NordVPN

[Tae_kyon]

I have a subscrition to NordVPN and am using it on my Gentoo box. However, I have to import the server configuration files manually into Network-Manager every time.

Openpyn and other such instruments I've found need to be installed with PIP, and in the end I can never get them to work.
An ebuild for nordmn is on panther-overlay, doesn't work either.

Has anyone found a good solution to this?

Thanks
_________________
We shall not cease from exploration. And the end of all our exploring
will be to arrive where we started and know the place for the first time

[nowlodek]

You can use NordVPN Linux app.
Get the latest deb package from https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/
Use deb2tar to convert to tar.
Extract
/usr/bin/nordvpn to /usr/local/bin
and
/usr/sbin/nordvpnd to /usr/local/sbin
and
/var/lib/norvpn to /var/lib

then create init file
touch /etc/init.d/nordvpnd
with

[Tae_kyon]

Thanks! Looks like just what I need!
_________________
We shall not cease from exploration. And the end of all our exploring
will be to arrive where we started and know the place for the first time

[nowlodek]

I'm lazy but I did it.
An ebuild for NordVPN

[Hu]

The way you represent tabs makes it difficult for users to quickly copy/paste this into a working ebuild. Do you have a repository somewhere from which interested users could download it? If not, consider posting the ebuild with tabs as actual tabs, not as placeholders.

[nowlodek]

Thank you for looking up.
There are others architectures so I started with ~amd64 with hope to include another.
Post altered accordingly.

[elover]

Hey, I found this ebuild.


nordvpn-3.5.0-r2.ebuild

[nowlodek]

Change the number and save it as nordvpn-3.6.0-r4.ebuild and try to emerge.
Deb file structure is the same so elevating ebuild should work.
Current deb file ver. 3.6.0-3 => 3.6.0-r4 ebuild ver.

[MrEncryptor]

HEY!
If you're getting this when you try to connect:

[rmk88]

Probably stupid question, but did follow the instructions on second post and then I got this:

nae ~ # rc-service nordvpnd start
* Starting nordvpnd ... [ ok ]

rmk@nae ~ $ nordvpn login
Whoops! /run/nordvpn/nordvpnd.sock not found

What I'm doin' wrong?

[lahouari]

I have the same issue.

when trying to run nordvpnd manualy this output shows:

[Hu]

The error states that the socket does not exist. Why not? Does the containing directory exist? If not, who was supposed to create it? Why did that program not create it? Since the path is under /run, I would expect this to be managed by a tmpfiles.d entry. Do you have tmpfiles enabled? Does the package install the right configuration for tmpfiles?

[lahouari]

ok after some digging and with help of support from NordVPN I moved some step further...

but not yet there.

so:
first thing is that nordvpn deamon wants to create soc file in /run/nordvpn/ and that folder does not exist.

I modified my init.d file like so for now:

[lahouari]

ah it seem I should follow this guide:

https://wiki.gentoo.org/wiki/OpenVPN

[Hu]

[lahouari]

Hay thanks for responce - yes yes it is a mess atm.. and I am working to fix it but I am stumbling blind.

So I intend to update the ebuild to do what it needs correctly (for creation of run foler etc it is obvious that it shouldnt be done manually.( I am just describing process of what I discover as I go along) init.d file I changed already in the ebuild files folder so it will be ok after updating.

as for the pub keys and and other files in /var/lib/nordvpn folder - yeah I agree that they need to be installed in to prper place by enuild but I also don't like the double slash in the path deamon uses.

There is the other problem mentioned above of nordvpn deamon or script its using looking for ip command in sbin therfor needing to have sym link created to ip command - should that be also added to nordvpn ebuild package?

@Hu do you know where I can find info how to cerate the run folder properly - that is the one I am not sure how to do. (I gues doing that in init script would be easiest ( check if folder exists and if not create it?)

[lahouari]

this is simpler solution though:

Following this guide:
https://support.nordvpn.com/Connectivity/Linux/1047409422/How-can-I-connect-to-NordVPN-using-Linux-Terminal.htm

One can download openvpn script files and use them to connect directly using openVPN client. (like Network Manager with openvpn plugin)

[Hu]

The double slash is a cosmetic issue only. The kernel will collapse it properly. It may indicate that the daemon tried to insert some empty string as an extra level of directory component.

