Install and Configure NordVPN on Raspberry Pi

Securing your Raspberry Pi's internet connection is crucial, especially when using these versatile devices for IoT projects, home automation, media servers, or in business environments. A Virtual Private Network (VPN) adds an essential layer of security, encrypting your traffic and protecting your data from prying eyes.
NordVPN stands out as one of the most popular VPN services, offering robust security features, excellent performance, and wide server coverage. In this comprehensive guide, we'll walk through multiple methods of setting up NordVPN on your Raspberry Pi, from the official app to manual OpenVPN configurations.
At Fleetstack, we manage large deployments of IoT devices, including Raspberry Pis, and understand the importance of secure connections. Whether you're setting up a single Pi at home or managing a fleet of devices across multiple locations, this guide will help you implement proper VPN protection.
Why Use a VPN on Your Raspberry Pi?
Before diving into the installation process, let's understand why a VPN on your Raspberry Pi is beneficial:
- Enhanced Privacy: Prevent your ISP or network administrators from monitoring your Pi's traffic
- Security for IoT Devices: Protect devices connected to your Pi-based IoT hub
- Geo-restriction Bypass: Access content or services restricted in your location
- Remote Access Security: Safely connect to your Pi when away from home
- Protection on Public Networks: Secure your Pi when used in public or shared network environments
- End-to-End Encryption: Ensure your data remains encrypted throughout its journey
Prerequisites
To follow this guide, you'll need:
- A Raspberry Pi (any model) running Raspberry Pi OS (formerly Raspbian)
- An active NordVPN subscription
- Your Pi connected to the internet
- Basic familiarity with the Linux command line
- SSH access to your Pi (or keyboard, mouse, and monitor connected directly)
Method 1: Installing the Official NordVPN Linux App
NordVPN provides an official Linux application that works well on Raspberry Pi OS. This is the simplest method with the most features.
Step 1: Update Your System
First, ensure your Raspberry Pi is fully updated:
sudo apt update
sudo apt upgrade -y
Step 2: Install Required Packages
Install the packages needed for the installation:
sudo apt install -y curl wget
Step 3: Download and Install the NordVPN Repository
Add the NordVPN repository to your system:
sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)
This script adds the NordVPN repository to your apt sources and imports the necessary GPG key.
Step 4: Install the NordVPN App
Install the NordVPN application:
sudo apt update
sudo apt install -y nordvpn
Step 5: Log In to Your NordVPN Account
Log in to your NordVPN account:
nordvpn login
This will display a link. Open this link on any device with a browser, log in to your NordVPN account, and authorize the Linux app. You'll get an authorization token to paste back into the terminal.
Step 6: Connect to a VPN Server
Connect to a NordVPN server:
# Connect to the fastest server
nordvpn connect
# Or connect to a specific country
nordvpn connect United_States
# Or connect to a specific server
nordvpn connect us8675
Step A: Configuring Auto-Connect
To configure NordVPN to connect automatically at startup:
# Enable auto-connect
nordvpn set autoconnect on United_States
# Create a systemd service for auto-starting
sudo nano /etc/systemd/system/nordvpn-autoconnect.service
In the editor, add the following content:
[Unit]
Description=NordVPN Auto-Connect
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/nordvpn connect
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
Save the file, then enable the service:
sudo systemctl enable nordvpn-autoconnect.service
Step B: Advanced NordVPN App Configuration
The NordVPN app offers several configuration options:
# Enable kill switch (prevents data leaks if VPN disconnects)
nordvpn set killswitch on
# Use custom DNS servers
nordvpn set dns 103.86.96.100 103.86.99.100
# Enable CyberSec (blocks ads and malicious websites)
nordvpn set cybersec on
# Allow local network access (for accessing the Pi on your LAN)
nordvpn set allowlan on
To see all available settings:
nordvpn settings
Method 2: Using OpenVPN Configuration Files
If you prefer more control or can't use the official app, you can set up NordVPN using OpenVPN configurations.
