Arch Linux User Repository

"Please, do not flag this package as out-of-date until there's the official release on Github page."

"Maybe the announcement is delayed, but wait for some other possible forward release, which is patching the previous one before the actual publishing."

Note from 3.20.2-4

Dependency included as mandatory earlier as community request.

If you're late for the party and only had updated up to 3.20.2-2.1:

• Simply uninstall nordvpn-bin and install again.

If you're coming from Manjaro or e.g another Arch-based distro with no stable libxml2-legacy package just yet:

• No need to upgrade. It's best keeping with the 3.20.2-3 version. But if you already had, then you can downgrade.

Note from 3.20.2-3

There is now a new package from official repositories named libxml2-legacy and with it two fresh considerations:

• Despite the fact libxml2-legacy was included as optional, it is actually a mandatory dependency. This will change on next NordVPN's release if the legacy support remains.

• This release only removes the previous symbolic link and purges the file within NordVPN library directory, otherwise it would result in an error before installation/upgrade.

Note from 3.20.2-2.1

A patch have been implemented due the absence of libxml2.so.2 after package upgrade to 2.14.2. This fix is not useful if:

• You plan to keep your system update to a specific date until NordVPN officially uses the new library.

• You are from a different distribution, which is a Arch-based one with other repositories, and libxml2 is not yet upgraded.

Note from 3.19.1:

The repository's hierarchy has been updated and a slightly divergence comes with it. It was from:

/debian/pool/main

To now as:

/debian/pool/main/n/nordvpn

Any previous commits you may like to try in the future will need a manual mediation to replace old links in favor of the new ones.

Note from 3.19.0:

This version introduces new libraries being used by NordVPN. I have created symbolic links and committed a patch for it not interposing with already existing libraries (like sqlite3). Although this is not a big deal, If you, however, upgraded nordvpn-bin before the fix and noticed some library-related issue from sqlite lately, I suggest reinstalling the affected package.

Note from 3.17.4v:

The previous bug exposing DNS servers is fixed.

Note from 3.17.3v:

Caution! This version needs heed while using it and should be avoided. I strongly advice downgrading to 3.17.2 and wait for a new version or patching. Some big problems are:

• There's DNS leak present. Your original ISP servers can be exposed, as reported already on #343 issue.

• Unable to connect on nordvpn servers. Your journal might show the follow output: networker setting dns: setting dns with resolvectl: setting dns with resolvectl: Failed to set DNS configuration: Could not activate remote peer: activation request failed: unknown unit.: exit status 1

  After restarting resolve with systemctl restart systemd-resolved.service you may get it working again, enough for connecting normally, as reported, but not exclusively an ARM platform issue, on #342.

Also huge thanks for the community warnings in prior comments before I could've noticed all.

Note from 3.16.2v:

As the published note from the version above has mentioned on Github's page:

• Logging in with a username and password is no longer available in the terminal.

Please, consider using a token to logging in from now on.

Note from 3.16.0v:

The 'countries.dat' may differ between versions. Be aware to remove the file before upgrading the package.

If you're seeing the message "Daemon is unreachable, is systemd running?", then one of two things is probably happening.

The nordvpn daemon might not be started
Start it using:
sudo systemctl enable --now nordvpnd

You might not have been added to the nordvpn group
Add yourself:
sudo gpasswd -a USERNAME nordvpn
And then restart in order for the group to be created:
reboot

Answering my comment from 2023-10-07 14:20 (EDT) I found the culprit.

Some new "improvements" in 3.16.6 require using new kernel modules. Since I build my own kernel based off of modprobed-db I couldn't track this.

I found by making sure the following modules are built into the kernel everything works fine:

amdxcp
chacha_x86_64
curve25519_x86_64
drm_suballoc_helper
gf128mul
ip6table_filter
ip6table_mangle
ip6table_nat
ip6table_raw
ip6_tables
ip6table_security
ip6_udp_tunnel
libchacha
libchacha20poly1305
libcurve25519_generic
poly1305_x86_64
qrtr
rapl
snd_intel_sdw_acpi
udp_tunnel
wireguard
xt_conntrack

I will narrow this down to the exact specific ones but if I would have to take a guess, I would believe a smaller list could be:

ip6table_filter
ip6table_mangle
ip6table_nat
ip6table_raw
ip6_tables
ip6table_security
ip6_udp_tunnel
qrtr
udp_tunnel
wireguard
xt_conntrack

The last 3 have a very high probability to be required now and the last one a super high probability as it's mentioned in the systemd error. The IP6 ones I don't think so, my IPv6 is disabled so I can't imagine Nordvpn requiring these modules when IP6 is disabled, but you never know!