No, this package should not symlink ip. Can you patch the package to use the proper path?

Historically, initscripts did handle the run directory on their own. However, the preferred path is now through tmpfiles. See man tmpfiles.d for documentation, although you may find it easier to find a similar package and derive your configuration from that.

[lahouari]

Thanks again:

I found how to manage the run path in here:
https://www.linuxhowtos.org/manpages/8/openrc-run.htm

checkpath should do nicely (I see other init scripts using it)

as to the ip path I will dig around but as it is binary package distribution I don't think I can do it - maybe it will be possible to get NordVPN guys to fix that...


Sometimes it is so frustrating that Gentoo is a fringe distribution but I would not trade it for any other

[lahouari]

Ok so I got it working almost out of the box:
only remaining problem is the ip being looked at in /usr/sbin instead of /usr/bin - work around for now create a sym link -ill ask nord vpn guys if this can be fixed better - but that will likely take time.

my code for now:
net-vpn/nordvpn/nordvpn-3.10.0.1.ebuild

[lahouari]

I created overlay containig above package

https://gitlab.com/lahouari.dc/nordvpn/
It is now avariable through overlay (nordvpn)

[lahouari]

@Hu - what do you think of adding an use flag conditional to add the symlink to ip? (USE=ipsymlink) I don't know if nordvpn will ever fix the deamon not to rely on the ip being in /sbin...

and it is a bit inconvenient to do a manual step after instalation...

Just thinking if it would be acceptable...

[Hu]

I don't think a USE flag would be right here. I think installing such a symlink is always wrong, but on the other hand, if the package is broken without the link, then there should not be an option not to install the link, because then users could readily install a non-working package. I'm pretty sure Nordvpn has never been right here. ip may once have been in /sbin, and is now in /bin. I am not aware of /usr/sbin/ip ever having been the correct path.

Is this path not something you can patch? Fixing one character should be an easy patch regardless of the language NordVPN is written in, particularly since we need to delete a character, not add one. If there are alignment requirements, changing s to / will let you preserve the length of the string, and still fix the problem, since //bin/ip is an inefficient alias for /bin/ip.

You wrote earlier in the thread that there are openvpn script files for this, and also that the package installs a binary openvpn. Exactly which component uses the wrong path? OpenVPN is GPLv2, so if Nord is redistributing an openvpn with the bad path embedded in there, you should be able to get the source and recompile with the right path.

[lahouari]

ok to clarify I used paths /usr/{s}bin by mistake - it is /sbin in the package - problem with patching is that it is binary package and I do not feel proficient enough to fix binary package with a patch.

I referred to openvpn scripts as those are available alternative to using native client from nordvpn and can be downloaded from nordvpn servers - but I find usage of openvpn scripts inconvenient.

nordvpn package consists of 3 binary files and some certificates and maybe some other little data files; binaries are
* nordvpnd - service deamon;
* nordvpn - command line client to manage nordvpnd and connect to vpn service
* openvpn - binary in /var/lib/nordvpn open vpn version used by nordvpnd.

I did talk with NordVPN customer support and asked them about changing or allowing for various location of ip command but given Gentoo is not officially supported distribution that may never happen - especially as we are not too many to justify changes from established paths. (I assume ip is installed to /sbin in Debian based distributions)

I am not certain if it is nordvpn or nordvpnd that uses wrong path to ip (I assume it is the deamon) according to customer support it is used to establish server nearest to you to connect to.

I am certain it isn't the openvpn binary that uses ip as it was first error that appeared when trying to get this to work and path to openvpn was an error after that...

I assume we could replace the binary openvpn delivered by this package with link to system native openvpn but that is separate issue

[Hu]

Patching one string in the binary should be pretty easy, but you would need to check the license terms first. Many vendors that fail to distribute source code also like to require restrictive licenses that prohibit modifying their binaries, even to fix their bugs. If the nordvpn daemon is just a patched/rebranded OpenVPN, then the license should be fairly friendly, and getting the source should be easy. If it's a custom program they wrote, they may have it under a restrictive license.

I seem to recall that /sbin was once the path of ip, but that was changed long ago, partly on the basis that Debian did it first.