Arch Linux User Repository

"Please, do not flag this package as out-of-date until there's the official release on Github page."

"Maybe the announcement is delayed, but wait for some other possible forward release, which is patching the previous one before the actual publishing."

Note from 3.20.2-4

Dependency included as mandatory earlier as community request.

If you're late for the party and only had updated up to 3.20.2-2.1:

• Simply uninstall nordvpn-bin and install again.

If you're coming from Manjaro or e.g another Arch-based distro with no stable libxml2-legacy package just yet:

• No need to upgrade. It's best keeping with the 3.20.2-3 version. But if you already had, then you can downgrade.

Note from 3.20.2-3

There is now a new package from official repositories named libxml2-legacy and with it two fresh considerations:

• Despite the fact libxml2-legacy was included as optional, it is actually a mandatory dependency. This will change on next NordVPN's release if the legacy support remains.

• This release only removes the previous symbolic link and purges the file within NordVPN library directory, otherwise it would result in an error before installation/upgrade.

Note from 3.20.2-2.1

A patch have been implemented due the absence of libxml2.so.2 after package upgrade to 2.14.2. This fix is not useful if:

• You plan to keep your system update to a specific date until NordVPN officially uses the new library.

• You are from a different distribution, which is a Arch-based one with other repositories, and libxml2 is not yet upgraded.

Note from 3.19.1:

The repository's hierarchy has been updated and a slightly divergence comes with it. It was from:

/debian/pool/main

To now as:

/debian/pool/main/n/nordvpn

Any previous commits you may like to try in the future will need a manual mediation to replace old links in favor of the new ones.

Note from 3.19.0:

This version introduces new libraries being used by NordVPN. I have created symbolic links and committed a patch for it not interposing with already existing libraries (like sqlite3). Although this is not a big deal, If you, however, upgraded nordvpn-bin before the fix and noticed some library-related issue from sqlite lately, I suggest reinstalling the affected package.

Note from 3.17.4v:

The previous bug exposing DNS servers is fixed.

Note from 3.17.3v:

Caution! This version needs heed while using it and should be avoided. I strongly advice downgrading to 3.17.2 and wait for a new version or patching. Some big problems are:

• There's DNS leak present. Your original ISP servers can be exposed, as reported already on #343 issue.

• Unable to connect on nordvpn servers. Your journal might show the follow output: networker setting dns: setting dns with resolvectl: setting dns with resolvectl: Failed to set DNS configuration: Could not activate remote peer: activation request failed: unknown unit.: exit status 1

  After restarting resolve with systemctl restart systemd-resolved.service you may get it working again, enough for connecting normally, as reported, but not exclusively an ARM platform issue, on #342.

Also huge thanks for the community warnings in prior comments before I could've noticed all.

Note from 3.16.2v:

As the published note from the version above has mentioned on Github's page:

• Logging in with a username and password is no longer available in the terminal.

Please, consider using a token to logging in from now on.

Note from 3.16.0v:

The 'countries.dat' may differ between versions. Be aware to remove the file before upgrading the package.

If you're seeing the message "Daemon is unreachable, is systemd running?", then one of two things is probably happening.

The nordvpn daemon might not be started
Start it using:
sudo systemctl enable --now nordvpnd

You might not have been added to the nordvpn group
Add yourself:
sudo gpasswd -a USERNAME nordvpn
And then restart in order for the group to be created:
reboot

I still have problems with iptables and killswitch even with the latest version. To fix i disbled killswitch.

Hey metiis, let me know if you could use another co-maintainer. Updated PKGBUILD to 3.6.0_2 and updpkgsums. Updated on my local machine, tested, and new ver works well. Happy to help keep this AUR pkg up to date if you could use a hand.

Cheers, Jay.

@doctorcolossus my problem was that ther was no sysctl script for the binary.

So I downloaded the *.deb file extractet in a folder with

1. ar xv nordvpn_3.5.0-2_amd64.deb

now there should be a file named data.tar.xz that you have to extract with

1. tar -xvf data.tar.xz

the next step is got to the /etc/init.d folder of the extracted file and copy the file named nordvpn to your /etc/system.d/system folder

1. cd /etc/init.d
2. sudo cp nordvpn /etc/system.d/system/nordvpn.service
3. systemctl enable nordvpn.service
4. systemctl start nordvpn.service

Now should be able to login with nordvpn login.

Had the same problem as wassup but only on one machine. The difference is the killswitch setting. Enabling killswitch destroys existing iptables and sets the policies to DROP and only allows DNS traffic and traffic to their CDN. This squashes my other iptables settings (seriously, NordVPN?!) making killswitch not viable anymore.

