I’m using NordVPN and I must say it working just fine for me. It is quick, stable and has enough features for me. I have it on Android, had it on Windows 10, and currently have it on Linux Mint (19.3 and LMDE4) and Debian.

The only downside is I cannot get version 3 of NordVPN to work on Debian (9 and 10); which I think is strange, because it is running just fine on Linux Mint LMDE4, which is also based in Debian 10.

I’m not sure if this is due to NordVPN itself, or that it has to do with the settings in Debian. NordVPN installs just fine and it lets me make a connection to the NordVPN server I select as well as set any options I like. But – irrespective of the browser I use – it blocks access to internet entirely until I disconnect from NordVPN again.

So, I’m still running NordVPN version 2 on Debian, which is not as quick as version 2, but works just fine.

Anyone any suggestions?

Could you read through this thread:

Then, if the issue is still not solved, issue the commands from this post:

Hi Akito,
I carried out all 4 tests on Debian 10.3 with NordVPN 2.2.0-3 and NordVPN 3.7.1 and specially the ‘traceroute 8.8.8.8’ and the ‘nslookup example .com’ [inserted a space in link, because I’m not permitted by this board to insert more then 2 links] tests show that NordVPN 2.2.0-3 is working fine and that NordVPN 3.7.1 is blocking internet traffic.
Any suggestions as to how I could make NordVPN 3.7.1 work correctly?

Test-output was as per below…

COMMAND: IP A

[Debian 10.3 with NordVPN 2.2.0-3 connected: $ip a]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e0:69:95:42:b3:10 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.10/8 brd 10.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:81:12:47:37:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.164/24 brd 192.168.178.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 85910sec preferred_lft 85910sec
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.8.37/22 brd 10.8.11.255 scope global tun0
       valid_lft forever preferred_lft forever

[Debian 10.3 with NordVPN 2.2.0-3 disconnected: $ip a]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e0:69:95:42:b3:10 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.10/8 brd 10.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:81:12:47:37:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.164/24 brd 192.168.178.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 85643sec preferred_lft 85643sec

[Debian 10.3 with NordVPN 3.7.1 connected: $ip a]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e0:69:95:42:b3:10 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.10/8 brd 10.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:81:12:47:37:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.164/24 brd 192.168.178.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 84452sec preferred_lft 84452sec
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.3.30/24 brd 10.8.3.255 scope global tun0
       valid_lft forever preferred_lft forever

[Debian 10.3 with NordVPN 3.7.1 disconnected: $ip a]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e0:69:95:42:b3:10 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.10/8 brd 10.255.255.255 scope global enp6s0
       valid_lft forever preferred_lft forever
3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:81:12:47:37:30 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.164/24 brd 192.168.178.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 84137sec preferred_lft 84137sec

COMMAND: IP ROUTE

[Debian 10.3 with NordVPN 2.2.0-3 connected: $ip route]

0.0.0.0/1 via 10.8.8.1 dev tun0 
default via 192.168.178.1 dev wlp5s0 proto dhcp metric 600 
10.0.0.0/8 dev enp6s0 proto kernel scope link src 10.0.0.10 linkdown 
10.8.8.0/22 dev tun0 proto kernel scope link src 10.8.8.37 
128.0.0.0/1 via 10.8.8.1 dev tun0 
134.19.189.190 via 192.168.178.1 dev wlp5s0 
192.168.178.0/24 dev wlp5s0 proto kernel scope link src 192.168.178.164 metric 600

[Debian 10.3 with NordVPN 2.2.0-3 disconnected: $ip route]

default via 192.168.178.1 dev wlp5s0 proto dhcp metric 600 
10.0.0.0/8 dev enp6s0 proto kernel scope link src 10.0.0.10 linkdown 
192.168.178.0/24 dev wlp5s0 proto kernel scope link src 192.168.178.164 metric 600

[Debian 10.3 with NordVPN 3.7.1 connected: $ip route]