Step 1: Install OpenVPN
sudo apt update
sudo apt install -y openvpn unzip
Step 2: Download NordVPN OpenVPN Configuration Files
cd /etc/openvpn
sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
sudo unzip ovpn.zip
sudo rm ovpn.zip
Step 3: Create Authentication File
Create a file with your NordVPN credentials:
sudo nano /etc/openvpn/auth.txt
Add your NordVPN username and password, each on a separate line:
[email protected]
your_nordvpn_password
Save and exit, then secure the file:
sudo chmod 600 /etc/openvpn/auth.txt
Step 4: Connect to a NordVPN Server
Choose a server configuration file from the ovpn_udp
or ovpn_tcp
directory and connect:
sudo openvpn --config /etc/openvpn/ovpn_udp/us5678.nordvpn.com.udp.ovpn --auth-user-pass /etc/openvpn/auth.txt
Step 5: Set Up Automatic Connection
To make OpenVPN connect automatically at startup:
- Move your chosen configuration file to a new location:
sudo cp /etc/openvpn/ovpn_udp/us5678.nordvpn.com.udp.ovpn /etc/openvpn/nordvpn.conf
- Edit the configuration to include the auth file:
sudo nano /etc/openvpn/nordvpn.conf
Add this line to the file:
auth-user-pass /etc/openvpn/auth.txt
- Enable the OpenVPN service:
sudo systemctl enable openvpn@nordvpn
sudo systemctl start openvpn@nordvpn
Testing Your VPN Connection
After connecting to NordVPN, verify that it's working:
1. Check Your IP Address
curl ifconfig.me
The displayed IP should be a NordVPN server IP, not your actual IP.
2. Check for DNS Leaks
Visit a DNS leak test site from a browser on your Pi, or use:
nslookup whoami.akamai.net
3. Test VPN Stability
To monitor the stability of your connection:
ping -c 60 8.8.8.8
This sends 60 pings to Google's DNS server to check connection reliability.
Troubleshooting Common Issues
VPN Won't Connect
If the VPN fails to connect:
- Check your internet connection
- Verify your NordVPN credentials
- Try a different server
- Look for error messages in the logs:
# For NordVPN app sudo journalctl -u nordvpnd # For OpenVPN sudo journalctl -u openvpn@nordvpn
Slow Internet Speeds
If your internet is slow while connected to NordVPN:
- Try a different server closer to your location
- Switch between UDP and TCP protocols (UDP is generally faster)
- For the official app, use NordLynx if available:
nordvpn set technology nordlynx
Can't Access Local Network
If you can't access devices on your local network:
-
With the NordVPN app:
nordvpn set allowlan on
-
With OpenVPN, add these lines to your configuration:
route 192.168.1.0 255.255.255.0 net_gateway
(adjust the IP range according to your local network)
Securing Multiple Raspberry Pi Devices with Fleetstack
For organizations managing multiple Raspberry Pi devices, deploying and maintaining VPN configurations can be challenging. Fleetstack simplifies this process by allowing you to:
- Deploy VPN configurations centrally: Push NordVPN configurations to all your Pi devices from a single dashboard
- Monitor VPN status: Track which devices have active VPN connections
- Rotate VPN credentials securely: Update credentials without manually accessing each device
- Create configuration templates: Standardize VPN setups across device groups
- Implement backup connections: Configure fallback options if the primary VPN fails
Advanced VPN Usage on Raspberry Pi
Split Tunneling
You might want only certain traffic to go through the VPN. For example, to route only traffic from a specific application through NordVPN:
With the official app:
nordvpn whitelist add port 80
nordvpn whitelist add subnet 192.168.1.0/24
VPN for Specific Services
To use NordVPN only for specific services running on your Pi (like a torrent client), you can create a separate user and route only their traffic through the VPN:
# Create a new user
sudo adduser vpn_user
# Allow the user to use sudo
sudo usermod -aG sudo vpn_user
# Switch to the user and set up the VPN
su - vpn_user
Then set up your service to run as this user.
Using Your Pi as a VPN Router
You can turn your Raspberry Pi into a VPN router to protect all devices on your network:
-
Configure NordVPN on the Pi
-
Set up IP forwarding:
sudo nano /etc/sysctl.conf
Uncomment or add the line:
net.ipv4.ip_forward=1
Apply the changes:
sudo sysctl -p
-
Configure network address translation (NAT):
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
-
Make the iptables rules persistent:
sudo apt install -y iptables-persistent sudo netfilter-persistent save
-
Configure your other devices to use the Pi as their gateway.
Security Best Practices
When using NordVPN on your Raspberry Pi, follow these best practices:
- Always enable the kill switch to prevent data leaks if the VPN disconnects
- Update regularly to ensure you have the latest security patches
- Use strong authentication for your NordVPN account
- Monitor VPN logs for any unusual activity
- Disable IPv6 if not needed to prevent IPv6 leaks
- Use specific servers for sensitive tasks rather than random connections
Conclusion
Setting up NordVPN on your Raspberry Pi provides an essential layer of security and privacy for your IoT and home automation projects. Whether you choose the user-friendly official app or the more configurable OpenVPN method, your Pi's internet connection will be protected with robust encryption and privacy features.
For organizations managing multiple Raspberry Pi devices, consider using Fleetstack to streamline the deployment and management of VPN configurations across your entire fleet. This ensures consistent security policies and simplifies maintenance.