You learn everyday.... :)

Since 3.16.6, on all machines (they are all Arch), I can't connect at all, both OpenVPN and NordLynx.

╰─λ sudo systemctl status --now nordvpnd
● nordvpnd.service - NordVPN Daemon
Loaded: loaded (/usr/lib/systemd/system/nordvpnd.service; enabled; preset: disabled)
Active: active (running) since Sat 2023-10-07 10:42:11 EDT; 1s ago
TriggeredBy: ● nordvpnd.socket
Main PID: 23280 (nordvpnd)
Tasks: 59 (limit: 38418)
Memory: 48.7M
CPU: 159ms
CGroup: /system.slice/nordvpnd.service
└─23280 /usr/sbin/nordvpnd

Oct 07 10:42:11 Garuda nordvpnd[23280]: Error: dial tcp: lookup downloads.nordcdn.com: no such host
Oct 07 10:42:11 Garuda nordvpnd[23280]: 2023/10/07 10:42:11 notifying subscriber: /configs/templates/ovpn_xor/1.0/template.xslt is not important to moose
Oct 07 10:42:11 Garuda nordvpnd[23280]: 2023/10/07 10:42:11 [Info] HTTP CALL Duration: 104.15µs
Oct 07 10:42:11 Garuda nordvpnd[23280]: Request: HTTP/1.1 GET https://repo.nordvpn.com/deb/nordvpn/debian/dists/stable/main/binary-amd64/Packages.gz map[Accept-Encoding:[gzip, deflate] Content-Length:[] Content-Type>
Oct 07 10:42:11 Garuda nordvpnd[23280]: Error: dial tcp: lookup repo.nordvpn.com: no such host
Oct 07 10:42:11 Garuda nordvpnd[23280]: 2023/10/07 10:42:11 notifying subscriber: /deb/nordvpn/debian/dists/stable/main/binary-amd64/Packages.gz is not important to moose
Oct 07 10:42:11 Garuda nordvpnd[23280]: 2023/10/07 10:42:11 [Info] HTTP CALL Duration: 176.59726ms
Oct 07 10:42:11 Garuda nordvpnd[23280]: Request: HTTP/1.1 GET https://api.nordvpn.com/v1/helpers/ips/insights map[Accept-Encoding:[gzip, deflate] Content-Length:[] Content-Type:[application/json] User-Agent:[NordApp>
Oct 07 10:42:11 Garuda nordvpnd[23280]: Response: HTTP/1.1 200 - map[Alt-Svc:[h3=":443"; ma=86400] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[8126e8c72bc036c9-YYZ] Connection:[keep-alive] Content-Encoding:[gzip] Content-Leng>
Oct 07 10:42:11 Garuda nordvpnd[23280]: 2023/10/07 10:42:11 notifying subscriber: /v1/helpers/ips/insights is not important to moose

After I login using the token URL, I get this:

Oct 07 10:55:31 Garuda nordvpnd[92341]: Response: HTTP/3.0 200 - map[Alt-Svc:[h3=":443"; ma=86400] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[8126fc4f68414bbf-YUL] Content-Encoding:[gzip] Content-Type:[application/json] Date>
Oct 07 10:55:31 Garuda nordvpnd[92341]: 2023/10/07 10:55:31 [Info] HTTP CALL Duration: 147.480734ms
Oct 07 10:55:31 Garuda nordvpnd[92341]: Request: HTTP/3 POST https://api.nordvpn.com/v1/notifications/tokens map[Accept-Encoding:[gzip, deflate] Authorization:[hidden] Content-Length:[] Content-Type:[application/jso>
Oct 07 10:55:31 Garuda nordvpnd[92341]: Response: HTTP/3.0 201 - map[Alt-Svc:[h3=":443"; ma=86400] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[8126fc4ff9284bbf-YUL] Content-Type:[application/json] Date:[Sat, 07 Oct 2023 14:55>
Oct 07 10:55:31 Garuda nordvpnd[92341]: 2023/10/07 10:55:31 notifying subscriber: /v1/notifications/tokens is not important to moose
Oct 07 10:55:31 Garuda nordvpnd[92341]: 2023/10/07 10:55:31 [Info] [NC] Client has started
Oct 07 10:55:32 Garuda nordvpnd[92341]: 2023/10/07 10:55:32 [Info] [NC] Connected
Oct 07 10:55:34 Garuda nordvpnd[92341]: 2023/10/07 10:55:34 [Info] HTTP CALL Duration: 362.070811ms
Oct 07 10:55:34 Garuda nordvpnd[92341]: Request: HTTP/3 GET https://api.nordvpn.com/v1/users/services map[Accept-Encoding:[gzip, deflate] Authorization:[hidden] Content-Length:[] Content-Type:[application/json] User>
Oct 07 10:55:34 Garuda nordvpnd[92341]: Response: HTTP/3.0 200 - map[Alt-Svc:[h3=":443"; ma=86400] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[8126fc609bde4bbf-YUL] Content-Encoding:[gzip] Content-Type:[application/json] Date>

And when I try to connect:

╰─λ nordvpn c united_states
Connecting to United States #6292 (us6292.nordvpn.com)
Whoops! We couldn't connect you to 'united_states'. Please try again. If the problem persists, contact our customer support.

Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Debug] picking servers for OPENVPN technology
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Info] HTTP CALL Duration: 187.52232ms
Oct 07 10:57:20 Garuda nordvpnd[92341]: Request: HTTP/3 GET https://api.nordvpn.com/v1/servers/recommendations?limit=20&filters[servers.status]=online&filters[servers_technologies]=3&filters[servers_technologies][pi>
Oct 07 10:57:20 Garuda nordvpnd[92341]: Response: HTTP/3.0 200 - map[Alt-Svc:[h3=":443"; ma=86400] Cache-Control:[public, max-age=30, s-maxage=30, stale-if-error=120] Cf-Cache-Status:[DYNAMIC] Cf-Ray:[8126fef8ae34ca>
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Warning] executing 'ip -4 rule del from all lookup main suppress_prefixlength 0' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Warning] executing 'ip -4 rule del not from all fwmark 57841' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Warning] executing 'ip -6 rule del from all lookup main suppress_prefixlength 0' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Warning] executing 'ip -6 rule del not from all fwmark 57841' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Defer] exec: Wait was already called
Oct 07 10:57:20 Garuda nordvpnd[92341]: 2023/10/07 10:57:20 [Error] exec: Wait was already called

But it should look clean like this:

╰─λ sudo systemctl status nordvpnd
● nordvpnd.service - NordVPN Daemon
Loaded: loaded (/usr/lib/systemd/system/nordvpnd.service; enabled; preset: disabled)
Active: active (running) since Sat 2023-10-07 11:11:55 EDT; 20s ago
TriggeredBy: ● nordvpnd.socket
Main PID: 4703 (nordvpnd)
Tasks: 63 (limit: 38418)
Memory: 136.5M
CPU: 814ms
CGroup: /system.slice/nordvpnd.service
└─4703 /usr/sbin/nordvpnd

Oct 07 11:11:58 Garuda nordvpnd[4703]: -A OUTPUT -d 10.225.0.0/16 -m comment --comment nordvpn_whitelist -j MARK --set-xmark 0xe1f1/0xffffffff
Oct 07 11:11:58 Garuda nordvpnd[4703]: raw:
Oct 07 11:11:58 Garuda nordvpnd[4703]: -P PREROUTING ACCEPT
Oct 07 11:11:58 Garuda nordvpnd[4703]: -P OUTPUT ACCEPT
Oct 07 11:11:58 Garuda nordvpnd[4703]: security:
Oct 07 11:11:58 Garuda nordvpnd[4703]: -P INPUT ACCEPT
Oct 07 11:11:58 Garuda nordvpnd[4703]: -P FORWARD ACCEPT
Oct 07 11:11:58 Garuda nordvpnd[4703]: -P OUTPUT ACCEPT
Oct 07 11:11:58 Garuda nordvpnd[4703]: IP tables for ipv6:
Oct 07 11:11:58 Garuda nordvpnd[4703]: 2023/10/07 11:11:58 [Info] auto-connect success

Downgrading to 3.16.5 works flawlessly. Of course this is only a temporary workaround.

Any ideas how I can troubleshoot this?

I don't know if it's related to the new Local Network Discovery feature https://nordvpn.com/blog/nordvpn-linux-release-notes/

I will try to enable it, if I can find how.

Does not seem to help after enabling it:

Oct 07 14:44:55 Garuda nordvpnd[9423]: task stopped - DerpRelay
Oct 07 14:44:55 Garuda nordvpnd[9423]: task stopped - EgressProxy
Oct 07 14:44:55 Garuda nordvpnd[9423]: task stopped - IngressProxy
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Warning] executing 'ip -4 rule del from all lookup main suppress_prefixlength 0' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Warning] executing 'ip -4 rule del not from all fwmark 57841' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Warning] executing 'ip -6 rule del from all lookup main suppress_prefixlength 0' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Warning] executing 'ip -6 rule del not from all fwmark 57841' command: exit status 2: RTNETLINK answers: No such file or directory
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Error] TELIO(v4.0.8): "telio::ffi":905 telio_disconnect_from_exit_nodes: Err(NotStarted)
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Defer] disconnecting from libtelio: stopping libtelio: generic error
Oct 07 14:44:55 Garuda nordvpnd[9423]: 2023/10/07 14:44:55 [Error] connected to nordlynx server but there is no internet as a result

Tnx!

