Quick connect does not work if the last protocol used was IPsec

Traceback (most recent call last):
  File "/usr/local/bin/nordpy", line 62, in <module>
    main()
  File "/usr/local/bin/nordpy", line 35, in main
    quick_connect(parsed_args.wait_connection)
  File "/home/francesco/GitHub/nordpy/bin/command_line_util.py", line 34, in quick_connect
    start_openvpn(server, protocol)
  File "/home/francesco/GitHub/nordpy/bin/vpn_util/openvpn.py", line 41, in start_openvpn
    killswitch_up(server, protocol)
  File "/home/francesco/GitHub/nordpy/bin/vpn_util/killswitch.py", line 82, in killswitch_up
    (ip, port) = read_remote_ip_port(get_path_to_conf(server_name, protocol))
  File "/home/francesco/GitHub/nordpy/bin/vpn_util/killswitch.py", line 21, in read_remote_ip_port
    with open(ovpn_filename, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/francesco/GitHub/nordpy/ovpn_Ikev2/IPsec/us4645.nordvpn.com.Ikev2/IPsec.ovpn'

Add a script to be runned for removing all what was installed by nordpy

retrieve from https://nordvpn.com/api/server/stats the load of a specific server

Hi
I'm getting an error message when trying to run nordpy. I get the password prompt, but then the following message.

I have reinstalled and rebooted.

This is on a clean install of debian buster

user@debian:/Downloads/nordpy-master$ chmod +x install.sh
user@debian:/Downloads/nordpy-master$ ./install.sh

Do you want to install support for obfuscated servers (it will reinstall openvpn)?[y/n] (Recommended: n)
n
Reading package lists... Done
Building dependency tree
Reading state information... Done
openvpn is already the newest version (2.4.7-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Required packages installed
installing certificates (needed by ipsec)
downloading and extracting conf files from NordVPN
user@debian:/Downloads/nordpy-master$ nordpy
Traceback (most recent call last):
File "/usr/local/bin/nordpy", line 62, in
main()
File "/usr/local/bin/nordpy", line 56, in main
from bin.gui import gui
File "/home/user/Downloads/nordpy-master/bin/gui.py", line 10, in
from bin.vpn_util.vpn import *
File "/home/user/Downloads/nordpy-master/bin/vpn_util/vpn.py", line 2, in
from bin.vpn_util.openvpn import *
File "/home/user/Downloads/nordpy-master/bin/vpn_util/openvpn.py", line 6, in
from bin.vpn_util.killswitch import killswitch_up, killswitch_down
File "/home/user/Downloads/nordpy-master/bin/vpn_util/killswitch.py", line 22, in
has_legacy = check_has_legacy()
File "/home/user/Downloads/nordpy-master/bin/vpn_util/killswitch.py", line 15, in check_has_legacy
universal_newlines=True).communicate()
File "/usr/lib/python3.7/subprocess.py", line 775, in init
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'iptables-legacy': 'iptables-legacy'
Retrieved stats
Retrieved stats
user@debian:/Downloads/nordpy-master$

Hi,
While installing newest version (I had 1.3.2 earlier) I have an errors:

Required packages installed
installing certificates (needed by ipsec)
Can't open /etc/ipsec.d/cacerts/NordVPN.der for reading, No such file or directory
140600940902208:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/ipsec.d/cacerts/NordVPN.der','rb')
140600940902208:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate

Describe the question
Is it possible to allow other devices on the local area network to connect with SSH to the computer running NordPy while VPN is active?

Expected behavior
I am hoping for a whitelist option for subnetwork and port to allow local SSH connections while the VPN is active

Desktop (please complete the following information):

• Linux Distribution: Arch Linux
• NordPy version: latest

Additional context
The official NordVPN app for Linux is supposed to allow this feature, but it is currently not working correctly. I'm using the opportunity to find another app, and this looks like a good one.

