We are able to join our UniFi community to a VPN supplier to route all our web visitors by a VPN. Probably the greatest VPN suppliers that you should utilize for that is NordVPN. It has been probably the greatest suppliers for a number of years, however there may be one problem.
Once we speak about VPN connections, probably the greatest protocols to make use of is WireGuard. It’s sooner and lighter, so it doesn’t use that many sources out of your UniFi Cloud Gateway. The one drawback is that NordVPN doesn’t present WireGuard configuration recordsdata.
On this article, I’ll present you learn how to create your individual WireGuard configuration file to make use of NordVPN because the VPN supplier to your UniFi community.
Necessities
There are already a number of guides on the web that present you ways to do that, however all of them use a Linux system to generate the file. We’re going to use Home windows as an alternative, to make it a bit bit simpler.
To create the configuration file, we have to have the NordVPN shopper put in and the WireGuard Consumer put in. We’re additionally going to create an entry token, however I’ll present you all of the steps for that.
Additional down within the article, you will discover a whole PowerShell script that you could run to create the configuration file.
NordVPN WireGuard Configuration File
NordVPN does provide configuration recordsdata, however these are for OpenVPN. The draw back of OpenVPN is that it requires extra sources, leading to a slower connection. The WireGuard protocol is quite a bit lighter which leads to a sooner connection.
Now NordVPN has rebranded their WireGuard protocol to NordLynx. So if you see NordLynx on this article, then we are literally speaking about WireGuard.
So as to add a WireGuard connection in UniFi Community, we will use a configuration file or enter all the small print manually. On this case, we have to use PowerShell to get all the data from NordVPN, so we will create the configuration file as nicely. This makes including the connection quite a bit simpler.
I’ve aligned the steps under with the steps within the PowerShell script. This manner you possibly can test and perceive what the script does.
Step 1 – Set up & Configure the NordVPN Consumer
To create the configuration file, we might want to set up the NordVPN shopper. Merely obtain and set up the traditional shopper to your working system. For Home windows, in addition they provide an OpenVPN shopper, however we don’t want that one.
After you have the shopper put in, we have to change the popular VPN Sort within the settings. By default, that is set to Auto, however we wish to guarantee that NordVPN is linked utilizing the WireGuard protocol.
Open the shopper, go to Settings > Connection, and set the VPN protocol to NordLynx.
Step 2 – Create an Entry Token
To create the WireGuard configuration file manually, we might want to acquire our PrivateKey. This secret’s used to authenticate the connection (we will’t use our username and password for this). To get the non-public key, we are going to want an entry token first.
- Open https://my.nordaccount.com/dashboard/nordvpn/manual-configuration/
- Click on on Arrange NordVPN Manually (you have to to re-authenticate)
- Click on on Generate New Token
- Set the token to Doesn’t Expire and click on on Generate token
- Copy the token and paste it into NotePad or Phrase for now. We’ll want it later.
Step 3 – Set up the WireGuard Consumer
To get all the mandatory data for the configuration file we might want to set up the WireGuard Consumer. With the shopper put in, and NordVPN linked, we will learn out all the data we’d like.
You solely must obtain and set up the WireGuard shopper for now.
Step 4 – Join NordVPN
Now we have now the whole lot set as much as create the configuration file. We might want to join the NordVPN shopper with our desired VPN server earlier than we proceed. Choose a server that you just wish to use and join the NordVPN Consumer.
Step 5 – Get the Non-public Key
For the following steps, we’re going to use PowerShell. Essential observe right here is that you just open PowerShell in elevated (admin) mode. With out admin mode, the WireGuard shopper, gained’t have entry to the NordVPN connection data.
- Proper-click on Begin
- Select Terminal (admin) or PowerShell (admin)
You don’t must be accustomed to PowerShell, you possibly can simply copy and paste the codes under. Or run the entire script which can information you thru all of the steps.
Enter your entry token between the quotes and run the second command to get the non-public key. We’ll retailer the non-public key in a variable so we will use it later.
# Your entry token $accessToken = "<copy-your-token>" # Get the Non-public key $privateKey = curl -s -u token:$accessToken "https://api.nordvpn.com/v1/customers/providers/credentials" | ConvertFrom-Json | Choose-Object -ExpandProperty nordlynx_private_key
Step 6 – Get all of the Connection Data
With the WireGuard shopper put in, we will use the command wg present
in PowerShell to learn out the lively connection data. To check it out, merely sort the command and press enter.
We’ll want the general public key, listening port quantity, pre-shared key and endpoint particulars from the connection. To do that we will use the next PowerShell command. These instructions will get the small print utilizing the WireGuard shopper, and clear up any entry data
$listenPort = wg present NordLynx listen-port $publicKey = wg present NordLynx public-key $preSharedKey = (wg present NordLynx preshared-keys) -replace 's+(none)$', '' -replace 's+$', '' $endPointRaw = wg present NordLynx endpoints $ipRegex = [regex]'b(?:d{1,3}.){3}d{1,3}:d{1,5}b' $endPoint = ($ipRegex.Match($endPointRaw)).Worth
Step 7 – Create the WireGuard Configuration file
With all of the required data collected, we will generate the WireGuard configuration file for our NordVPN connection. As you will note within the code under, there are another particulars wanted as nicely.
The Tackle is the IP Tackle that’s regionally assigned by NordVPN. This handle is at all times the identical. Under it, you will discover the DNS server. You possibly can change this to a different DNS server if you need.
$filePath = New-Merchandise -path "c:tempnordvpn-wireguard.conf" $confFileContent = @" [Interface] ListenPort = $listenPort PublicKey = $publicKey PrivateKey = $privateKey Tackle = 10.5.0.2/32 DNS = 1.1.1.1 [Peer] PublicKey = $preSharedKey AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = $endPoint PersistentKeepalive = 60 ForcedHandshake = 5 "@ Add-Content material -path $filePath -Worth $confFileContent
As talked about earlier, I’ve additionally created a whole PowerShell script that can get the data and create the configuration file for you. You’ll find the script right here in my GitHub repository.
If you’re unfamiliar with PowerShell, then be sure you learn this text on learn how to run PowerShell scripts.
Including NordVPN to UniFi Community
With the configuration file created, we will add the NordVPN connection to our UniFi Community.
- Open UniFi Community
- Go to Settings > VPN
- Open the VPN Consumer tab and click on on Create new
- Ensure that WireGuard is chosen
- Enter a reputation for the connection
- Add the configuration file
- Ensure that the configuration is legitimate. In any other case, test the configuration file and examine it with the instance file in my GitHub Repository
Click on on Apply Adjustments so as to add the VPN connection. It may possibly take a second till the VPN connection is established.
Route your Visitors By the VPN
With the VPN connection added, we’re not completed but. We might want to route our web visitors by NordVPN. For this, we’re going to create a Coverage-Primarily based route.
You possibly can select to route all of your visitors by the VPN, solely visitors from particular units, or visitors from a selected community (VLAN). I’ll present you learn how to route solely particular units under, however you should utilize the identical methodology with a VLAN. Simply guarantee that if you create a VLAN, you choose “Enable Web Entry”.
- In UniFi Community, open Settings > Routing
- Click on on Create Entry if you have already got routes arrange
- Give your route a reputation
- Choose All Visitors
- For the supply, I’ve chosen two units. You may as well choose the default community to route all visitors or a selected VLAN.
- Set the interface to the VPN connection that we created earlier.
- Click on on Add Entry
When you return to the VPN Consumer settings, you possibly can see that the connection is up and community visitors going by it:
Wrapping Up
Connecting NordVPN by WireGuard does take a few steps, however after we take a look at the efficiency distinction in contrast with the OpenVPN protocol, then it’s actually well worth the effort. Just remember to check out the PowerShell script as nicely, which makes the configuration steps a bit simpler.
Needless to say you possibly can solely have one lively NordVPN connection at a time in UniFi Community. This comes because of the truth you possibly can solely use port 51820. You possibly can nevertheless add a number of connections and pause the one you don’t want.
Hope you preferred this text, be certain that to observe LazyAdmin.nl on Fb or subscribe to the publication.