Install and Configure NordVPN on Raspberry Pi

Ben
Ben
@benjislab

Securing your Raspberry Pi's internet connection is crucial, especially when using these versatile devices for IoT projects, home automation, media servers, or in business environments. A Virtual Private Network (VPN) adds an essential layer of security, encrypting your traffic and protecting your data from prying eyes.

NordVPN stands out as one of the most popular VPN services, offering robust security features, excellent performance, and wide server coverage. In this comprehensive guide, we'll walk through multiple methods of setting up NordVPN on your Raspberry Pi, from the official app to manual OpenVPN configurations.

At Fleetstack, we manage large deployments of IoT devices, including Raspberry Pis, and understand the importance of secure connections. Whether you're setting up a single Pi at home or managing a fleet of devices across multiple locations, this guide will help you implement proper VPN protection.

Why Use a VPN on Your Raspberry Pi?

Before diving into the installation process, let's understand why a VPN on your Raspberry Pi is beneficial:

  • Enhanced Privacy: Prevent your ISP or network administrators from monitoring your Pi's traffic
  • Security for IoT Devices: Protect devices connected to your Pi-based IoT hub
  • Geo-restriction Bypass: Access content or services restricted in your location
  • Remote Access Security: Safely connect to your Pi when away from home
  • Protection on Public Networks: Secure your Pi when used in public or shared network environments
  • End-to-End Encryption: Ensure your data remains encrypted throughout its journey

Prerequisites

To follow this guide, you'll need:

  • A Raspberry Pi (any model) running Raspberry Pi OS (formerly Raspbian)
  • An active NordVPN subscription
  • Your Pi connected to the internet
  • Basic familiarity with the Linux command line
  • SSH access to your Pi (or keyboard, mouse, and monitor connected directly)

Method 1: Installing the Official NordVPN Linux App

NordVPN provides an official Linux application that works well on Raspberry Pi OS. This is the simplest method with the most features.

Step 1: Update Your System

First, ensure your Raspberry Pi is fully updated:

sudo apt update
sudo apt upgrade -y

Step 2: Install Required Packages

Install the packages needed for the installation:

sudo apt install -y curl wget

Step 3: Download and Install the NordVPN Repository

Add the NordVPN repository to your system:

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

This script adds the NordVPN repository to your apt sources and imports the necessary GPG key.

Step 4: Install the NordVPN App

Install the NordVPN application:

sudo apt update
sudo apt install -y nordvpn

Step 5: Log In to Your NordVPN Account

Log in to your NordVPN account:

nordvpn login

This will display a link. Open this link on any device with a browser, log in to your NordVPN account, and authorize the Linux app. You'll get an authorization token to paste back into the terminal.

Step 6: Connect to a VPN Server

Connect to a NordVPN server:

# Connect to the fastest server
nordvpn connect

# Or connect to a specific country
nordvpn connect United_States

# Or connect to a specific server
nordvpn connect us8675

Step A: Configuring Auto-Connect

To configure NordVPN to connect automatically at startup:

# Enable auto-connect
nordvpn set autoconnect on United_States

# Create a systemd service for auto-starting
sudo nano /etc/systemd/system/nordvpn-autoconnect.service

In the editor, add the following content:

[Unit]
Description=NordVPN Auto-Connect
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/nordvpn connect
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Save the file, then enable the service:

sudo systemctl enable nordvpn-autoconnect.service

Step B: Advanced NordVPN App Configuration

The NordVPN app offers several configuration options:

# Enable kill switch (prevents data leaks if VPN disconnects)
nordvpn set killswitch on

# Use custom DNS servers
nordvpn set dns 103.86.96.100 103.86.99.100

# Enable CyberSec (blocks ads and malicious websites)
nordvpn set cybersec on

# Allow local network access (for accessing the Pi on your LAN)
nordvpn set allowlan on

To see all available settings:

nordvpn settings

Method 2: Using OpenVPN Configuration Files

If you prefer more control or can't use the official app, you can set up NordVPN using OpenVPN configurations.

Step 1: Install OpenVPN

sudo apt update
sudo apt install -y openvpn unzip

Step 2: Download NordVPN OpenVPN Configuration Files

cd /etc/openvpn
sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
sudo unzip ovpn.zip
sudo rm ovpn.zip

Step 3: Create Authentication File

Create a file with your NordVPN credentials:

sudo nano /etc/openvpn/auth.txt

Add your NordVPN username and password, each on a separate line:

[email protected]
your_nordvpn_password

Save and exit, then secure the file:

sudo chmod 600 /etc/openvpn/auth.txt

Step 4: Connect to a NordVPN Server

Choose a server configuration file from the ovpn_udp or ovpn_tcp directory and connect:

sudo openvpn --config /etc/openvpn/ovpn_udp/us5678.nordvpn.com.udp.ovpn --auth-user-pass /etc/openvpn/auth.txt