Hi,
currently I'm trying to automate the connection to the NordVPN network. Using Google I found your project, which seemed quite useful, so I installed it on my Raspberry Pi (Raspbian Lite). However, on trying to start nordpy it fails and exits with the message that the tkinter package is not present. And there's my question: I want to use nordpy exclusively on the command line, so is it possible to install nordpy without the GUI?

Thanks!

Hi and thanks for the app, I've been waiting for ages for one of these (nordvpn told me they wouldn't bother)
I was going to suggest adding a button that kills IPv6 with
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
but then realised that this would probably only work on Debian (and forks).
So I thought why not suggest adding customisable buttons where the user could choose a system command to run.
For example I have UFW so implementing a killswitch can be done with these two commands :

sudo ufw default deny outgoing
sudo ufw allow out on tun0 from any to any 

(I know you can do it directly with iptables but never tried)

Adding customisable buttons would give each user the opportunity to implement a killswitch (or whatever) for their own distro. You wouldn't have to bother finding a "universal" solution that would work no matter the distro. Each user would pick their own solution or option and go with it.

That's all (thanks again for the app)

Hi

I have updated my Pi 3 from Stretch to Buster and since then I was heaving problems with NordPy windows. I thought that I will reinstall everything as I hadthe same with few other apps and this helped.

With NordPy reinstall something went wrong and I can't run it again. Also I accidentally removed the desktop icon and it does not appear after reinstall.

Can you help me with this? I'm not experienced with Linux/Raspbian. Can I somehow remove all related to NordVPN / NordPy and start from beginning or fix what I have installed already?

Please see some info from terminal:

pi@raspberrypi:~ $ sudo apt-get install strongswan strongswan-ikev2 libstrongswan-standard-plugins libstrongswan-extra-plugins libcharon-extra-plugins
Reading package lists... Done
Building dependency tree
Reading state information... Done
libcharon-extra-plugins is already the newest version (5.7.2-1).
libstrongswan-extra-plugins is already the newest version (5.7.2-1).
libstrongswan-standard-plugins is already the newest version (5.7.2-1).
strongswan is already the newest version (5.7.2-1).
strongswan-ikev2 is already the newest version (5.5.1-4+deb9u4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

pi@raspberrypi:~ $ sudo apt-get install networkmanager-openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package networkmanager-openvpn

pi@raspberrypi:~ $ sudo apt-get install automake autoconf perl gnupg quilt libtool openssl-devel lzo-devel pam-devel net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package openssl-devel
E: Unable to locate package lzo-devel
E: Unable to locate package pam-devel

pi@raspberrypi:~ $ sudo /home/pi/NordPy-master/install.sh
Do you want to install support for obfuscated servers (it will reinstall openvpn)?[y/n] (Recommended: n)
n
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package openpn
sudo: dnf: command not found
sudo: pacman: command not found
Reading package lists... Done
Building dependency tree
Reading state information... Done
openvpn is already the newest version (2.4.7-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Required packages installed
installing certificates (needed by ipsec)
downloading and extracting conf files from NordVPN

Edit 1:

I managed to get the icon back. There was an issue with folders. Somehow folders have been relocated.

Now when I try to open the app I have the window for password, I'm keying the password and after pressing ok nothing is happening. The window itself looks not correct .

and resized:

Describe the bug
After providing the password the window with list of servers is not appearing.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...' - start / system tools / select nordpy
2. Provide password and press ok
3. Error - window with servers is not appearing

Expected behavior
As previously window with servers should appear

Desktop (please complete the following information):

• Linux Distribution
  PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
  NAME="Raspbian GNU/Linux"
  VERSION_ID="10"
  VERSION="10 (buster)"
  VERSION_CODENAME=buster

• NordPy version (git log --pretty=format:'%H' -n 1) 1.3

Additional context
My Raspbian was updated and I believe some of the settings/files/folders have been changed or removed. I'm not experienced with Linux so not sure how to fix it. Apologies for another issues raised.

