Skip to content

Instantly share code, notes, and snippets.

@bluewalk
Last active December 20, 2024 15:02
Show Gist options
  • Save bluewalk/7b3db071c488c82c604baf76a42eaad3 to your computer and use it in GitHub Desktop.
Save bluewalk/7b3db071c488c82c604baf76a42eaad3 to your computer and use it in GitHub Desktop.
Getting NordVPN WireGuard details

About

Instructions to obtain WireGuard details of your NordVPN account. These can be used to setup a WireGuard tunnel on your router to NordVPN.

Source: https://forum.gl-inet.com/t/configure-wireguard-client-to-connect-to-nordvpn-servers/10422/27

Prerequisites

If you have any linux machine, use that or install a vm if you don't have one.

Get their official linux app installed. Make sure you have wireguard installed too. And set the used technology to Nordlynx by running nordvpn set technology nordlynx

Fetching details

Connect to nordvpn with command: nordvpn connect (don't forget to login with nordvpn login --legacy).

Fetch (your) IP address

After successful connection run

ifconfig nordlynx

Fetch your private key

Run

sudo wg show nordlynx private-key

Output of this command should be something like this:

CKMAE9LARlt2eZHgGnNaSUYiKllKJN7f3hed/bWm5E8=

The key above is just a random key for demo purposes.

Fetch your public key

Run

sudo wg show nordlynx public-key

Output of this command should be something like this:

TO158iXbNXt2eZHgGnNaSUYiKZHgGN7f3hed/bWm5E8=

The key above is just a random key for demo purposes.

Fetch server details

Make sure you have curl and jq installed on your host/router. These are needed to be able to fetch the config of NordVPN Server. If not installed, go ahead and install

opkg install curl jq

After installation enter the command below to fetch the recommended server config:

curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"|jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'

Output:

uk1818.nordvpn.com #your endpoint host
178.239.166.185 #its ip address
London #city
United Kingdom #country
K53l2wOIHU3262sX5N/5kAvCvt4r55lNui30EbvaDlE= #Server public key
10 #Server load at the time.

Or just visit the following url https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1 from your browser and look for the details manually.

@rausb
Copy link

rausb commented Oct 10, 2023

Learn here how to login NordVPN via command line, you can now generate login tokens in your account overview

@JohanChungus
Copy link

what about on android?

@onxb
Copy link

onxb commented Nov 5, 2023

I have successfully authenticated via the token ( via Docker Ubuntu VM) however running "nordvpn connect" quickly errors out with
"Connection failed. Please try again. If the problem persists, contact our customer support."
Any suggestions while I wait for the support team to reply?

@kinhsman
Copy link

Does anyone know how to fetch the server details on a specific country/city?

@ShakeyPlace
Copy link

@ kinhsman, just connect to the specific country, city or server first then get the details as in the script.
for example nordvpn connect dallas you can also run commands to get valid names for countries or cities

@lluked
Copy link

lluked commented Dec 15, 2023

I was looking for a fast way to update config with little input so I created a docker compose project based off of this, https://github.com/lluked/NordVPN_Get-WireGuard-Config/tree/main

All that is needed is a NordVPN Token, once run the config is outputted to the output folder.

@stayingarmed
Copy link

has anyone had any luck with the script posted by dsvf lately? I just tried it and it doesn't seem to pull the privatekey info and if I manually check the public key it doesn't match what is in the config file that the script pulls.

@bobziroll
Copy link

For anyone interested in a way to get the private key on MacOS, this video shows how to do it simply by opening the KeyChain Access program and getting it from there! Takes about 1 minute :)

@stayingarmed
Copy link

For anyone interested in a way to get the private key on MacOS, this video shows how to do it simply by opening the KeyChain Access program and getting it from there! Takes about 1 minute :)

I’m gonna say they killed this off. I tried it a couple of times on Ventura and can’t pull the info needed

@bobziroll
Copy link

I’m gonna say they killed this off. I tried it a couple of times on Ventura and can’t pull the info needed

I'm on the most updated MacOS Sonoma 14.2.1 and it worked fine. 🤷🏻‍♂️

@vgyarfas
Copy link

vgyarfas commented Feb 8, 2024

For anyone interested in a way to get the private key on MacOS, this video shows how to do it simply by opening the KeyChain Access program and getting it from there! Takes about 1 minute :)

I’m gonna say they killed this off. I tried it a couple of times on Ventura and can’t pull the info needed

This only works if you download the app from the Mac App Store and NOT directly from the NordVPN website. Struggled with this a little bit myself.

