, I may not be around for the rest of the day now, but I'll check back in when I can.

  • see I don't understand all this more then 1 rule.. as I used to asus and linksys routers.. you have port forwarding and such but no rules you can move up and down I truly don't understand that.. as shouldn't pfsense read all the rules doesn't matter whats first they all have to be followed right?

    well here is more screen shots.. and I appreciate the help nordvpn I read online has 24 chat support but they don't they reply in the morning a couple emails then I gotta wait another 24 hours... frustrating
    1_1532124853764_nord4b.JPG 0_1532124853764_nord4a.JPG

  • @comet424 Okay, it looks like you may be missing the firewall rules you need to assign traffic to the VPN gateway. But that wouldn't obviously explain why you can't get to any site. I'd just expect it to not go through the VPN but in any case, if you just want all your traffic to go through the VPN, make a LAN firewall rule that assigns all traffic coming in the LAN interface to the VPN gateway. NordVPN's guide did have this step I think. I'll try to get some screen shots of my rules tomorrow. I would now but it's 3:30 in the morning and I'm on a tablet ;)

  • tablets useless good enough for tv and maybe turning on and off lights like a remote lol

    I used this setup to to set it all up
    I guess ill fiddle with vpn lan not sure how lol

  • @comet424 So here is the "catch all" firewall rule I have on the LAN interface (Firewall > Rules > LAN):
    0_1532205537389_Screenshot from 2018-07-21 16-38-02.png
    Here are the details of that rule:
    0_1532205625781_Screenshot from 2018-07-21 16-40-06.png
    0_1532205672218_Screenshot from 2018-07-21 16-41-04.png
    Note that I didn't show all available settings, just the ones that you should need to change from their default values. If you don't already have a rule like this, try adding one. Seeing all the firewall rules you do have may be helpful too.

  • 1_1532209540270_nor2.JPG 0_1532209540270_nor1.JPG
    still isn't working like frig I set what you have.. I already have a firewall.. it be nice if o could just import a pfsense config file.. like one that doesn't import all the settings.. but it be nice if pfsens offered and then nordvpn offer..ed what you do was import and it sets all the dam settings right all you need to do is add name and password lol

  • @comet424 This gets more and more confusing :) That bottom firewall rule you have shows that 2.92GB of traffic has matched that rule, and because it clearly sets the gateway to NordVPN, that's where it ought to be going. It appears that you have all the key setup steps in place, so it almost must be some configuration outside of the VPN setup steps that is breaking things. If you're still interested in getting this working, I might be inclined to backup your current configuration and start over from a fresh installation. Do you have any packages installed?

  • I have a open vpn setup to access my home network but I can redo that and I had xbox double nat thing modified but I did a reformat of pfsense
    started over as nordvpn couldn't figure it out.. I made a video but didn't include doing it just went back over the settings.. and still doesn't work.. they told me to add another rule I called it any but it doesn't seem to work here is the video I sent nordvpn

  • @comet424 So in the video it looks like you weren't able to achieve a client connection again. But you have in the past, right? It feels like there are multiple problems, but I can't even see one . . . I am right that you were able in the past to get a client connection that showed it was established rather than pending in Status > OpenVPN, right? I know that you had trouble with gateway monitoring, but that's a separate issue. Have you been sure to try other servers than just ca191? I like NordVPN but I have definitely found that not all their servers are created equal. I do notice that your DNS configuration is different than mine, but that shouldn't matter for the problems you're having. I would advice using the IP of the Nord server you want in the client config rather than the hostname. That way the client connection is not dependent on DNS. So in "Server host or address" in the client configuration, put instead of ca191.nordvpn.com. Also, if you want all your DNS queries to go through the VPN, in Services > DNS Resolver uncheck the Enable Forwarding Mode setting, and select only your NordVPN interface in the list of Outgoing Network Interfaces. Although this also means that you won't have DNS at all unless your client is up, so I'd maybe hold off on that until and unless it's working :) For now I would also disable gateway monitoring on the VPN gateway, because you can always figure that out later. As a point of comparison, have you tried using Nord's Windows client? I realize that's not what you want ultimately, but it would be good just to sanity check that you can get a working client connection somehow, and it could help you to test out different servers to find a good one.

  • I dunno anymore I sooo confused lol.
    so I changed the ip address you mentioned and that didn't help.. I had the enable fordwarding un checked already but it didn't save as nordvpn for the outgoing but didn't matter... and setting the dns resolver wouldn't that screw up my internet network dns so I wouldn't be able to type in my unraid server name etc..

