Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
other:networking:opnsense:nordvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
other:networking:opnsense:nordvpn [2025/07/12 01:01] rodolicoother:networking:opnsense:nordvpn [2025/07/12 01:23] (current) rodolico
Line 1: Line 1:
 ====== NORD VPN on opnSense ====== ====== NORD VPN on opnSense ======
  
-Setting up NordVPN on an opnsense router is poorly documented (several years old) and assumes all LAN traffic will be pushed through Nord. We have a different need in that we have a Net-2-Net (Site-to-Site) VPN to our office that should not go through the Nord connection. That was //interesting//, or as my friend David said, "a foot and anvil situation".+Setting up NordVPN on an opnsense router is poorly documented (several years old) and assumes all LAN traffic will be pushed through Nord.
  
-This document will take it step by stepand you can feel free to stop any time you are happy with the resultAlsonote that one of our routers also uses Multi-WAN setup (for failover)and that has not been tested at this time.+This document will set up an opnSense firewall using the OpenVPN configuration for NordVPN. When done, all network traffic from the LAN will go through the NordVPN instance. Upon completion, you should have enough information to be able to add additional subnets (say, wireless, or part of it). 
 + 
 +How do you know if it works? If you do not know your current public IP, visit [[https://www.whatsmyip.org/]] and record it. The final step in these instructions suggest you visit this same siteand success is indicated when the IP Address returned is the IP address of the NordVPN service. 
 + 
 +**Note**: In our case, we have second VPN instance which should supercede the NordVPN for certain subnets. After you have completed these instructionsyou can see how to do this in [[other:networking:opnsense:nordvpnplus|]]
  
 ===== Overview ===== ===== Overview =====
  
 **Note**: This document has been specifically written for the new OpenVPN setup which can be used in 2025, and will be the only one available in 2026. **Note**: This document has been specifically written for the new OpenVPN setup which can be used in 2025, and will be the only one available in 2026.
- 
-**Note**: This document assumes you have a second VPN client created that you wish to route to bypass the NordVPN connection. The same procedure can be used to bypass the VPN for other uses, but the example is for a second VPN that should handle some well defined subset of the network traffic. If that is not a need, you can simply stop when you get to that section. 
  
 **Note**: This document assumes you have a working opnSense firewall/router. There are other documents on how to do that. We also assume you have a valid NordVPN account. **Note**: This document assumes you have a working opnSense firewall/router. There are other documents on how to do that. We also assume you have a valid NordVPN account.
Line 20: Line 22:
     - Create a firewall rule to force all LAN traffic to use NordVPN     - Create a firewall rule to force all LAN traffic to use NordVPN
       - Test       - Test
-  - Set up new interface for secondary VPN (section is optional) 
-    - Create an alias containing all IP subnets you want handled via the secondary VPN 
-    - Create Outbound NAT entry to correctly NAT LAN traffic destined for alias through secondary VPN 
-    - Create a firewall rule to force LAN traffic destined for subnets in alias through secondary VPN 
  
 ===== Set up NordVPN ===== ===== Set up NordVPN =====
Line 125: Line 123:
   - Click orange **Save** button   - Click orange **Save** button
  
 +==== Force all LAN traffic through Nord ====
 +
 +This is the final step. It will force all LAN traffic through the NordVPN connection by adding a rule in the LAN firewall. Once this rule matches, no other processing will occur, so any rules that supercede this should be placed physically before this rule
 +
 +  - **Firewall** | **Rules** | **LAN**
 +  - Add new rule by pressing the orange +
 +    - Action: Pass
 +    - Quick: Checked (apply immediately)
 +    - Interface: LAN
 +    - Direction: in
 +    - TCP/IP Version: IPv4
 +    - Protcol: any
 +    - Source: Lan net
 +    - Log: check if you want to see what is happening, uncheck to save disk space
 +    - Category: ovpn
 +    - Description: Everything else goes through NORD
 +    - Gateway: NORD_VPNV4 (the VPNV4 was added automagically when you defined your Nord interface)
 +  - Click orange **Save** button
 +  - Click **Apply Changes**
 +
 +At this point, all LAN traffic should go through the NordVPN. A simple way to check is to open a web browser to [[https://www.whatsmyip.org/]] and see that it is different from your WAN IP (which you saw before we started)
 +
 +
 +To perform split tunnelling, where some traffic goes through nordVPN and other traffic goes through other services, see [[other:networking:opnsense:nordvpnplus|]]
other/networking/opnsense/nordvpn.1752300097.txt.gz · Last modified: 2025/07/12 01:01 by rodolico