Leveraging the latest native NordVPN client, iptables and the Nord API to create the fastest, most stable connection possible.
Build based on:
- NordVPN
3.15.5
- Ubuntu
22.04
Examples of use:
Docker Hub repository:
Optimized for NordLynx:
- NordLynx is NordVPN's fast/stable implementation of Wireguard; it is the recommended and default TECHNOLOGY
Wireguard on the host
- You must install Wireguard on your host in order to leverage NordLynx
Capabilities
Environment
-
- Or
USER
&PASS
/PASSFILE
if you, for some reason, decide to use these instead
- Or
-
- Technically not required for the container to work, but it should be set if local traffic is to be routed through NordVPN
IPv6
-
IPv6 support is limited and generally not supported by most VPN providers at this time
-
Therefore, it is recommended to disable IPv6 support in your container via sysctl:
net.ipv6.conf.all.disable_ipv6=1
DNS
-
Prior to establishing the tunnel, the host DNS settings will be used
-
If you are concerned with DNS leakage (which will only be nordvpn.com), you should set docker DNS
- Note, this is not the same as the DNS environment variable
Generally, the default settings will provide a great experience, however, several environment variables are available to provide flexibility:
Variable | Default | Description |
---|---|---|
BYPASS_LIST | Comma-separated list of domain names that should bypass VPN (i.e. these connections should not be secured); if set, FIREWALL will default to FALSE |
|
CHECK_CONNECTION_INTERVAL | 60 | Time in seconds to check connection state and remediate as required |
CHECK_CONNECTION_URL | https://www.google.com | URL used by CHECK_CONNECTION_INTERVAL |
CONNECTION_FILTERS | To connect to the fastest, lowest load server of special interest. Use the NordVPN API to help craft your filters; largely for OpenVPN, though useful with NordLynx when wanting to set a specific country/city (e.g filters[country_city_id]=8980922 ) |
|
CONNECT | Provide a [country] (Australia ), [server] (jp35 ), [country_code] (us ), [city] (Hungary Budapest ) or [group] (Onion_Over_VPN ) (note CONNECT overrides CONNECTION_FILTERS; use one or the other) |
|
CYBER_SEC | FALSE | Learn more at NordVPN (TRUE/FALSE) |
DNS | A comma-separated list of IPv4/IPv6 addresses to be set as the VPN tunnel DNS servers, or non-IP hostnames to be set as the tunnel's DNS search domains (leave unset to use NordVPN servers) | |
FIREWALL | TRUE | Use the NordVPN firewall over iptables (TRUE/FALSE; will default to FALSE when BYPASS_LIST in use) |
KILLSWITCH | TRUE | Use the NordVPN kill switch; FIREWALL must also be TRUE (TRUE/FALSE) |
NET_LOCAL | Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv4 format (e.g. 192.168.1.0/24 ) |
|
NET6_LOCAL | Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv6 format (e.g. fe00:d34d:b33f::/64 ) |
|
OBFUSCATE | FALSE | Only valid when using TECHNOLOGY OpenVPN; learn more at NordVPN (TRUE/FALSE) |
PASS | Password for NordVPN account; surround in single quotes to prevent issues with special characters such as $ (not required when using TOKEN or PASSFILE ) |
|
PASSFILE | For use with USER and docker secrets, this should be set to /run/secrets/<secret_name> ; this file should contain just the account password on the first line |
|
PORT_RANGE | Port range to whitelist for both UDP and TCP; (e.g. PORT_RANGE=9091 9095 ) |
|
PORTS | Semicolon delimited list of ports to whitelist for both UDP and TCP; (e.g PORTS=9091;9095 ) |
|
POST_CONNECT | Command to execute after successful connection | |
PRE_CONNECT | Command to execute before attempt to connect | |
PROTOCOL | UDP | Only valid when using TECHNOLOGY OpenVPN (TCP/UDP) |
REFRESH_CONNECTION_INTERVAL | 120 | Time in minutes to trigger VPN reconnection to help ensure best connection available (0 = disable) |
TECHNOLOGY | NordLynx | Specify the VPN Technology to use (NordLynx/OpenVPN) |
TOKEN | RECOMMENDED; use in place of USER and PASS for NordVPN account; generated from your NordVPN account web portal |
|
USER | User for NordVPN account (not required when using TOKEN ) |
Using the NordVPN API
This project is independently developed for personal use; there is no affiliation with NordVPN or Nord Security companies. Nord Security companies are not responsible for, nor have control over, the nature, content and availability of this project.