0.0.0.0/1 via 10.8.3.1 dev tun0 
default via 192.168.178.1 dev wlp5s0 proto dhcp metric 600 
10.0.0.0/8 dev enp6s0 proto kernel scope link src 10.0.0.10 linkdown 
10.8.3.0/24 dev tun0 proto kernel scope link src 10.8.3.30 
128.0.0.0/1 via 10.8.3.1 dev tun0 
192.168.178.0/24 dev wlp5s0 proto kernel scope link src 192.168.178.164 metric 600 
195.181.173.200 via 192.168.178.1 dev wlp5s0 

[Debian 10.3 with NordVPN 3.7.1 disconnected: $ip route]

default via 192.168.178.1 dev wlp5s0 proto dhcp metric 600 
10.0.0.0/8 dev enp6s0 proto kernel scope link src 10.0.0.10 linkdown 
192.168.178.0/24 dev wlp5s0 proto kernel scope link src 192.168.178.164 metric 600 

COMMAND: TRACEROUTE 8.8.8.8

[Debian 10.3 with NordVPN 2.2.0-3 connected: $traceroute 8.8.8.8]

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  10.8.8.1 (10.8.8.1)  36.601 ms  14.215 ms  25.861 ms
 2  * * *
 3  185.23.212.8 (185.23.212.8)  25.890 ms  25.894 ms  25.902 ms
 4  185.23.212.4 (185.23.212.4)  25.838 ms  25.811 ms  25.892 ms
 5  speed-ix.google .com (185.1.95.82)  25.916 ms  25.892 ms  36.180 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 6  108.170.241.193 (108.170.241.193)  36.205 ms 108.170.241.225 (108.170.241.225)  36.051 ms 108.170.241.193 (108.170.241.193)  24.465 ms
 7  108.170.236.225 (108.170.236.225)  24.477 ms 209.85.252.245 (209.85.252.245)  24.592 ms 72.14.238.245 (72.14.238.245)  24.380 ms
 8  dns.google (8.8.8.8)  24.479 ms  24.361 ms  24.387 ms

[Debian 10.3 with NordVPN 2.2.0-3 disconnected: $traceroute 8.8.8.8]

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.178.1 (192.168.178.1)  3.281 ms  4.148 ms  4.874 ms
 2  * * *
 3  213.51.197.37 (213.51.197.37)  23.693 ms  23.670 ms  32.765 ms
 4  asd-tr0021-cr101-be156-10.core.as9143 .net (213.51.158.2)  35.288 ms  35.253 ms  35.171 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 5  nl-ams14a-ri1-ae51-0.aorta .net (213.51.64.186)  42.501 ms  40.508 ms  40.488 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 6  10ge-1-4.cr1.ams2.baseip .com (213.46.182.22)  39.048 ms  25.809 ms  25.672 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 7  * * *
 8  dns.google (8.8.8.8)  31.131 ms  31.541 ms  31.486 ms

[Debian 10.3 with NordVPN 3.7.1 connected: $traceroute 8.8.8.8]

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

	HERE THE LOG OF THIS TEST
	=========================
	daniel@JDL-HOME-7:~$ traceroute 8.8.8.8 > ~/Downloads/"Debian 10.3 with NordVPN 3.7.1 connected: [traceroute 8.8.8.8].txt"

	send: Operation not permitted
	=========================

[Debian 10.3 with NordVPN 3.7.1 disconnected: $traceroute 8.8.8.8]

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.178.1 (192.168.178.1)  3.133 ms  4.344 ms  5.180 ms
 2  * * *
 3  213.51.197.37 (213.51.197.37)  24.750 ms  24.753 ms  24.724 ms
 4  asd-tr0021-cr101-be156-10.core.as9143. net (213.51.158.2)  30.129 ms  30.145 ms  30.103 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 5  nl-ams14a-ri1-ae51-0.aorta .net (213.51.64.186)  28.560 ms  28.560 ms  33.950 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 6  10ge-1-4.cr1.ams2.baseip .com (213.46.182.22)  33.042 ms  19.119 ms  19.128 ms [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
 7  * * *
 8  dns.google (8.8.8.8)  25.574 ms  25.223 ms  24.287 ms