@bobziroll
Copy link

This only works if you download the app from the Mac App Store and NOT directly from the NordVPN website. Struggled with this a little bit myself.

Good to know. I don't remember downloading it from the Mac App Store, but it's definitely possible I did. Hope it's still able to help someone else in the future though!

Copy link

ghost commented Feb 10, 2024

Does this work for Raspberry Pi OS?

@dz-c0d3r
Copy link

dz-c0d3r commented Feb 28, 2024

I update the script to get all configs for a specific city and technology.

`
#!/bin/bash

my_interface=$(sudo wg show | grep interface | cut -d" " -f2)
my_privkey=$(sudo wg show $my_interface private-key)
my_ip=$(ip -f inet addr show $my_interface | awk '/inet/ {print $2}')

servers=$(curl --silent "https://api.nordvpn.com/v1/servers?limit=999999" | jq --raw-output '.[] | select(.locations[].country.city.name == "Paris") | select(.technologies[] | .name == "Wireguard") | select(.status == "online") | "(.hostname) (.station) ((.locations|.[]|.country|.city.name)) ((.locations|.[]|.country|.name)) ((.technologies|.[].metadata|.[].value))"')

echo "$servers" | while read -r server_info; do
read -r host ip city country serv_pubkey <<<"$server_info"
sid=$(echo $host | cut -d. -f1)
fn="nvpn_${sid}.conf"
echo "Server: $host ($ip) has pubkey $serv_pubkey"

echo "writing config to $fn"
{
    echo "#config for nordvpn server $sid"
    echo "[Interface]"
    echo "Address = $my_ip"
    echo "PrivateKey = $my_privkey"
    echo ""
    echo "[Peer]"
    echo "PublicKey = $serv_pubkey"
    echo "AllowedIPs = 0.0.0.0/0"
    echo "Endpoint = $host:51820"
} > "$fn"

echo ""
echo "Content of $fn:"
cat "$fn"
echo "----------------------------------------"

done
`

Enjoy it <3

@macnug
Copy link

macnug commented Mar 3, 2024

HI
I did run the script, but my fritzbox show error:

"Unfortunately, it was not possible to apply your settings.
Imported configuration file of WireGuard remote site triggered a key conflict with existing connections. Click on 'Close' to go to the WireGuard overview and set up the WireGuard connection again".

I did try delete all the other wireguard connections but now i have:

"Unfortunately, your settings could not be applied correctly.
Click "Close" to access the WireGuard overview and re-establish the WireGuard connection."

Any suggestion?

Thank you very much!

@dumbasPL
Copy link

dumbasPL commented Mar 5, 2024

alternative way without downloading their software (needs curl and jq):

  1. go to https://my.nordaccount.com/dashboard/nordvpn/manual-configuration/ and create an access token
  2. get your private key
curl -s -u token:<ACCESS_TOKEN> https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_key
  1. get server info
curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1" | jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'
  1. create config:
[Interface]
PrivateKey = <PRIVATE_KEY> # from step 2
Address = 10.5.0.2/32 # this IP is always the same
DNS = 9.9.9.9 # your favorite DNS server

[Peer]
PublicKey = <PUBLIC_KEY> # from step 3
AllowedIPs = 0.0.0.0/0, ::/0 # route everything
Endpoint = <ENDPOINT>:51820 # endpoint or IP from step 3, the port is always the same

@mzdial
Copy link

mzdial commented Mar 6, 2024

Works perfectly for me. Thanks so much for posting this!

alternative way without downloading their software (needs curl and jq):

snip

@frankthecrank
Copy link

Works perfectly for me. Thanks so much for posting this!

did you use it by any chance in a fritzbox router?

HI I did run the script, but my fritzbox show error:

"Unfortunately, it was not possible to apply your settings. Imported configuration file of WireGuard remote site triggered a key conflict with existing connections. Click on 'Close' to go to the WireGuard overview and set up the WireGuard connection again".