These latest versions are broken for anybody hoping to use their connection with internet sharing/gateway.

I downgraded to 3.15.0 and the issue resolved instantly. Please see this thread here: https://bbs.archlinux.org/viewtopic.php?pid=2119993

In case anyone else ends up looking for help with internet sharing - you need to downgrade - it's broken

Hello all, I am having a problem with this and need your help! I posted on the Arch Forums here: https://bbs.archlinux.org/viewtopic.php?pid=2119293

After I use this package to login to nordvpn and then connect, it all works fine for traffic that's in or outbound directly on the arch server itself - but once I enable ipv4 forwarding on the machine and try to use the machine as a gateway on another device, the traffic is coming through on the public address instead of the VPN address.. I do this on several other VPNs already (WindScribe and Proton and PIA all tested fine) but specifically THIS nordvpn is doing something weird in the routing that is preventing this behavior..

So now I went and disabled routing and the firewall using the nordvpn set routing off and firewall off command, and once they are disabled, the tunnel establishes but no traffic is directed through it - even on the Arch machine itself. So I'm guessing I need to set the route up manually? But how?

Would I would really love is for someone to try and connect to nord using this bin, then do a sysctl net.ipv4.ip_forward=1, followed by

iptables -t nat -A POSTROUTING -o nordlynx -j MASQUERADE

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i (your NIC device, mine is ens18) -o nordlynx -j ACCEPT

Then grab your cellphone or any other device on your local network and set the gateway to the Arch machine IP, then open a web browser and check your IP. Is it your unsecured IP, or Nord? If it's anything like mine, it won't be working properly, and is not the nordvpn IP address.

I suspect it's something in the ip rules or ip routing but I'm a newbie and don't know how to approach it

Thank you very much for any help.

EDIT: latest nordvpn-bin is broken. solution is downgrade to 3.15.0 and all problems go away

I can connect to nordvpn servers without any problems. But when connected I cannot open any webpages (no connectivity). Tried different settings with no luck.

• Disabled firewall
• Tried different technologies and protocols
• Killswitch is off by default

Edit: https://wiki.archlinux.org/title/NordVPN#No_internet_after_connection: This wiki article helped resolve the issue.

I can't download it from https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_3.16.3_amd64.deb in reasonable time (Turkey). Anyone else can?

==> Retrieving sources...
  -> Downloading nordvpn_3.16.3_amd64.deb...
** Resuming transfer from byte position 463143
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0 30.4M    0 28215    0     0    392      0 22:39:22  0:01:11 22:38:11     0

How to check nordvpn availability? I can't establish vpn connection also. They are under ddos?

@zencefil, not with the package, this looks like some weird stuff from NordVPN itself https://www.reddit.com/r/nordvpn/comments/jkzxue/anyone_else_find_it_strange_that_nordvpn_app_is/

After installing this version, I ran "nordvpn login" and got the following output:

A new version of NordVPN is available! Please update the application. Continue in the browser: https://mad4todo.com/v1/users/oauth/login-redirect?attempt=6db0c314-7700-47dd-a262-7ea517014fd3

This URL clearly does not belong to Nord - is something wrong with this package?

Either 'libtelio' errors or issues with nordlynx technology not detecting a network interface are being experienced despite the presence of functional interfaces. Mysteriously, "libtelio" errors in daemonlog.txt have disappeared, and today interface errors. Invoking daemonlog.text,

$ sudo journalctl -u nordvpnd > /home/"user"/Desktop/daemonlog.txt

These issues are specifically with NordLynx; openvpn technology has not been problematic (although now - 04/29/2023 - it is also now rejecting a udp protocol).

https://bbs.archlinux.org/viewtopic.php?id=285071

I re-duplicated these errors on a newly configured archlinux box home video server today,and have two different ISPs. This problem is not ISP related or related to a specific or idiosyncratic arch installation.

Nord has referred us to the AUR community. Any assistance or criticisms would be appreciated.

Note:(04-29-23) Nordlynx "functional" now after update; protocol tcp(?) only. This makes no sense to me since Wireguard's code relies upon udp (user datagram protocol), not tcp. So is this a novel development? There are at least two projects that explore tcp tunneling in Wireguard. Tcp is traditionally less than ideal for larger packets. Example of this Nordlynx tcp connection:

$ nordvpn status Status: Connected Hostname: us8585.nordvpn.com IP: 91.196.220.48 Country: United States City: Los Angeles Current technology: NORDLYNX Current protocol: TCP Transfer: 8.66 KiB received, 15.21 KiB sent Uptime: 17 seconds

Using Wireshark, I did in fact verify that Nordlynx is now using tcp.