Info after reinstall:

pi@raspberrypi:~ $ sudo /home/pi/NordPy-1.3/install.sh
Do you want to install support for obfuscated servers (it will reinstall openvpn)?[y/n] (Recommended: n)
n
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
openvpn-systemd-resolved
The following NEW packages will be installed:
openvpn
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/426 kB of archives.
After this operation, 1,019 kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously unselected package openvpn.
(Reading database ... 106240 files and directories currently installed.)
Preparing to unpack .../openvpn_2.4.7-1_armhf.deb ...
Unpacking openvpn (2.4.7-1) ...
Setting up openvpn (2.4.7-1) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u1+rpi1) ...
Required packages installed
/home/pi/NordPy-1.3/install.sh: line 69: nmcli: command not found
/home/pi/NordPy-1.3/install.sh: line 69: [: =: unary operator expected
installing certificates (needed by ipsec)
ln: failed to create symbolic link '/usr/local/bin/nordpy': File exists
downloading and extracting conf files from NordVPN

Info from running nordpy.py

pi@raspberrypi:~/NordPy-1.3 $ ./nordpy.py
Traceback (most recent call last):
File "./nordpy.py", line 28, in
main()
File "./nordpy.py", line 23, in main
app = gui()
File "/home/pi/NordPy-1.3/bin/gui.py", line 46, in init
running_vpn = get_running_vpn()
File "/home/pi/NordPy-1.3/bin/vpn_util/vpn.py", line 57, in get_running_vpn
if nm_running_vpn():
File "/home/pi/NordPy-1.3/bin/vpn_util/nm.py", line 136, in nm_running_vpn
list_process = subprocess.Popen(args, universal_newlines=True, stdout=subprocess.PIPE)
File "/usr/lib/python3.7/subprocess.py", line 775, in init
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'nmcli': 'nmcli'
Retrieved stats
Retrieved stats

Hi. First of all, thank you for making nordpy. I really like the simplicity of it and the fact it is open source.

I have an issue with reaching (SSH)) my system after running nordpy.

I have a server with two vlan interfaces, eth0.100 and eth0.200.

> ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    [ ... ]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether d0:63:b4:00:b1:3e brd ff:ff:ff:ff:ff:ff
[ ... ]
4: eth0.200@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d0:63:b4:00:b1:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.250.2/24 brd 192.168.250.255 scope global dynamic noprefixroute eth0.200
       valid_lft 2057481sec preferred_lft 2057481sec
    [ ... ]
5: eth0.100@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d0:63:b4:00:b1:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0.100
       valid_lft 2057481sec preferred_lft 2057481sec
    [ ... ]

There are default routes for both interfaces (with a different metric).

> ip route
default via 192.168.0.1 dev eth0.100 proto dhcp metric 400 
default via 192.168.250.1 dev eth0.200 proto dhcp metric 401 
[ ... ]

nordpy edits the iptables. I my case it denies incoming and outgoing traffic to all networks, except to one the one, which was previously the default route network.

> iptables -S   
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0.100 -j ACCEPT
[ ... ]
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0.100 -j ACCEPT
[ ... ]

My issue is: I want to access this device via SSH over the eth0.200 interface (192.168.250.0/24), But nordpy does not create the needed iptalbes entry. Could nordpy add ACCEPT rules for all internal (local) networks? Why is the default to DROP everything? Wouldn't it be enough to deny input on the tun0 interface? Sorry, I'm a bit confused by these rules.

This is more of a question than a bug report:

Is there a reason that nordpy_up.sh adds Google DNS servers to resolv.conf instead of NordVPN's own DNS servers?

In the most recent version as of the posting of this issue:

Scripts do not have execute bit set, but they are called like executables.

So when you try to do that the OS reports that the program is not found.

You need to either call the scripts as a switch to the Python executable or set the executable bit during install.

Development and testing should be enhanced by the mean of some container/VM environment preconfigured, either Vagrant or Docker (or any other possibility suitable to test connection configuration)

Hi
First of all, I'd like to thank you for this amazing tool. Loved it.

Now the issue.
When I try to select the server manually it doesn't work, even if I click on it. For example, in the server menu, if I click on 'us' then 'us2715' (or whatever) it doesn't work, not even if I double click on it.

