A python3 script/systemd service, to easily connect to and switch between, OpenVPN servers hosted by NordVPN. Quickly Connect to the least busy servers (using current data from Nordvpn's website) with lowest latency from you. Find servers in a specific country or even a city. It Tunnels DNS traffic through the VPN which normally (when using OpenVPN with NordVPN) goes through your ISP's DNS (still unencrypted, even if you use a third party) and completely compromises Privacy!
- Automatically connect to least busy, low latency servers in a given country.
- Systemd inegration, easy to check VPN status, autostart at startup.
- Find and connect to servers in a specific city or state.
- Uses NordVPN's DNS servers and tunnels DNS queries through the VPN Tunnel.
- Use Iptables rules to prevent IP leakage if tunnel breaks (Experimental).
- Quickly Connect to any specific server. i.e au10 or us20.
- Downloads and Updates (modifications) the latest config files from NordVPN.
- Option to run the script in background (openvpn daemon mode).
- Options to finetune server selection based on "Server Load" or "Ping Latency".
- Auto excludes the servers if ping to them fails or if they don't support OpenVPN
(TCP or UDP depending upon which one you are trying to use).
- Finds and displays nord vpn servers (with extra info) in a given country.
- Now list and connect to servers with "Peer To Peer" --p2p, "Dedicated IP" --dedicated, "Tor Over VPN" --tor,
"Double VPN" --double, "Anti DDos" --anti-ddos support.
- Desktop notification are shown when VPN connects and disconnects. (needs to run without sudo)
- Auto retry if [soft,auth-failure] received, auto failover to next best server if connection dies. (not in daemon mode)
- Install dependencies if they are not already present.
# common dependencies sudo apt install openvpn python-gobject unzip wget
- For Ubuntu / Kali / Debian / based OS's with Python=>3.5
sudo apt install python3-colorama python3-requests python3-setuptools #dependencies wget https://github.com/jotyGill/openpyn-nordvpn/releases/download/2.1.0/python3-openpyn_2.1.1-1_all.deb sudo dpkg -i python3-openpyn_2.1.1-1_all.deb
- For Fedora, all dependencies should be auto installed.
wget https://github.com/jotyGill/openpyn-nordvpn/releases/download/2.1.0/openpyn-2.1.1-1.noarch.rpm sudo dnf install ./openpyn-2.1.1-1.noarch.rpm
- For Arch Linux, using yaurt. (credit to and maintained by: https://github.com/Ubermensch85)
sudo yaourt -S openpyn-nordvpn-git
- Install openpyn with pip3. (Python=>3.5, Don't use on Debian, causes issues):
sudo apt install python3-pip sudo pip3 install openpyn --upgrade # DO NOT USE "sudo -H"
- Alternatively clone and install.
git clone https://github.com/jotyGill/openpyn-nordvpn.git cd openpyn-nordvpn sudo python3 setup.py install
- On macOS, /usr/share is protected by System Integrity Protection. In order to run "--init" or "--update" you need to temporarily disable it. To enable or disable System Integrity Protection, you must boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup and run the csrutil command from the Terminal. After enabling or disabling System Integrity Protection on a machine, a reboot is required. (credit: https://github.com/1951FDG)
Boot to Recovery OS. Launch Terminal from the Utilities menu. csrutil disable shutdown -r now xcode-select --install /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" echo 'export PATH="/usr/local/sbin:$PATH"' >> ~/.bash_profile brew install python3 brew install wget brew install openvpn sudo brew services start openvpn git clone https://github.com/jotyGill/openpyn-nordvpn.git cd openpyn-nordvpn sudo python3 setup.py install sudo openpyn --init Boot to Recovery OS. Launch Terminal from the Utilities menu. csrutil enable shutdown -r now
Initialise the script with "--init" (store credentials, install Systemd service, update/install vpn config files)
sudo openpyn --init
That's it, run the script! when done with it, press "Ctr + C" to exit.
- At minimum, you only need to specify the country-code, default port is UDP-1194, If you want to use TCP-443 instead, use "--tcp" switch.
- Now, you can also specify a city or state, useful when companies (like Google) lock your account if you try to login from an IP that resides in a different physical location.
openpyn us -a ny openpyn us --area "new york"
- To enforce Firewall rules to prevent dns leakage, also from ip leakage if tunnel breaks.
openpyn us -f # (Highly Experimental!) Warning, clears IPtables rules! # (changes are non persistent, simply reboot if having networking issues)
- When using "-f", To allow custom ports (from internal ip ranges, i.e 192.168 or 10.) through the firewall.
sudo openpyn us -f --allow 22 #only accessible from local network
- To quickly connect to a specific server.
openpyn -s au10
- To list all the Countries and their Country Codes where NordVPN hosts servers.
