piratecarrot/gist:198128ae2f528236f1315788fa7d4d99

## gistfile1.txt
set interfaces openvpn vtun0 mode client

set interfaces openvpn vtun0 remote-host <remote-host>
set interfaces openvpn vtun0 remote-port <remote-port>
set interfaces openvpn vtun0 persistent-tunnel

set interfaces openvpn vtun0 authentication username <username>
set interfaces openvpn vtun0 authentication password <password>
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 hash sha512

set interfaces openvpn vtun0 tls ca-certificate nordvpn
set interfaces openvpn vtun0 tls auth-key nordvpn-tls-auth
set interfaces openvpn vtun0 openvpn-option "--remote-cert-tls server"
set interfaces openvpn vtun0 openvpn-option "--verify-x509-name CN=<remote-host-cn>"
set interfaces openvpn vtun0 openvpn-option "--key-direction 1"

set interfaces openvpn vtun0 openvpn-option "--mssfix 1450"
set interfaces openvpn vtun0 openvpn-option "--reneg-sec 0"
set interfaces openvpn vtun0 openvpn-option "--tun-mtu 1500"
set interfaces openvpn vtun0 openvpn-option "--tun-mtu-extra 32"

#set interfaces openvpn vtun0 openvpn-option --nobind
#set interfaces openvpn vtun0 openvpn-option --persist-key

#set interfaces openvpn vtun0 openvpn-option "--ping 15"
#set interfaces openvpn vtun0 openvpn-option "--ping-restart 0"
#set interfaces openvpn vtun0 openvpn-option --ping-timer-rem

#set interfaces openvpn vtun0 openvpn-option –-pull
#set interfaces openvpn vtun0 openvpn-option "--pull-filter ignore redirect-gateway"

## gistfile2.txt
openvpn vtun0 {
    authentication {
        password <password>
        username <username>
    }
    encryption {
        cipher aes256
    }
    hash sha512
    mode client
    openvpn-option "--remote-cert-tls server"
    openvpn-option "--verify-x509-name CN=<remote-host-cn>"
    openvpn-option "--key-direction 1"
    openvpn-option "--reneg-sec 0"
    openvpn-option "--tun-mtu 1500"
    openvpn-option "--tun-mtu-extra 32"
    openvpn-option "--mssfix 1450"
    persistent-tunnel
    remote-host <remote-host>
    remote-port <remote-port>
    tls {
        auth-key nordvpn-tls-auth
        ca-certificate nordvpn
    }
    vrf vpn
}

## gistfile3.txt
pki {
    ca nordvpn {
        certificate <certificate-data-in-pem-format-with-no-new-lines-or-the-header-or-footer>
    }
    openvpn {
        shared-secret nordvpn-tls-auth {
            key ****************
        }
    }
}

## gistfile4.txt
Download your OpenVPN configuration file from NordVPN. Within it will have a CA inlined, as well as a TLS Auth key.

<ca>
-----BEGIN CERTIFICATE-----
Base 64 encoded stuff in here, you only want this section, not the fluff before or after
-----END CERTIFICATE-----
</ca>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
Secret key in here, same as above regarding what you want
-----END OpenVPN Static key V1-----
</tls-auth>

 set pki ca nordvpn certificate INSERT_THE_CA_DATA_IN_HERE_AS_ONE_BIG_SINGLE_LINE
 set pki openvpn shared-secret INSERT_THE_TLS_AUTH_STUFF_HERE_AS_ONE_BIG_LINE
	set interfaces openvpn vtun0 mode client

	set interfaces openvpn vtun0 remote-host <remote-host>
	set interfaces openvpn vtun0 remote-port <remote-port>
	set interfaces openvpn vtun0 persistent-tunnel

	set interfaces openvpn vtun0 authentication username <username>
	set interfaces openvpn vtun0 authentication password <password>
	set interfaces openvpn vtun0 encryption aes256
	set interfaces openvpn vtun0 hash sha512

	set interfaces openvpn vtun0 tls ca-certificate nordvpn
	set interfaces openvpn vtun0 tls auth-key nordvpn-tls-auth
	set interfaces openvpn vtun0 openvpn-option "--remote-cert-tls server"
	set interfaces openvpn vtun0 openvpn-option "--verify-x509-name CN=<remote-host-cn>"
	set interfaces openvpn vtun0 openvpn-option "--key-direction 1"

	set interfaces openvpn vtun0 openvpn-option "--mssfix 1450"
	set interfaces openvpn vtun0 openvpn-option "--reneg-sec 0"
	set interfaces openvpn vtun0 openvpn-option "--tun-mtu 1500"
	set interfaces openvpn vtun0 openvpn-option "--tun-mtu-extra 32"

	#set interfaces openvpn vtun0 openvpn-option --nobind
	#set interfaces openvpn vtun0 openvpn-option --persist-key

	#set interfaces openvpn vtun0 openvpn-option "--ping 15"
	#set interfaces openvpn vtun0 openvpn-option "--ping-restart 0"
	#set interfaces openvpn vtun0 openvpn-option --ping-timer-rem

	#set interfaces openvpn vtun0 openvpn-option –-pull
	#set interfaces openvpn vtun0 openvpn-option "--pull-filter ignore redirect-gateway"
	openvpn vtun0 {
	authentication {
	password <password>
	username <username>
	}
	encryption {
	cipher aes256
	}
	hash sha512
	mode client
	openvpn-option "--remote-cert-tls server"
	openvpn-option "--verify-x509-name CN=<remote-host-cn>"
	openvpn-option "--key-direction 1"
	openvpn-option "--reneg-sec 0"
	openvpn-option "--tun-mtu 1500"
	openvpn-option "--tun-mtu-extra 32"
	openvpn-option "--mssfix 1450"
	persistent-tunnel
	remote-host <remote-host>
	remote-port <remote-port>
	tls {
	auth-key nordvpn-tls-auth
	ca-certificate nordvpn
	}
	vrf vpn
	}
	pki {
	ca nordvpn {
	certificate <certificate-data-in-pem-format-with-no-new-lines-or-the-header-or-footer>
	}
	openvpn {
	shared-secret nordvpn-tls-auth {
	key ****************
	}
	}
	}
	Download your OpenVPN configuration file from NordVPN. Within it will have a CA inlined, as well as a TLS Auth key.

	<ca>
	-----BEGIN CERTIFICATE-----
	Base 64 encoded stuff in here, you only want this section, not the fluff before or after
	-----END CERTIFICATE-----
	</ca>

	<tls-auth>
	#
	# 2048 bit OpenVPN static key
	#
	-----BEGIN OpenVPN Static key V1-----
	Secret key in here, same as above regarding what you want
	-----END OpenVPN Static key V1-----
	</tls-auth>

	set pki ca nordvpn certificate INSERT_THE_CA_DATA_IN_HERE_AS_ONE_BIG_SINGLE_LINE
	set pki openvpn shared-secret INSERT_THE_TLS_AUTH_STUFF_HERE_AS_ONE_BIG_LINE