PS: I've tried re-installing it thrice

Connect to VPN through Network Manager instead of using OpenVPN. That would improve integration in the OS

Add a section in NordPy GUI where the user can manually choose the VPN

Is there support CyberSec?

Here is the excerpt after running ./install.sh

Setting up openvpn (2.4.7-1) ...
[ ok ] Restarting virtual private network daemon.:.
Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service.
Setting up opensc (0.19.0-1) ...
Processing triggers for systemd (241-7~deb10u2+rpi1) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for desktop-file-utils (0.23-4) ...
Processing triggers for mime-support (3.62) ...
Processing triggers for gnome-menus (3.31.4-3) ...
Processing triggers for libc-bin (2.28-10+rpi1) ...
**E: Unable to locate package strongswan-ikev2**
Required packages installed
installing certificates (needed by ipsec)
downloading and extracting conf files from NordVPN

Rest of the installation was successful but when trying to connect, I saw the following in /var/log/syslog

Feb 16 16:05:32 raspberrypi charon: 16[IKE] received end entity cert "CN=us3628.nordvpn.com"
Feb 16 16:05:32 raspberrypi charon: 16[IKE] received issuer cert "C=PA, O=NordVPN, CN=NordVPN CA4"
Feb 16 16:05:32 raspberrypi charon: 16[CFG]   using certificate "CN=us3628.nordvpn.com"
Feb 16 16:05:32 raspberrypi charon: 16[CFG]   using untrusted intermediate certificate "C=PA, O=NordVPN, CN=NordVPN CA4"
Feb 16 16:05:32 raspberrypi charon: 16[CFG] checking certificate status of "CN=us3628.nordvpn.com"
Feb 16 16:05:32 raspberrypi charon: 16[CFG] certificate status is not available
Feb 16 16:05:32 raspberrypi charon: 16[CFG] no issuer certificate found for "C=PA, O=NordVPN, CN=NordVPN CA4"
Feb 16 16:05:32 raspberrypi charon: 16[CFG]   issuer is "C=PA, O=NordVPN, CN=NordVPN Root CA"
Feb 16 16:05:32 raspberrypi charon: 16[IKE] no trusted RSA public key found for 'us3628.nordvpn.com'

I followed Step #2 and Step #9 from https://nordvpn.com/tutorials/linux/ikev2ipsec/ manually and the error in /var/log/syslog gets resolved but I cannot authenticate successfully and get "Wrong Credentials" everytime.

Feb 16 16:26:51 raspberrypi charon: 01[CFG]   reached self-signed root ca with a path length of 1
Feb 16 16:26:51 raspberrypi charon: 01[IKE] authentication of 'us3030.nordvpn.com' with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 16 16:26:51 raspberrypi charon: 01[IKE] server requested EAP_IDENTITY (id 0x00), sending '[email protected]'
Feb 16 16:26:51 raspberrypi charon: 01[IKE] EAP_IDENTITY not supported, sending EAP_NAK
Feb 16 16:26:51 raspberrypi charon: 01[ENC] generating IKE_AUTH request 2 [ EAP/RES/NAK ]
Feb 16 16:26:51 raspberrypi charon: 01[NET] sending packet: from 192.168.86.22[4500] to 208.84.155.239[4500] (80 bytes)
Feb 16 16:26:51 raspberrypi charon: 06[NET] received packet: from 208.84.155.239[4500] to 192.168.86.22[4500] (80 bytes)
Feb 16 16:26:51 raspberrypi charon: 06[ENC] parsed IKE_AUTH response 2 [ EAP/FAIL ]
Feb 16 16:26:51 raspberrypi charon: 06[IKE] received EAP_FAILURE, EAP authentication failed
Feb 16 16:26:51 raspberrypi charon: 06[ENC] generating INFORMATIONAL request 3 [ N(AUTH_FAILED) ]
Feb 16 16:26:51 raspberrypi charon: 06[NET] sending packet: from 192.168.86.22[4500] to 208.84.155.239[4500] (80 bytes)

Thanks for this tool. I hope you can add NordLynx support as well.