I did try delete all the other wireguard connections but now i have:

"Unfortunately, your settings could not be applied correctly. Click "Close" to access the WireGuard overview and re-establish the WireGuard connection."

Any suggestion?

Thank you very much!

no suggestions, did you fix it? cause I am trying the same, and i get all the keys, the endpoint IP for a turkey-server, but the wireguard vpn won't work, so I guess its a fritzbox problem?

@macnug
Copy link

macnug commented Mar 9, 2024

—snip—- let’s keep this readable

no suggestions, did you fix it? cause I am trying the same, and i get all the keys, the endpoint IP for a turkey-server, but the wireguard vpn won't work, so I guess its a fritzbox problem?


I did try but i figured out that frtitzbox need to have also DHCP ip modification. I don't want to modify the fixed ips of 50 devices, so i don't know how to proceed

@J-K3X4
Copy link

J-K3X4 commented Mar 9, 2024

—snip—- let’s keep this readable

I did try but i figured out that frtitzbox need to have also DHCP ip modification. I don't want to modify the fixed ips of 50 devices, so i don't know how to proceed

Maybe this is for other post but just one question, have you been able to load conf file on a fritzbox? For me it has been impossible.

However, I have tested to load this conf file on a standard wireguard client and it works perfectly.

@macnug
Copy link

macnug commented Mar 9, 2024

—snip—- let’s keep this readable

Hi,
No i get error as soon as i press "OK"
The procedure tells me there are issues on ip conflict:

" 7590
VPN (WireGuard®)
Purtroppo non è stato possibile applicare correttamente le vostre impostazioni.
La stazione remota WireGuard configurata causa un conflitto di rete.
Cliccate su "Chiudi" per accedere alla panoramica di WireGuard® e ristabilire la connessione WireGuard®."

Sorry the message is in italian, but as you can see it doesn't work on fritzbox

@dvcrn
Copy link

dvcrn commented Mar 17, 2024

Hey all, I hacked together a little CLI inspired by the guide here, that extracts the WG privatekey from macOS keychain, then calls the NordVPN API to fetch server information, and outputs ready to use .conf files

https://github.com/dvcrn/generate-nordvpn-wgconf

It can either generate for a specific country (--country DE) or all countries (--all-countries). You can also specify to generate multiple configs for a specific country (--country DE --amount 3 --outdir out/)

I wanted something that allows me to quickly regenerate configs with whatever NordVPN recommends as server, and make managing those files a bit easier.

It's only tested on macOS, but in theory, if you know your private key already (following the guide here), you should be able to use it under linux as well, by directly specifying --pk foobar.

(Specifying --nordvpn-accountid will make it go into keychain mode, so it'll try to extract the credentials from macOS keychain)

@mustafachyi
Copy link

mustafachyi commented Mar 22, 2024

Hey @dvcrn,

I've developed a NordVPN WireGuard Configuration Generator and Proxy Servers Fetcher tool inspired by your work. Unlike similar tools, mine offers a streamlined setup process, automatic server sorting for optimal performance, and categorized server organization by country and city for easy navigation. The tool also includes proxy server fetching from NordVPN's API and a multi-language support feature with versions available in Python, Go, and a web-based interface.

Check it out here: NordVPN WireGuard Configuration Generator

Your tool was a great starting point, and I've added enhancements such as improved server selection algorithms and flexible configuration options. I'd appreciate your feedback on my project.

Thanks for the inspiration!

Best regards.

@Bahtiyar57
Copy link

Bahtiyar57 commented Apr 14, 2024

Thank you for this great work.
I use it on my Banana Pi M3 with Armbian OS.
@GY8VSdYYzvL8-K6T it will work with Raspberry Pi, too.
@macnug it won't work with FritzBox. My solution is too use two Fritzbox-Devices and in between of these my Banana Pi, like this:
WWW---FritzBox1--(LAN)--BananaPi with VPN --(LAN)--FritzBox2---Cilents.
For me it would be very useful to use this Script with other VPN-Providers.
Is there a possibility to write this script for other VPN-Providers?

