Difficulty: ★☆☆☆☆
Resolving NordVPN’s network lock
Once every few hours the connection to the NordVPN server drops and is not restored. Because the instantiated network rules are not removed, the daemon is unable to restore the connection, even on a restart. In this guide I discuss my findings with this issue and a work-around that I have found to restore your internet connection.
The issue
For a reason I have not yet discovered, every few hours (often when waking up from sleep, but also during regular use) the connection to the NordVPN server drops and is not restored. Restarting nordvpnd.service or NetworkManager do not change this. Any network traffic is blocked. I am using the NordLynx protocol.
The cause
Though I have not figured out why the connection drops, I have figured out why the traffic is blocked. In order to have all traffic go through your VPN and block all other traffic, network rules in iptables are made that prevent any outbound traffic, except for traffic going over the VPN connection. When the connection drops, these rules stay in place, even when the daemon is restarted. Older versions of the NordVPN daemon reset these rules when the daemon was reset, so it would work again upon restarting.
Not a fix (yet)
A fix would prevent the connection from dropping in the first place. Because I haven’t found the cause of the crash, I can’t fix it. Ideas are welcome, feel free to reply to this guide or send me a DM, so I can update this guide accordingly.
Workaround
When all traffic is blocked because of this bug, just restarting the daemon won’t work. It will not be able to reach any NVPN servers and set up a new connection. Instead you first have to clear your iptables with:
sudo iptables -F
Then restart the daemon with:
sudo systemctl restart nordvpnd
These two commands can be combined:
sudo iptables -F && sudo systemctl restart nordvpnd
Restarting the daemon only works if you clear the iptables so be sure to always do that first.
Improvements to this workaround
Restarting the service will let it shut down on its own first (which won’t succeed) before killing the process. By default this takes 90 seconds, which is quite long to wait.
Therefore I have altered the daemon config file a bit. Locate the file using locate nordvpnd.service and make a copy of it to restore it to, in case something breaks.
I have then replaced it with:
[Unit]
Description=NordVPN Daemon
Requires=nordvpnd.socket
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/sbin/nordvpnd
NonBlocking=true
KillMode=process
Restart=on-failure
# RestartSec=1
TimeoutStopSec=2
# centos7 RuntimeDirectory ignored
RuntimeDirectory=nordvpn
RuntimeDirectoryMode=0770
# User=root
Group=nordvpn
This will reduce the restart time to 7 seconds. When you replace the configuration, reload the daemon using
sudo systemctl daemon-reload
Disclaimer
First: I have been using Linux for about five years now, but only recently really got into the more detailed bits of it. Because of that I often do not use the most straightforward method to achieve certain results. If you notice any such mistakes, please let me know so I can learn from them and improve this guide.
Second: This is the first tutorial I write on the Manjaro Forum. If you have any tips on how to improve it, please let me know.