I'm on Arch linux with KDE Plasma and I'm using these two repos for the AUR: https://aur.archlinux.org/packages/nordpy/ https://aur.archlinux.org/packages/nordpy-plasmoid-git/

Describe the bug
I ran into a weird problem where I would experience a pam faillock because of this app. You can see some back and forth details on this thread on the Arch linux forums.

Ultimately, it looks like the following commands get called fairly frequently by nordpy in the background

sudo ipsec status
sudo ipsec --version

despite the fact that I hadn't installed strongswan.

This seemed to cause the pam faillock. When I added a NOPASSWD: /usr/bin/ipsec to my user in my sudoers file, the problem went away.

It seems that nord py

• shouldn't call ipsec if strongswan isn't installed
• shouldn't call ipsec status/--version with sudo at all, and if sudo is necessary, then there should be a better way to raise those privileges.

Desktop (please complete the following information):

• Linux Distribution: Linux-Zen kernel, Arch Distro, KDE Plasma
• NordPy version: 1.3.4

I don't know if other Arch users have run into this or if it's just due to a configuration on my own machine, but hopefully this report is helpful. I really appreciate this GUI and it has a ton of potential for us non-windows/mac users. :)

It seems there are DNS leaks when using the app.

hello thx for this app !

(nordvpn don't care of linux users)

So, i can't manage any autoconnection at startup :
first i need to type root password (root ? no sudo/sudoer ?),
i need to choose my location and number of server, and clic ok, and after clic to connect

is't possible to memeory this, and/or select some server we want to connect automaticaly ?

thx

Ubuntu 18.04 distro kde neon will freeze.

After losing the connection there was no way I could re-establish it (with or without vpn).
Wicd told me I was connected, nordpy said I was not and finally the only way to get back online was a full reboot.
Before that I tried disconnecting manually using nordpy's interface and reconnecting and this is what I saw on the console

Turning off killswitch looking for iptables in /home/lorenzo/nordpy-master/stored_iptables Selected a particular country: Germany resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11,%22country_id%22:81} Selected a particular country: Germany resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11,%22country_id%22:81}

but finally I was not able to get back online.

Originally posted by @larry77 in #26 (comment)

After installation and running as a non-root user from Master branch, prompted for root's password but not accepted and prompts again--"Wrong root password, insert it again."

Installing and using NordPy as root works great! <-- NOT TRUE

• Fedora 28 with current updates
• install.sh completed with only one oddity which at a glance does not seem related

    installing certificates (needed by ipsec)
    /etc/ipsec.d/cacerts/NordVPN.der: No such file or directory

Let me know if I can provide additional details or test something.

When using nordpy with multiple monitors, the 'centering' code uses the dimensions of the extended desktop rather than (I suggest) 'screen 1', giving an odd position on setups with differently-sized displays.

Expected behavior
nordpy window opens at centre of one of the screens

Actual behaviour
nordpy opens at centre of extended desktop

Desktop (please complete the following information):

• Arch Linux
• aur/nordpy 1.3.3-1

Very nice application, a lightweight alternative to the "official" nordvpn binary that doesn't use 200MB of memory.

As things currently are, your ip-ks.sh uses a rule which allows LAN access only if a user's network is configured 192.168.0.0/24. While this is common, other setups are not uncommon, and many routers default to 192.168.1.0/24. I'd love to see one of two solutions:

1. Allow a user to manually input an allowed range in CIDR notation. (less optimal- requires manual user adjustment) or
2. Find a way to programmatically determine the correct IP range to allow. I've looked into this just a bit and I've found a way to get my setup from bash, but I'm not familiar enough with different network configurations to know if this would be a universal approach or if it would vary heavily depending on network setup and easily break.
   ip r | grep 'link[ \t]' | awk '{print $1}'

After last update (to version 2.5.0) openvpn generates a warning message

OpenVPN now uses a netlink interface for network configuration. The systemd
   units start the process with a dedicated unprivileged user 'openvpn', with
   extra capabilities(7). The configuration should no longer drop privileges,
   so remove 'user' and 'group' directives.
   Scripts that require elevated privileges may need a workaround

Indagate on the eventual needed modifications.