@mustafachyi
Copy link

Thank you for this great work. I use it on my Banana Pi M3 with Armbian OS. @GY8VSdYYzvL8-K6T it will work with Raspberry Pi, too. Is there a possibility to write this script for other VPNs?

Absolutely, Surfshark and Mullvad VPN are great options that support WireGuard technology. From my research, they indeed offer WireGuard servers, and you can manually set it up. Although I don't have direct access to these VPNs currently, if you can provide more detailed data about them, we could potentially explore some innovative solutions together!

@Bahtiyar57
Copy link

Bahtiyar57 commented Apr 16, 2024

Absolutely, Surfshark and Mullvad VPN are great options that support WireGuard technology. From my research, they indeed offer WireGuard servers, and you can manually set it up. Although I don't have direct access to these VPNs currently, if you can provide more detailed data about them, we could potentially explore some innovative solutions together!

Let's test it with Mullvad VPN or Hide.me

@mustafachyi
Copy link

mustafachyi commented Apr 16, 2024

Absolutely, Surfshark and Mullvad VPN are great options that support WireGuard technology. From my research, they indeed offer WireGuard servers, and you can manually set it up. Although I don't have direct access to these VPNs currently, if you can provide more detailed data about them, we could potentially explore some innovative solutions together!

Let's test it with Mullvad VPN or Hide.me
I decided to give Mullvad a test run and stumbled upon an API to fetch all their servers. It took me a little while to whip up some usable code, but things got tricky when I tried to snag the addresses. Turns out they're dynamic, which I realized after messing around with their config generator on https://mullvad.net/en/account/wireguard-config. Each time I generated a config for a new device, it spat out a unique address for the [Interface] part.

I hit a bit of a snag trying to crack the code on those dynamic addresses. But hey, I reckon using their tool should do the trick. On the other hand, I drew a blank when it came to Hide.me. Couldn't find a thing about setting up WireGuard configs.If u find anything we shall meet again in the comments :>

@Bahtiyar57
Copy link

The only way to use hide.me with Wireguard is to use the hide.client.linux. There are no WireGuard configs.
I found this https://github.com/Seyloria/hide.me-server-switch and this https://github.com/passepartoutvpn/api-source-hideme?tab=readme-ov-file

@stravos97
Copy link

alternative way without downloading their software (needs curl and jq):

  1. go to https://my.nordaccount.com/dashboard/nordvpn/manual-configuration/ and create an access token
  2. get your private key
curl -s -u token:<ACCESS_TOKEN> https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_key
  1. get server info
curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"|jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'
  1. create config:
[Interface]
PrivateKey = <PRIVATE_KEY> # from step 2
Address = 10.5.0.2/32 # this IP is always the same
DNS = 9.9.9.9 # your favorite DNS server

[Peer]
PublicKey = <PUBLIC_KEY> # from step 3
AllowedIPs = 0.0.0.0/0, ::/0 # route everything
Endpoint = <ENDPOINT>:51820 # endpoint or IP from step 3, the port is always the same

This didn't work for me. Here it is adjusted that worked:

Fetching the Server Information:

SERVER_INFO=$(curl -s "https://api.nordvpn.com/v1/servers/recommendations?filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1")
HOSTNAME=$(echo $SERVER_INFO | jq -r '.[0].hostname')
PUBLIC_KEY=$(echo $SERVER_INFO | jq -r '.[0].technologies[] | select(.identifier == "wireguard_udp").metadata[] | select(.name == "public_key").value')
ENDPOINT=$(echo $SERVER_INFO | jq -r '.[0].station')

echo "Hostname: $HOSTNAME"
echo "Public Key: $PUBLIC_KEY"
echo "Endpoint: $ENDPOINT"

Fetching the Private Key:

ACCESS_TOKEN="<ACCESS_TOKEN>"
PRIVATE_KEY=$(curl -s -u token:$ACCESS_TOKEN https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_key)
echo "Private Key: $PRIVATE_KEY"
echo "Endpoint: $ENDPOINT"

@EmSixTeen
Copy link

Had a massive faff doing this, didn't work through WSL at all for me, but ended up getting the key after fiddling with an Ubuntu VM on VMWare Player. This shouldn't be this difficult, thanks for the guidance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment