Arch Linux User Repository

"Please, do not flag this package as out-of-date until there's the official release on Github page."

"Maybe the announcement is delayed, but wait for some other possible forward release, which is patching the previous one before the actual publishing."

Note from 3.19.1:

The repository's hierarchy has been updated and a slightly divergence comes with it. It was from:

/debian/pool/main

To now as:

/debian/pool/main/n/nordvpn

Any previous commits you may like to try in the future will need a manual mediation to replace old links in favor of the new ones.

Note from 3.19.0:

This version introduces new libraries being used by NordVPN. I have created symbolic links and committed a patch for it not interposing with already existing libraries (like sqlite3). Although this is not a big deal, If you, however, upgraded nordvpn-bin before the fix and noticed some library-related issue from sqlite lately, I suggest reinstalling the affected package.

Note from 3.17.4v:

The previous bug exposing DNS servers is fixed.

Note from 3.17.3v:

Caution! This version needs heed while using it and should be avoided. I strongly advice downgrading to 3.17.2 and wait for a new version or patching. Some big problems are:

• There's DNS leak present. Your original ISP servers can be exposed, as reported already on #343 issue.

• Unable to connect on nordvpn servers. Your journal might show the follow output: networker setting dns: setting dns with resolvectl: setting dns with resolvectl: Failed to set DNS configuration: Could not activate remote peer: activation request failed: unknown unit.: exit status 1

  After restarting resolve with systemctl restart systemd-resolved.service you may get it working again, enough for connecting normally, as reported, but not exclusively an ARM platform issue, on #342.

Also huge thanks for the community warnings in prior comments before I could've noticed all.

Note from 3.16.2v:

As the published note from the version above has mentioned on Github's page:

• Logging in with a username and password is no longer available in the terminal.

Please, consider using a token to logging in from now on.

Note from 3.16.0v:

The 'countries.dat' may differ between versions. Be aware to remove the file before upgrading the package.

If you're seeing the message "Daemon is unreachable, is systemd running?", then one of two things is probably happening.

The nordvpn daemon might not be started
Start it using:
sudo systemctl enable --now nordvpnd

You might not have been added to the nordvpn group
Add yourself:
sudo gpasswd -a USERNAME nordvpn
And then restart in order for the group to be created:
reboot

I noticed that after loss/re-establish of network connection (or suspend/resume cycle) the DNS settings were NOT restored by nordvpnd, leading to a DNS leak to whatever DNS servers are configured/used in non-VPN state. I investigated, and found:

nordvpn set technology openvpn

If openresolv is being used on the machine, then DNS settings are NOT restored on auto-reconnect. It is necessary to do 'nordvpn disconnect' and 'nordvpn connect' again to restore them.

If systemd-resolved is enabled (see https://wiki.archlinux.org/index.php/Systemd-resolved) and configured to use the stub resolver (ln -s /run/systemd/resolve/stub-resolv.conf) then DNS settings are correctly restored. nordvpnd is aware of the network connection status and performs an automatic reconnect.

The reason for the above behaviour I guess is because the .deb file used is designed for/tested on Ubuntu, which uses systemd-resolved by default.

nordvpn set technology nordlynx

If the nordlynx/wiregard technology is used the DNS settings are NOT restored after suspend/resume or network disconnect/reconnect. In nordlynx mode, nordvpnd seems not aware of network status and does not perform a reconnect. This applies both on Arch and an Ubuntu VM I used for testing.

In short if using nordvpn-bin, best use openvpn and systemd-resolved, otherwise if you forget to manually disconnect/reconnect nordvpn (for example after a suspend/resume) all DNS queries will be leaked outside the tunnel.

The newest update (3.5.0-2) seems to mess up the iptables rules once the nordvpnd.service is enabled via systemctl. The default behaviour is changed to -P INPUT DROP and -P OUTPUT DROP, thus dropping all the IPv4 in and out traffic. Only IPv6 works as it should in this scenario.

There are two solutions to this problem:

1. Either automatically or manually execute the following:

# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT

2. Or, downgrade the nordvpn-bin package to version 3.4.0_1-1.

I have had similar issues like the @doctorcolossus, but after trying different settings, it seems NordLynx buggy. Sometimes it works, sometimes it does not. Using technology set to openvpn always works in my case.

I also installed networkmanager-openvpn as a backup for when I do not feel like messing with nordvpn-bin. So far, the NetworkManager openvpn plugin has not given me any issues, so I am convinced it is something with NordLynx.

@archnix: My issue is not the same as klodep's. My issue is that the userspace console application is not able to communicate with the system daemon.

I don't think it has anything to networking. My resolv.conf is set by dhcp. Running any nordvpn command (including the ones you suggested: "nordvpn c de" and "nordvpn d") resulted in the "Whoops! Cannot reach system daemon" message. So this error occurs before a connection is even attempted - I was not even able to enter my login credentials - the command I wanted to run was "nordvpn login" - but that resulted in the same error message as always, so the stage of even attempting to initiate a connection was never even reached.