COMMAND: NSLOOKUP EXAMPLE .COM

[Debian 10.3 with NordVPN 2.2.0-3 connected: $nslookup example .com]

Server:		103.86.96.96
Address:	103.86.96.96#53

Non-authoritative answer:
Name:	example .com [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
Address: 93.184.216.34

[Debian 10.3 with NordVPN 2.2.0-3 disconnected: $nslookup example .com]

Server:		84.116.46.21
Address:	84.116.46.21#53

Non-authoritative answer:
Name:	example .com [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
Address: 93.184.216.34
Name:	example .com [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
Address: 2606:2800:220:1:248:1893:25c8:1946

[Debian 10.3 with NordVPN 3.7.1 connected: $nslookup example .com]

;; connection timed out; no servers could be reached

[Debian 10.3 with NordVPN 3.7.1 disconnected: $nslookup example .com]

Server:		84.116.46.21
Address:	84.116.46.21#53

Non-authoritative answer:
Name:	example .com [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
Address: 93.184.216.34
Name:	example .com [inserted a space in link, because I'm not permitted by this board to insert more then 2 links]
Address: 2606:2800:220:1:248:1893:25c8:1946

Do you connect to the same VPN server with each client?
Try connecting to a different server, but both clients using the same server.

If that does not work, try to connect to the same server(s) from your first try through a generic VPN client.

Hi Akito,

I think I don’t need to worry about using different NordVP-servers. I need to close Debian to run LMDE (and vice versa); so I never use them at the same moment in time.

I let NordVPN pick a server in the Netherlands and it usually each time comes up with another specific server. So, I hardly ever use the same server the next time I connect to NordVPN.

What do you mean exactly with ‘through a generic VPN client’?

I tried using a manual connect using OpenVPN on several of the nl* servers of NordVPN, but that left me with a system that could not resolve any URL. And when I checked /etc/resolv.conf still contained the DNS-names of my local ISP and not those of NordVPN. So that didn’t work either.

That should actually work. However, I don’t know what is wrong with your system.

It’s important because you can connect to some server but they don’t connect to the internet. Then you would need to change the server.

Okay, so I’ve run NordVPN 2.2.0-3 on Debian with nameservers 103.86.96.96 / 103.86.99.99 and with nameservers 103.86.96.100 / 103.86.99.100 and in both cases release 2.2.0-3 runs fine.

I also ran NordVPN 3.7.1 on Debian with nameservers 103.86.96.96 / 103.86.99.99 and with nameservers 103.86.96.100 / 103.86.99.100 and in both cases release 3.7.1 blocks all my internet traffic.

So, I think it has nothing to do with the DNS servers.

The main difference between NordVPN 2.2.0-3 and NordVPN 3.7.1 is that release 2.2.0-3 does NOT de-activate my UFW firewall and release 3.7.1 does de-activate my UFW firewall. It states so on start-up. As far as I know all rules from UFW should at that time be copied to the NordVPN firewall, but I highly doubt this works correctly, because apart from traffic to and from NordVPN’s own servers all other traffic is blocked.

NordVPN explicitly requires 6 rules in Windows firewall for it to copy to the NordVPN firewall to help it work (https://support.nordvpn.com/Connectivity/Windows/1107796462/Adjusting-your-operating-system-configuration.htm). So, I suspect there should be such rules in my UFW-firewall also; although Iḿ not sure about this yet.

That seems like great process. Is there a way to see what is added to the NordVPN firewall? Then you could check what exactly is done during the connection process.

I could not find a way to see what rules NordVPN copied into its firewall or not. But today I got a suggestion from NordVPN Helpdesk to try NordLynx. And actually NordVPN 3.7.1 works well on Debian 10.3 when I did set Technology=NordLynx. This is possible since Wireguard is incorporated in the Linux-kernel of Debian 10.3 since about a month now. NordLynx is still a work in progress as NordVPN states (like Wireguard in Linux-kernel is as well), but it works for me.

Yes, heard about that new feature, too. Though, the original issue does not seem to be solved.