    I trying to use pfsense because I been told its better then your home router like asus or linksys.. I not so sure there is more headaches then simple setting up..

    as for the windows client I just tried it.. that works it showed my computer protected.. chose a usa location as the one I was using was a Toronto one closest to me... so that part worked but rest not so much and windows client has more friging options like kill switch I don't see that on pfsense lol

  • @comet424 Yeah you can configure the equivalent of a kill switch in pfSense but there are a few steps involved. I'd be inclined to say that for a basic home setup, if your Asus router isn't missing functionality that you want, there's no compelling reason for you to use pfSense instead. It is quite powerful, but because of that the learning curve can be somewhat steep (depending of course on the specific features you're trying to use). I can't say why your VPN client configuration is not working based on the information I have. To clarify, you have at some point seen an established connection instead of just "pending" when you go to Status > OpenVPN, right? I'm pretty sure that at one point you got that far, and just disabled gateway monitoring, but it still wan't passing traffic. And that data point coupled with the fact that your firewall rule to policy route traffic through the VPN shows 2.92GB of matched traffic is deeply confusing.

    One thing I did just notice though . . . in your Youtube video, it looks like you used the certificate and key directly from the NordVPN setup guide. That's for the server nl120; each of their servers has its own certificate and key. You need to download and extract this file:
    and use the certificate and key corresponding to the specific server that you're using (ca191 based on previous information). You can just open the *.key and *.crt files with Notepad and copy and paste into the relevant fields.

  • well what can pfsense do that asus router cant even got told from another friend a ddwrt on your router is more powerful then asus..
    I wanted to be able to access my network like I was connected to it.. I did get it to work but not by name but by Ip address so couldn't access computers by there names..
    ya we had it working from whatever settings you told me to flip on flip off lol it had connected but it didn't work..
    as for the tls and key.. I did use from the server zip file.. its the very first file .. al1_nordvpn_com_ca.crt and al1_nordvpn_com_ca.key I used them as the example in the tutorial does not work pfsense says its not a valid certificate and then I used the recommend server ip address which was what you told me to change to a ip addy number

  • @comet424 Hmmm, well is DD-WRT is doing everything you need, I'd just stick with it. If there were an easy way for me to attempt to configure your pfSense VPN client settings for you, I wouldn't mind, but unfortunately there isn't. And I can't think of anything that we haven't covered. If you follow the NordVPN tutorial to the letter, you don't even need to worry about firewall rules, because when the client config has the "Don't pull routes" setting disabled, all your traffic should be routed via the VPN client connection once it's established. Sorry, if I think of anything else worth trying I'll let you know.

  • no haven't gone to using ddwrt.. as I didn't wanna ruin my current asus router.. I look at value village nad salvation armys for routers that I could get for like 10 bucks to try ddwrt
    ya I boggled ill try resetting everything and trying again and video tape it while im setting it up instead of going back
    cuz this is maddning lol

  • @comet424 That sounds like a decent plan. I would advise you to only follow the guide through setting up the VPN Client until and unless you get a successful client connection. That is to say, if you go through adding the CA and the client (steps 1 through 3 in their guide), you should end up with a successful client connection that you can see from Status > OpenVPN. If you don't, it's not worth going any further. If you try that and make another video I'd be happy to review it.

  • im uploading video I made a mistake in video I chose for the nordvpn interface my em0 not the ovpn() so kinda worked but still not login

    but from the tutorial they show ovpn(nord_nl2ca) in brackets do you have that in your interfaces as I cant get that

  • figure the opvn() when you write a description in the opnvpn client that pops into those brackets.. still no internet lol

  • @comet424 Yeah the interface names are just based on the descriptions you choose, so that shouldn't matter. Do you have no client connection and no Internet, or a client connection but still no Internet? I'll take a look at your video when it's up.

  • I double and triple time checked the settings to the tutorial other then 2 or 3 items that they say to check off pfsense doesn't have those settings anymore
    Server host name resolution: check Infinitely resolve server;
    Disable IPv6: check Don’t forward IPv6 traffic;

    I have idea save your pfsense.. factory reset and do there tutorial see if you get same error as me.. as I getting frustrated unless its my bell modem blocking things.. but that's why I did PPOE inside pfsense so it directly connect to pfsens and skip the modem

    ahhhhh ugggg

Log in to reply