Maybe a button that launches a p2p software

nordpy under Gnome can't be added to 'favorites' in Dash by right-clicking and selecting 'add to favorites'
If added forcibly (by dragging icon in overview manually to Dock or using dconf-editor) then a running instance of nordpy shows as a second item in the Dash

To Reproduce
Run nordpy from 'Applications overview' in the normal Gnome manner
Right-click of Dash icon does not have 'add to favorites' in context menu

Expected behavior
Should be possible to 'add to favourites'. This can be done by dragging the icon in the applications overview into Dash, but on next run a second application icon appears when running.

Assumed Cause
Application does not declare StartupWMClass correctly

Workaround
$ cp /usr/share/applications/nordpy.desktop .local/share/applications
Edit .local/share/applications/nordpy.desktop and add the following line:
StartupWMClass=tk

Second icon is not now shwon when running and the correct context menu appears on right-click

Desktop (please complete the following information):

• Arch Linux/Gnome
• NordPy 1.3.3-1

Describe the bug

failure in name resolution as regular user

$ ping: google.com: Temporary failure in name resolution

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=55.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=56.7 ms

However, as root user, it works:

# ping google.com
PING google.com (172.217.8.142) 56(84) bytes of data.
64 bytes from mia07s49-in-f14.1e100.net (172.217.8.142): icmp_seq=1 ttl=56 time=56.5 ms
64 bytes from mia07s49-in-f14.1e100.net (172.217.8.142): icmp_seq=2 ttl=56 time=55.9 ms

To Reproduce
Steps to reproduce the behavior:
0. install on Arch with yay -S nordpy (like any other AUR package)

1. In KDE Plasma 5, launch NordPy application, leave all default settings, connect to NordVPN. Verify connection is successful.
2. Try to reach a domain name on the web, either via Firefox or curl or ping.
3. See error above.
4. Change to root user and repeat a command such as ping or curl using the same domain name that previously failed. Now it succeed.

Expected behavior
Expect normal Internet access as normal user.

Desktop (please complete the following information):

• Linux Distribution: Arch Linux
• NordPy version: 1.3.3-1 https://aur.archlinux.org/packages/nordpy/

Additional context

$ curl icanhazip.com
curl: (6) Could not resolve host: icanhazip.com
$ sudo !!
sudo curl icanhazip.com
[sudo] password for myuser:
196.247.XX.XX (a NordVPN address)

[Click "Disconnect" button in NordPy GUI]

$ curl icanhazip.com
123.43.56.789 (my normal IP address)

More info:

-rwxr-xr-x 1 root root 2115 Apr 12 01:38 /usr/share/NordPy/nordpy.py

$ pacman -Qi nordpy
Name            : nordpy
Version         : 1.3.3-1
Description     : An application with gui to connect automatically to the recommended NordVPN server
Architecture    : any
URL             : https://github.com/morpheusthewhite/NordPy
Licenses        : GPL3
Groups          : None
Provides        : nordpy
Depends On      : python3  openvpn  tk  python-requests  wget  unzip  net-tools
Optional Deps   : networkmanager-openvpn
                  strongswan
Required By     : None
Optional For    : None
Conflicts With  : nordpy
Replaces        : None
Installed Size  : 215.05 KiB
Packager        : Unknown Packager
Build Date      : Sun 12 Apr 2020 01:38:41 AM EDT
Install Date    : Sun 12 Apr 2020 01:38:49 AM EDT
Install Reason  : Explicitly installed
Install Script  : Yes
Validated By    : None

trying same steps when started from command line results in same error.