Step 5: Set Up Automatic Connection

To make OpenVPN connect automatically at startup:

  1. Move your chosen configuration file to a new location:
sudo cp /etc/openvpn/ovpn_udp/us5678.nordvpn.com.udp.ovpn /etc/openvpn/nordvpn.conf
  1. Edit the configuration to include the auth file:
sudo nano /etc/openvpn/nordvpn.conf

Add this line to the file:

auth-user-pass /etc/openvpn/auth.txt
  1. Enable the OpenVPN service:
sudo systemctl enable openvpn@nordvpn
sudo systemctl start openvpn@nordvpn

Testing Your VPN Connection

After connecting to NordVPN, verify that it's working:

1. Check Your IP Address

curl ifconfig.me

The displayed IP should be a NordVPN server IP, not your actual IP.

2. Check for DNS Leaks

Visit a DNS leak test site from a browser on your Pi, or use:

nslookup whoami.akamai.net

3. Test VPN Stability

To monitor the stability of your connection:

ping -c 60 8.8.8.8

This sends 60 pings to Google's DNS server to check connection reliability.

Troubleshooting Common Issues

VPN Won't Connect

If the VPN fails to connect:

  1. Check your internet connection
  2. Verify your NordVPN credentials
  3. Try a different server
  4. Look for error messages in the logs: 
    # For NordVPN app
sudo journalctl -u nordvpnd

# For OpenVPN
sudo journalctl -u openvpn@nordvpn

Slow Internet Speeds

If your internet is slow while connected to NordVPN:

  1. Try a different server closer to your location
  2. Switch between UDP and TCP protocols (UDP is generally faster)
  3. For the official app, use NordLynx if available: 
    nordvpn set technology nordlynx

Can't Access Local Network

If you can't access devices on your local network:

  1. With the NordVPN app:

    nordvpn set allowlan on

  2. With OpenVPN, add these lines to your configuration:

    route 192.168.1.0 255.255.255.0 net_gateway

    (adjust the IP range according to your local network)

Securing Multiple Raspberry Pi Devices with Fleetstack

For organizations managing multiple Raspberry Pi devices, deploying and maintaining VPN configurations can be challenging. Fleetstack simplifies this process by allowing you to:

  1. Deploy VPN configurations centrally: Push NordVPN configurations to all your Pi devices from a single dashboard
  2. Monitor VPN status: Track which devices have active VPN connections
  3. Rotate VPN credentials securely: Update credentials without manually accessing each device
  4. Create configuration templates: Standardize VPN setups across device groups
  5. Implement backup connections: Configure fallback options if the primary VPN fails

Advanced VPN Usage on Raspberry Pi

Split Tunneling

You might want only certain traffic to go through the VPN. For example, to route only traffic from a specific application through NordVPN:

With the official app:

nordvpn whitelist add port 80
nordvpn whitelist add subnet 192.168.1.0/24

VPN for Specific Services

To use NordVPN only for specific services running on your Pi (like a torrent client), you can create a separate user and route only their traffic through the VPN:

# Create a new user
sudo adduser vpn_user

# Allow the user to use sudo
sudo usermod -aG sudo vpn_user

# Switch to the user and set up the VPN
su - vpn_user

Then set up your service to run as this user.

Using Your Pi as a VPN Router

You can turn your Raspberry Pi into a VPN router to protect all devices on your network:

  1. Configure NordVPN on the Pi

  2. Set up IP forwarding:

    sudo nano /etc/sysctl.conf

    Uncomment or add the line:

    net.ipv4.ip_forward=1

    Apply the changes:

    sudo sysctl -p

  3. Configure network address translation (NAT):

    sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

  4. Make the iptables rules persistent:

    sudo apt install -y iptables-persistent
sudo netfilter-persistent save

  5. Configure your other devices to use the Pi as their gateway.

Security Best Practices

When using NordVPN on your Raspberry Pi, follow these best practices:

  1. Always enable the kill switch to prevent data leaks if the VPN disconnects
  2. Update regularly to ensure you have the latest security patches
  3. Use strong authentication for your NordVPN account
  4. Monitor VPN logs for any unusual activity
  5. Disable IPv6 if not needed to prevent IPv6 leaks
  6. Use specific servers for sensitive tasks rather than random connections

Conclusion

Setting up NordVPN on your Raspberry Pi provides an essential layer of security and privacy for your IoT and home automation projects. Whether you choose the user-friendly official app or the more configurable OpenVPN method, your Pi's internet connection will be protected with robust encryption and privacy features.

For organizations managing multiple Raspberry Pi devices, consider using Fleetstack to streamline the deployment and management of VPN configurations across your entire fleet. This ensures consistent security policies and simplifies maintenance.