Third option that worked for me other than manually setting the policy to ACCEPT or downgrading is disabling killswitch

I noticed that after loss/re-establish of network connection (or suspend/resume cycle) the DNS settings were NOT restored by nordvpnd, leading to a DNS leak to whatever DNS servers are configured/used in non-VPN state. I investigated, and found:

nordvpn set technology openvpn

If openresolv is being used on the machine, then DNS settings are NOT restored on auto-reconnect. It is necessary to do 'nordvpn disconnect' and 'nordvpn connect' again to restore them.

If systemd-resolved is enabled (see https://wiki.archlinux.org/index.php/Systemd-resolved) and configured to use the stub resolver (ln -s /run/systemd/resolve/stub-resolv.conf) then DNS settings are correctly restored. nordvpnd is aware of the network connection status and performs an automatic reconnect.

The reason for the above behaviour I guess is because the .deb file used is designed for/tested on Ubuntu, which uses systemd-resolved by default.

nordvpn set technology nordlynx

If the nordlynx/wiregard technology is used the DNS settings are NOT restored after suspend/resume or network disconnect/reconnect. In nordlynx mode, nordvpnd seems not aware of network status and does not perform a reconnect. This applies both on Arch and an Ubuntu VM I used for testing.

In short if using nordvpn-bin, best use openvpn and systemd-resolved, otherwise if you forget to manually disconnect/reconnect nordvpn (for example after a suspend/resume) all DNS queries will be leaked outside the tunnel.

The newest update (3.5.0-2) seems to mess up the iptables rules once the nordvpnd.service is enabled via systemctl. The default behaviour is changed to -P INPUT DROP and -P OUTPUT DROP, thus dropping all the IPv4 in and out traffic. Only IPv6 works as it should in this scenario.

There are two solutions to this problem:

1. Either automatically or manually execute the following:

# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT

2. Or, downgrade the nordvpn-bin package to version 3.4.0_1-1.

I have had similar issues like the @doctorcolossus, but after trying different settings, it seems NordLynx buggy. Sometimes it works, sometimes it does not. Using technology set to openvpn always works in my case.

I also installed networkmanager-openvpn as a backup for when I do not feel like messing with nordvpn-bin. So far, the NetworkManager openvpn plugin has not given me any issues, so I am convinced it is something with NordLynx.

@archnix: My issue is not the same as klodep's. My issue is that the userspace console application is not able to communicate with the system daemon.

I don't think it has anything to networking. My resolv.conf is set by dhcp. Running any nordvpn command (including the ones you suggested: "nordvpn c de" and "nordvpn d") resulted in the "Whoops! Cannot reach system daemon" message. So this error occurs before a connection is even attempted - I was not even able to enter my login credentials - the command I wanted to run was "nordvpn login" - but that resulted in the same error message as always, so the stage of even attempting to initiate a connection was never even reached.

I am also pretty confident that nothing is wrong with my network configuration, since 1) that is what I am using to write to you now; 2) I was able to connect to NordVPN via openvpn using the open-source application openpyn; 3) I have now switched to Mullvad and it is working fine over either WireGuard or openvpn; and 4) I previously used Cyberghost and had no connection problems with it either.

For all of the reasons above, I highly doubt the particular problem I was experiencing had anything to do with network issues.

Unfortunately I am no longer able to help troubleshoot this issue, as I have now cancelled my NordVPN subscription, requested a refund, and switched to Mullvad, whose client works seamlessly out of the box on Arch.

@Lyxmyx @doctorcolossus @klodep

Your issues with nordvpn-bin is a symptom of something fundamentally wrong with your network configuration or maybe a result of using sudo connect - creating a config in the wrong place or with wrong permissions in home folder.

❯ nordvpn c de
Connecting to Germany #442 (de442.nordvpn.com)
You are connected to Germany #442 (de442.nordvpn.com)!
❯ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 103.86.96.100
nameserver 103.86.99.100
❯ nordvpn d
You are disconnected from NordVPN.
How would you rate your connection quality on a scale from 1 (poor) to 5 (excellent)? Type 'nordvpn rate [1-5]'.
❯ cat /etc/resolv.conf
# Generated by NetworkManager
search localnet.lan
nameserver 10.10.1.6

@Lyxmyx until nordvpn-bin is stable it might be a good solution for you to use https://github.com/jotyGill/openpyn-nordvpn - it double checks the resolve config and works very nice and the code is clean written. It also adds server load checks to linux and yeah, its in the aur. I use it as second layer over my nordvpn-bin even if the killswitch works nice in the script there still is a connection if it doesn't (direct on a 30 bucks open wrt 5G china router)

Hope that helps you