$ nordpy --quick-connect
Trying to connect to the last server type
Verifing saved file
File is correct
resulting url: https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters={%22servers_groups%22:11}
Best server retrieved: us3155.nordvpn.com
Turning on killswitch
Default interface: eth0
IP and port of the VPN server: 196.247.50.107 443
Network address on eth0: 192.168.1.0/24
Launching tcp connection with 196.247.50.107:443 on eth0 (on network 192.168.1.0/24)
[OPENVPN]: Sun Apr 12 02:26:46 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  3 2020

[OPENVPN]: Sun Apr 12 02:26:46 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10

[OPENVPN]: Sun Apr 12 02:26:46 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

[OPENVPN]: Sun Apr 12 02:26:46 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

[OPENVPN]: Sun Apr 12 02:26:46 2020 NOTE: --fast-io is disabled since we are not using UDP

[OPENVPN]: Sun Apr 12 02:26:46 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Apr 12 02:26:46 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

[OPENVPN]: Sun Apr 12 02:26:46 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]196.247.50.107:443

[OPENVPN]: Sun Apr 12 02:26:46 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]

[OPENVPN]: Sun Apr 12 02:26:46 2020 Attempting to establish TCP connection with [AF_INET]196.247.50.107:443 [nonblock]

[OPENVPN]: Sun Apr 12 02:26:47 2020 TCP connection established with [AF_INET]196.247.50.107:443

[OPENVPN]: Sun Apr 12 02:26:47 2020 TCP_CLIENT link local: (not bound)

[OPENVPN]: Sun Apr 12 02:26:47 2020 TCP_CLIENT link remote: [AF_INET]196.247.50.107:443

[OPENVPN]: Sun Apr 12 02:26:47 2020 TLS: Initial packet from [AF_INET]196.247.50.107:443, sid=b967da6d 7889766f

[OPENVPN]: Sun Apr 12 02:26:47 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

[OPENVPN]: Sun Apr 12 02:26:47 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

[OPENVPN]: Sun Apr 12 02:26:47 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4

[OPENVPN]: Sun Apr 12 02:26:47 2020 VERIFY KU OK

[OPENVPN]: Sun Apr 12 02:26:47 2020 Validating certificate extended key usage

[OPENVPN]: Sun Apr 12 02:26:47 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

[OPENVPN]: Sun Apr 12 02:26:47 2020 VERIFY EKU OK

[OPENVPN]: Sun Apr 12 02:26:47 2020 VERIFY OK: depth=0, CN=us3155.nordvpn.com

[OPENVPN]: Sun Apr 12 02:26:48 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

[OPENVPN]: Sun Apr 12 02:26:48 2020 [us3155.nordvpn.com] Peer Connection Initiated with [AF_INET]196.247.50.107:443

[OPENVPN]: Sun Apr 12 02:26:49 2020 SENT CONTROL [us3155.nordvpn.com]: 'PUSH_REQUEST' (status=1)

[OPENVPN]: Sun Apr 12 02:26:49 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.1.6 255.255.255.0,peer-id 0,cipher AES-256-GCM'

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: timers and/or timeouts modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: compression parms modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 Socket Buffers: R=[131072->425984] S=[46080->425984]

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: --ifconfig/up options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: route options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: route-related options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: peer-id set

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: adjusting link_mtu to 1659

[OPENVPN]: Sun Apr 12 02:26:49 2020 OPTIONS IMPORT: data channel crypto options modified

[OPENVPN]: Sun Apr 12 02:26:49 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

[OPENVPN]: Sun Apr 12 02:26:49 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Apr 12 02:26:49 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

[OPENVPN]: Sun Apr 12 02:26:49 2020 ROUTE_GATEWAY 192.168.5.250/255.255.255.0 IFACE=eth0 HWADDR=38:d5:47:b0:3d:b5

[OPENVPN]: Sun Apr 12 02:26:49 2020 TUN/TAP device tun0 opened

[OPENVPN]: Sun Apr 12 02:26:49 2020 TUN/TAP TX queue length set to 100

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/bin/ip link set dev tun0 up mtu 1500

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/bin/ip addr add dev tun0 10.7.1.6/24 broadcast 10.7.1.255

