How to connect your Ubiquiti UniFi router to NordVPN using the built-in Wireguard VPN Router Client setup.
Here are two methods for getting your NordVPN connected to your UniFi router.
Method 1: Using a Wireguard Client to extract the required information.
Using NordVPN WireGuard as UniFi VPN Client — LazyAdmin
The above article is well written and will show you how to do it. We don’t need to repeat it here.
Method 2: Using some work arounds if you can’t get the above method working.
Step 1: Log into your NordVPN web account: https://my.nordaccount.com/dashboard/
Click to get the ‘Access Token’ from the ‘NordVPN’ menu on left side. Scroll down to see it and you will need to validate your email to continue.
When it asks how long to keep the Token valid for – Choose Indefinitely. You can always revoke it later if you need to.
Step 2: We need to convert the ‘Access Token’ to ‘Wireguard Private Key’ using one of two methods:
Using Windows – Open ‘Windows PowerShell’ and paste each line into the box and press entre.
# 1. Replace the placeholder with your actual access token
$accessToken = "ACCESS-TOKEN-GOES-HERE"
$credentials = "token:$accessToken"
$encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($credentials))
$headers = @{ "Authorization" = "Basic $encodedCredentials" }
$response = Invoke-RestMethod -Uri "https://api.nordvpn.com/v1/users/services/credentials" -Headers $headers
$response.nordlynx_private_keyOr alternatively use Linux – Open Terminal and paste this.
#Make sure you have 'curl' and 'jq' installed or install them using : sudo apt install curl jq
curl -s -u token:ACCESS-TOKEN-GOES-HERE https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_keyCopy the resulting ‘Wireguard Private Key’ and keep it safe. Do not let anyone get this and don’t paste it into any third party website.
Step 3: Open your Windows NordVPN app (Connection and Security) and choose to setup your VPN but choose “NordLynx” in the VPN Protocol instead of Auto.
Step 4: Connect to your desired Country using the Home VPN connection options.
Step 5: Open Windows File Explorer and go to app data folder by pasting %localappdata% into the top address bar or use Windows + R button and paste it in.
%localappdata%Then find the NordVPN folder.
Now find either a .zip file or a .json file that likely says server_v2.json
Inside this file is a list of servers and their matching IP with the Server Key.
Example:
{"Id":930695,"Name":"Austria #86","Station":"185.216.34.10","HostName":"at86.nordvpn.com","Load":19,"Status":"online","Technologies":[{"Id":1,"Status":"online","Metadata":[]},{"Id":3,"Status":"online","Metadata":[]},{"Id":5,"Status":"online","Metadata":[]},{"Id":21,"Status":"online","Metadata":[]},{"Id":23,"Status":"online","Metadata":[]},{"Id":35,"Status":"online","Metadata":[{"Name":"public_key","Value":"F6b2ac9H7hEvt03EonY1aV5FzNAabEmURDTB8wIIPXc="}]},{"Id":51,"Status":"online","Metadata":[{"Name":"port","Value":"8443"}]}],"Specifications":[{"Id":8,"Identifier":"version","Title":"Version","Values":[{"Id":257,"value":"2.1.0"}]}],"group_ids":[11,15,19],"location_ids":[205]},{"Id":930743,"Name":"Switzerland #217","Station":"185.156.175.12","HostName":"ch217.nordvpn.com","Load":29,"Status":"online","Technologies":[{"Id":1,"Status":"online","Metadata":[]},{"Id":3,"Status":"online","Metadata":[]},{"Id":5,"Status":"online","Metadata":[]},{"Id":21,"Status":"online","Metadata":[]},{"Id":23,"Status":"online","Metadata":[]},{"Id":35,"Status":"online","Metadata":[{"Name":"public_key","Value":"SqAWBSVdnUJ859Bz2Nyt82rlSebMwPgrmQxIb1DzyF8="}]},{"Id":51,"Status":"online","Metadata":[{"Name":"port","Value":"8443"}]}],"Specifications":[{"Id":8,"Identifier":"version","Title":"Version","Values":[{"Id":257,"value":"2.1.0"}]}],"group_ids":[11,15,19],"location_ids":[107]},In the example you will see 2 servers:
1: Austria #86 with IP: 185.216.34.10 and Server Public Key: F6b2ac9H7hEvt03EonY1aV5FzNAabEmURDTB8wIIPXc=
2: Switzerland #217 with IP: 185.156.175.12 and Server Public Key: SqAWBSVdnUJ859Bz2Nyt82rlSebMwPgrmQxIb1DzyF8=
Don’t use these values – they are invalid and just as an example.
Step 6: Open your UniFi interface using a PC browser.
Navigate to : Settings/VPN/VPN Client and choose Create New
Enter any Name at the top.
Your Private Key (from earlier).
Tunnel IP: 10.5.0.2 with netmask 32 (This is the standard for any of the servers)
Server Address: The IP from the Server you want to use and make sure PORT is 51820 (not 51821)
Public Server Key: Matching the Server you selected.
Primary and Secondary DNS entries : 103.86.96.100 and 103.86.99.100
When you finish creating this a new popup will appear to ‘Create a Route’ which is a Policy Based Route in the Policy Engine.
Insert any Name.
Interface/VPN Tunnel: Choose your ‘VPN Client’ you just created.
Choose to tick or untick the ‘KILL SWITCH’ – If VPN disconnects will it stop data flow to your selected devices.
Source: Choose Device/Network – Now select your device like TV or PC or Network.
Destination: Any
ADD/SAVE to finish.
Finally go back to the UniFi VPN/VPN Client page and see the UPTIME of your new connection is above 1 minute to ensure its working well.
To disconnect – Choose the MANAGE button and you can PAUSE or DELETE the VPN Client.
