Giter Site home page Giter Site logo

nordvpn-connect's Introduction

NordVPN-connect

I do not trust Official NordVPN, it is not open-source, and does more that it is asked for. Giving root access to this app is extremely dangerous for secure systems. Configuring nordvpnd to work without root is hard, if it is ever possible.

So I desided to spend a couple of hours to write a script to connect to nordvpn.

INSTALLATION

This is beta version and has no cool installation procedure. Just clone the repo and create a link in your $PATH.

umask u=rw
git clone https://github.com/kuvaldini/nordvpn-connect /path/to/nordvpn-connect --single-branch -b master
chmod -R go= nordvpn-connect  ## Restrict access, only user-owner may read and run
ln -s $PWD/nordvpn-connect/nordvpn-connect.sh /usr/local/bin/nordvpn-connect  ## root required

Rootless link ln -s $PWD/nordvpn-connect/nordvpn-connect.sh ~/.local/bin/. Ensure it is in the $PATH.

UPDATE/UPGRADE

git -C /path/to/nordvpn-connect pull -Xtheirs --ff
chmod -R go= /path/to/nordvpn-connect

USAGE

nordvpn-connect version undefined
Calls openvpn command to connect to selected NordVPN server.
USAGE:
   nordvpn-connect <COUNTRY|serverspec> [PROTOCOL]
   nordvpn-connect --help
COUNTRY: al ar at au ba be bg br ca ch cl cr cy cz de dk ee es fi fr ge gr hk hr hu id ie il in is it jp kr lt lu lv md mk mx my nl no nz pl pt ro rs se sg si sk th tr tw ua uk us vn za 
SERVER: may specify any letters correponding to the begining of server address
PROTOCOLS: tcp, udp
OPTIONS:
   -c|--countries List available countries
   -s|--servers   List available servers with given serverspec, default=all
   -h|--help      Show this help
   -V|--version   Show version
   -n|--dry-run   Dry run, not execute but echo openvpn command
   -x|--trace     Trace as bash -x
SITE: https://github.com/kuvaldini/nordvpn-connect

store credentials

It is important to have credentials Login:Password stored somewhere, not to be asked every time. And moreover that should be secure. That is why I added a stupid encryption for credentials utilizing GnuPG.

Login:Password are stored in $HOME/.config/nordvpn-connect.auth. First time user creates it in open form

login
password

After first call nordvpn-connect will encrypt that file. Password is optional, if not set openvpn will ask each time.

The encryption is vulnerable because password is stored in script, but that is better than nothing.
I have a future plan to encrypt assimetrically with key from user's GPG keychain.

Lifehacks

Connecting without sudo

Someone could want to connect as regular user without root priveliges (i.e. no sudo):

sudo chmod 500 $(which openvpn)
sudo setcap 'CAP_NET_ADMIN=ep' $(which openvpn)

Then openvpn should become able to configure tun/tap interfaces and create routes.

Get direct URLs to OpenVPN configs from official site nordvpn.com

curl https://nordvpn.com/ovpn/ | 
   htmlq -a href a | grep -F .ovpn

Request servers via API

Server restrics the rate of requests hard, cannot use for scripting, cache required

curl https://api.nordvpn.com/server -fsSLv >servers.json \
    -H"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0"

File size is about 4MB, reduce it to 500KB

jq 'map({name,domain,ip_address}) |sort_by(.domain)' <servers.json >servers.short.json

Select/filter servers by country

jq <server.short.json '.[]|select(.name|contains("Ukraine"))'

jq <server.short.json -c --arg x uk '.[]|select(.domain|startswith($x))'

Convert to CSV

jq <servers.short.json '.[] | [.domain,.ip_address,.name] | @tsv' -r >server.ip.name.csv

LINKS

ToDo

  • stabilize connection after sleep
  • systemd config to connect at startup
  • optional killswitch by unrouting all
  • protect from server's routes https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
  • protect from server's dns, suggest adguard-dnsserver on localhost
  • notify desktop
  • test for a fastest server, cache the value
  • CI testing
  • CI schedule update servers list CSV
  • encrypt/decrypt auth_file with master trusted key using assimmetric algorithm
  • integrate with NetworkManager
Firewall: enabled
KillSwitch: disabled
Obfuscate: disabled
CyberSec: disabled
DNS: 
IPv6: disabled
Notify: enabled
Auto-connect: disabled

nordvpn-connect's People

Contributors

kuvaldini avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.