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/share/NordPy/scripts/nordpy_up.sh tun0 1500 1587 10.7.1.6 255.255.255.0 init

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/bin/ip route add 196.247.50.107/32 via 192.168.5.250

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/bin/ip route add 0.0.0.0/1 via 10.7.1.1

[OPENVPN]: Sun Apr 12 02:26:49 2020 /usr/bin/ip route add 128.0.0.0/1 via 10.7.1.1

[OPENVPN]: Sun Apr 12 02:26:49 2020 Initialization Sequence Completed

$ curl icanhazip.com
curl: (6) Could not resolve host: icanhazip.com

Hi! Thanks for building this awesome utility. I was hating Openvpn until I found it. Everything works actually.

Only comment is that everytime I run Nordpy I need to resize the window because nothing is visible. Same happens with the pop out windows for choosing server manually. I must resize it in order to see the list, and the OK button below.

Im not sure if this is actually due to my system. Im running Mint 19.1
Anyway, here's a screenshot so you get an idea.

Can you add a aur package for arch?

Hi, had no problems on LM 19.3 but get the below trying to install on LM 20.
No matter what I select on the last line the Terminal closes.

Due to the recent release of Wireguard within the linux kernel it should be easier to enable and use it on all distributions, like Fedora which previously presented troubles while configuring it

Font size under Wayland is the same with both single/multiple screens. (I was wrong earlier, the dpi is different between the two screens.)

Under Xorg, single screen:

Xorg, two screens:

Obviously the centering of the window (which uses self.winfo_screenwidth()) is a separate issue

Originally posted by @emulti in #38 (comment)

Hi, first of all, great project! Thanks for taking the time.

I have just created myself a NORDVPN account. I knew beforehand that they only have a terminal app for Linux. However, I didn't know it's functionality is so limited.

I would like to be able to exclude certain apps from the VPN connection, since there are services which don't allow IP proxying.

I'm quite experienced in programming with Python. I would love to contribute something to implementing this feature. However, my experience with Linux is very limited. I wouldn't know where to start. Could you give me some directions?

Before Posting an issue

• Installed all needed dependencies and that you run install.py
• Installed version: NordPy 1.3.2
• Installed with trizen

The bug
When I connect to any vpn and then diconnect my network is broken. I need todo a rebot to get my network working again.

To Reproduce
Steps to reproduce the behavior:

1. Install manjaro (with kde-PLASMA and kernel 4.19.85-1-MANJARO)
2. Install the latest nordpy with trizen
3. put in your credentials and leave all the settings to default-values
4. Connect to any server
5. Disconnect from any server

Sadly I did not know how I can give you some logs. If you tell me that I will do this.
It would be awesome if we can bring it to run. I did not change a lot on this manjaro install.

Add "Update" button to re-download from nordvpn.com all .ovpn files
Also received as recommended server one which .ovpn is not on disk will result in a infinite loop (the thread is reading on the sdout ovpn indefinitely)

Change check button background color to support light themes

Hello Morpheus,

since the update of ubuntu to 22.04 the default network connection does not come alive after ending nordpy. The only way to revive the network is a total reboot.
I have experienced this in Ubuntu standard, Mate and Budgie, so I assume it happens in the other flavors as well.
I hope you can and will do something to fix it because nordpy does make a very nice addition to nordvpn.

Kind regards, Lisa

Create and submit debian package

Is Windows support expected?

Add support for ikev2/ipsec
https://nordvpn.com/it/tutorials/linux/ikev2ipsec/

If I connect vpn once. I can't disconnect until reboot. When I disconnect I'll lost connection.
Ubuntu 20.10

Implement a killswitch

This would be ideal if there was an option to disable/ignore the VPN DNS.
In windows I would typically download specific ovpn files and edit them to ignore the DNS in some cases.

Would a toggle be possible for this?

I'm under the latest arch as of 4/29/20 using nordpy 1.3.3-1.

Not sure if this is using GTK or Qt but the application has no theme for me

https://imgur.com/1UOHRDB.png