- To find detailed information about the available servers in a given country.
openpyn -l uk
- To find servers with features like "peer-to-peer", "dedicated ip", "tor over vpn", "double vpn" in all countries or a given country.
openpyn -l uk --p2p openpyn --list uk --dedicated openpyn -l --tor # tor over vpn in all countries
- To find the least loaded 10 NordVPN servers in US that support "peer-to-peer", out of them, connect to one of the top 2 servers that have the lowest latency from you.
openpyn us -t 10 -T 2 --p2p
- To update and run the systemd openpyn.service, use "-d" or "--daemon"
openpyn us -d
- To check the status of the systemd openpyn.service.
systemctl status openpyn
- To kill a running openvpn connection.
sudo openpyn -k
- To Flush the iptables and kill any running openvpn connections.
sudo openpyn -x #optionally --allow 22 if using as ssh server
- To Download/Update the latest vpn config files from NordVPN by:
usage: openpyn.py [-h] [-v] [-s SERVER] [-u] [-c COUNTRY_CODE] [-a AREA] [-d] [-m MAX_LOAD] [-t TOP_SERVERS] [-p PINGS] [-k] [-x] [--update] [-f] [-l [LIST_SERVERS]] [--p2p] [--dedicated] [--tor] [--double] [--anti-ddos] [--test]] [country] A python3 script to easily connect to and switch between, OpenVPN servers hosted by NordVPN. Quickly Connect to the least busy servers (using current data from Nordvpn website) with lowest latency from you. Tunnels DNS traffic through the VPN which normally (when using OpenVPN with NordVPN) goes through your ISP''s DNS (still unencrypted, even if you use a thirdparty) and completely compromises Privacy! positional arguments: country Country Code can also be specified without "-c," i.e "openpyn au" optional arguments: -h, --help show this help message and exit -v, --version show program''s version number and exit --init Initialise, store/change credentials, download/update vpn config files, needs root "sudo" access. -s SERVER, --server SERVER server name, i.e. ca64 or au10 --tcp use port TCP-443 instead of the default UDP-1194 -c COUNTRY_CODE, --country-code COUNTRY_CODE Specify Country Code with 2 letters, i.e au, -a AREA, --area AREA Specify area: city name or state e.g "openpyn au -a victoria" or "openpyn au -a 'sydney'" -d, --daemon Update and start Systemd service openpyn.service, running it as a background process, to check status "systemctl status openpyn", -m MAX_LOAD, --max-load MAX_LOAD Specify load threshold, rejects servers with more load than this, DEFAULT=70 -t TOP_SERVERS, --top-servers TOP_SERVERS Specify the number of Top Servers to choose from the NordVPN''s Sever list for the given Country, These will be Pinged. DEFAULT=4 -p PINGS, --pings PINGS Specify number of pings to be sent to each server to determine quality, DEFAULT=5 -k, --kill Kill any running Openvnp process, very useful to kill openpyn process running in background with "-d" switch -x, --kill-flush Kill any running Openvnp process, AND Flush Iptables -f, --force-fw-rules Enforce Firewall rules to drop traffic when tunnel breaks , Force disable DNS traffic going to any other interface --allow INTERNALLY_ALLOWED [INTERNALLY_ALLOWED ...] To be used with "f" to allow ports but ONLY to INTERNAL IP RANGE. e.g, you can use your PC as SSH, HTTP server for local devices (e.g 192.168.1.* range) by using "openpyn us --allow 22 80" --update Fetch the latest config files from nord''s site -l [L_LIST], --list [L_LIST] If no argument given prints all Country Names and Country Codes; If country code supplied ("-l us"): Displays all servers in that given country with their current load and openvpn support status. Works in conjunction with (-a | --area, and server types (--p2p, --tor) e.g "openpyn -l it --p2p --area milano" --p2p Only look for servers with "Peer To Peer" support --dedicated Only look for servers with "Dedicated IP" support --tor Only look for servers with "Tor Over VPN" support --double Only look for servers with "Double VPN" support --anti-ddos Only look for servers with "Anti DDos" support --test Simulation only, do not actually connect to the vpn server
- find servers with P2P support, Dedicated ips, Anti DDoS, Double VPN, Onion over VPN
- utilise the frequently updated api at "api.nordvpn.com/server"
- clean exit, handle exceptions
- store credentials from user input, if "credentials" file exists use that instead.
- sane command-line options following the POSIX guidelines
- ability to store profiles (sort of works as the systemd service file stores last state)
- find and display server's locations (cities)
- accept full country names
- colourise output
- create a combined config of multiple servers (on the fly) for auto failover
- uninstall.sh #sudo pip3 uninstall openpyn
- view status of the connection after launching in --daemon mode.
- desktop notifications.