I am also pretty confident that nothing is wrong with my network configuration, since 1) that is what I am using to write to you now; 2) I was able to connect to NordVPN via openvpn using the open-source application openpyn; 3) I have now switched to Mullvad and it is working fine over either WireGuard or openvpn; and 4) I previously used Cyberghost and had no connection problems with it either.

For all of the reasons above, I highly doubt the particular problem I was experiencing had anything to do with network issues.

Unfortunately I am no longer able to help troubleshoot this issue, as I have now cancelled my NordVPN subscription, requested a refund, and switched to Mullvad, whose client works seamlessly out of the box on Arch.

@Lyxmyx @doctorcolossus @klodep

Your issues with nordvpn-bin is a symptom of something fundamentally wrong with your network configuration or maybe a result of using sudo connect - creating a config in the wrong place or with wrong permissions in home folder.

❯ nordvpn c de
Connecting to Germany #442 (de442.nordvpn.com)
You are connected to Germany #442 (de442.nordvpn.com)!
❯ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 103.86.96.100
nameserver 103.86.99.100
❯ nordvpn d
You are disconnected from NordVPN.
How would you rate your connection quality on a scale from 1 (poor) to 5 (excellent)? Type 'nordvpn rate [1-5]'.
❯ cat /etc/resolv.conf
# Generated by NetworkManager
search localnet.lan
nameserver 10.10.1.6

@Lyxmyx until nordvpn-bin is stable it might be a good solution for you to use https://github.com/jotyGill/openpyn-nordvpn - it double checks the resolve config and works very nice and the code is clean written. It also adds server load checks to linux and yeah, its in the aur. I use it as second layer over my nordvpn-bin even if the killswitch works nice in the script there still is a connection if it doesn't (direct on a 30 bucks open wrt 5G china router)

Hope that helps you

It no longer updates my resolv.conf after I disconnect from the VPN connection.

So then I'm left with an unusable internet connection because I can't access the DNS servers listed in my resolv.conf because you have to be connected to the VPN to access them.

And I can't bring the dhcpcd service to regenerate the resolv.conf unless I reboot.

It used to update the resolv.conf after I disconnected from the VPN.

I haven't updated the kernel since installing nordvpn. This is my first attempt to install nordvpn and it has not worked for me at all yet. I tried completely removing nordvpn as suggested at the Manjaro forum link you provided, by deleting /var/lib/nordvpn/. There were no immutable files there, in my case. I then restarted, reinstalled, reenabled the systemd service, and restarted again. The nordvpn command still gives me the error: "Whoops! Cannot reach System Daemon."

# nordvpn login
Whoops! Cannot reach System Daemon.
# uname -a
Linux xps3 5.4.1-arch1-1 #1 SMP PREEMPT Fri, 29 Nov 2019 13:37:24 +0000 x86_64 GNU/Linux
# systemctl status nordvpnd.service
● nordvpnd.service - NordVPN Daemon
     Loaded: loaded (/usr/lib/systemd/system/nordvpnd.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2019-12-06 04:31:43 MST; 11min ago
TriggeredBy: ● nordvpnd.socket
   Main PID: 29011 (nordvpnd)
      Tasks: 13 (limit: 19034)
     Memory: 33.8M
     CGroup: /system.slice/nordvpnd.service
             └─29011 /usr/sbin/nordvpnd

Dec 06 04:31:43 xps3 systemd[1]: Started NordVPN Daemon.
# systemctl status nordvpnd.socket
● nordvpnd.socket - NordVPN Daemon Socket
     Loaded: loaded (/usr/lib/systemd/system/nordvpnd.socket; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2019-12-06 04:31:43 MST; 11min ago
   Triggers: ● nordvpnd.service
     Listen: /run/nordvpnd.sock (Stream)
     CGroup: /system.slice/nordvpnd.socket

Dec 06 04:31:43 xps3 systemd[1]: Stopping NordVPN Daemon Socket.
Dec 06 04:31:43 xps3 systemd[1]: nordvpnd.socket: TCP_NODELAY failed: Operation not supported
Dec 06 04:31:43 xps3 systemd[1]: Listening on NordVPN Daemon Socket.

@archnix: It may work for you, but it does not work for me, in spite of restarting.

$ nordvpn login
Whoops! Cannot reach System Daemon.

@Klodep @doctorcolossus

Nordvpn works without issues. At least if your remember that network depends on kernel - so if you updated kernel - restart. If you update nordvpn - stop the daemon - update - start daemon.

Previous versions of Nordvpn did change rapidly between nordvpnd - nordvpnud and nordvpnsd services. The nordvpnsd service is a leftover.

If your resolver is cluttered - it is probably the installed gui. If you use nordvpn as it is supposed to - on CLI - there is no problems.

Nordvpn - using TCP or UDP is problematic if you are using UFW iptables based firewall - ditch it and use firewalld instead.

On Manjaro forum is guide to troubleshooting nordvpn including complete removal. https://forum.manjaro.org/t/howto-nordvpn-usage-installation-updating-and-troubleshooting/71268