NordVPN blocking traffic - workaround

Difficulty: ★☆☆☆☆

Resolving NordVPN’s network lock

Once every few hours the connection to the NordVPN server drops and is not restored. Because the instantiated network rules are not removed, the daemon is unable to restore the connection, even on a restart. In this guide I discuss my findings with this issue and a work-around that I have found to restore your internet connection.

The issue

For a reason I have not yet discovered, every few hours (often when waking up from sleep, but also during regular use) the connection to the NordVPN server drops and is not restored. Restarting nordvpnd.service or NetworkManager do not change this. Any network traffic is blocked. I am using the NordLynx protocol.

The cause

Though I have not figured out why the connection drops, I have figured out why the traffic is blocked. In order to have all traffic go through your VPN and block all other traffic, network rules in iptables are made that prevent any outbound traffic, except for traffic going over the VPN connection. When the connection drops, these rules stay in place, even when the daemon is restarted. Older versions of the NordVPN daemon reset these rules when the daemon was reset, so it would work again upon restarting.

Not a fix (yet)

A fix would prevent the connection from dropping in the first place. Because I haven’t found the cause of the crash, I can’t fix it. Ideas are welcome, feel free to reply to this guide or send me a DM, so I can update this guide accordingly.


When all traffic is blocked because of this bug, just restarting the daemon won’t work. It will not be able to reach any NVPN servers and set up a new connection. Instead you first have to clear your iptables with:

sudo iptables -F

Then restart the daemon with:

sudo systemctl restart nordvpnd

These two commands can be combined:

sudo iptables -F && sudo systemctl restart nordvpnd

Restarting the daemon only works if you clear the iptables so be sure to always do that first.

Improvements to this workaround

Restarting the service will let it shut down on its own first (which won’t succeed) before killing the process. By default this takes 90 seconds, which is quite long to wait.

Therefore I have altered the daemon config file a bit. Locate the file using locate nordvpnd.service and make a copy of it to restore it to, in case something breaks.

I have then replaced it with:

Description=NordVPN Daemon

# RestartSec=1
# centos7 RuntimeDirectory ignored
# User=root

This will reduce the restart time to 7 seconds. When you replace the configuration, reload the daemon using

sudo systemctl daemon-reload


First: I have been using Linux for about five years now, but only recently really got into the more detailed bits of it. Because of that I often do not use the most straightforward method to achieve certain results. If you notice any such mistakes, please let me know so I can learn from them and improve this guide.

Second: This is the first tutorial I write on the Manjaro Forum. If you have any tips on how to improve it, please let me know.