NordVPN CLI Documentation

nordvpn-cli.md

NordVPN Linux CLI: A Comprehensive Command Reference

I. Introduction

The NordVPN client for Linux provides a robust command-line interface (CLI) that allows users to manage their VPN connections, configure settings, and access various features offered by NordVPN directly from the terminal. This document serves as an extensive guide to the NordVPN Linux CLI, detailing its commands, options, flags, and functionalities. The information is compiled from official NordVPN documentation and related resources, aiming to provide a thorough reference for both novice and advanced users.

The CLI enables users to select server locations, or allow the application to automatically choose the optimal server. It also offers customization of connection parameters, such as protocol selection (e.g., NordLynx, OpenVPN) and security features like the Kill Switch. The application interacts with several system components, including network interfaces via tuntap, firewall rules via iptables, routing via iproute2, and DNS management via systemd-resolved. While a Graphical User Interface (GUI) is also available for Linux, the CLI remains fully functional and is sometimes the preferred or sole method for accessing certain advanced features or for use in headless environments.

II. Getting Started

Before diving into specific commands, it's essential to understand the general syntax and how to access help. The NordVPN CLI is typically invoked by typing nordvpn followed by a command and any relevant options or arguments.

A. Installation

Installation instructions are primarily found on the official NordVPN website. Generally, it involves downloading a .deb or .rpm package or using a script:

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

Or, for users without curl:

sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)

After installation, users might need to add their user to the nordvpn group:

sudo usermod -aG nordvpn $USER

Followed by a reboot.

B. General Syntax

The basic structure for using the NordVPN CLI is:

nordvpn [global options] command [command options][arguments...]

III. Global Options

Global options apply to the nordvpn command itself, rather than to a specific subcommand.

--help, -h

Description: Displays a general list of commands or provides help for a specific command if specified.

Syntax:

nordvpn --help
nordvpn [command] --help

Relevant Snippets: 6 (listing global options). Usage Example:

nordvpn --help
nordvpn connect --help

--version, -v

Description: Prints the currently installed version of the NordVPN client.

Syntax:

nordvpn --version

Relevant Snippets: 6 (listing global options).

Usage Example:

nordvpn --version

Note: The command nordvpn version also achieves this, as detailed later.

IV. Main Commands

The NordVPN CLI is organized into several commands, each responsible for a specific aspect of the VPN client's operation.

A. Account Management

These commands handle user authentication and account information.

1. login

Description: Logs you into your NordVPN account. By default, this usually opens a web browser for authentication.

Syntax:

nordvpn login
nordvpn login --token <token_value>

Options:

• --token <token_value>: Allows logging in using an access token. This method is particularly useful for headless devices or automated scripts where browser-based interaction is not feasible. Tokens can be generated from the Nord Account dashboard and can be temporary (expiring in 30 days) or non-expiring. For non-expiring tokens, enabling Multi-Factor Authentication (MFA) is recommended. The ability to use tokens underscores the CLI's utility in automated or server environments, providing a secure authentication path without interactive logins.

Relevant Snippets: 3

Usage Example:

# Standard login (opens browser)
nordvpn login

# Login with a token
nordvpn login --token R4ND0M3X4MPL3T0K3N

2. logout

Description: Logs you out of your NordVPN account.

Syntax:

nordvpn logout
nordvpn logout --persist-token

Options:

• --persist-token: When logging out, this option prevents the current access token from expiring, allowing it to be reused for future logins. If this option is omitted and a token was used for login, that token will expire upon logout. This persistence is crucial for scripts or automated processes that might need to log out and subsequently log back in without requiring manual token regeneration each time.

Relevant Snippets: 5

Usage Example:

# Standard logout (expires token if one was used and --persist-token is not used)
nordvpn logout

# Logout but keep the token valid for next login
nordvpn logout --persist-token

3. account

Description: Displays information about your NordVPN account, such as your VPN Service username, email address, and subscription expiry date.

Syntax:

nordvpn account

Relevant Snippets: 5

Usage Example:

nordvpn account

4. register

Description: Initiates the process to register a new NordVPN user account. This typically directs the user to the NordVPN website to complete the registration process.

Syntax:

nordvpn register

Relevant Snippets: 5

Usage Example:

nordvpn register

B. Connection Management

These commands are used to establish, terminate, and check the status of your VPN connection.

1. connect (Alias: c)

Description: Establishes a connection to a NordVPN server. If no specific server, country, or group is specified, NordVPN will automatically select the most suitable server, often based on speed or proximity.

Syntax:

nordvpn connect [options]
nordvpn connect [country_code]
nordvpn connect [country_code_server_number] (e.g., us7123, uk123)
nordvpn connect [city_name]
nordvpn connect --group <group_name> [country_code]
nordvpn c... # (using alias)

Arguments/Options:

• <country_code>: Connects to the best available server in the specified country (e.g., us for United States, gb for Great Britain, de for Germany).

• <country_code_server_number>: Connects to a specific server identified by its unique code (e.g., us6789, uk715).

• <city_name>: Connects to a server in a specific city (e.g., london, new_york). The command nordvpn cities <country> can be used to discover available cities within a country.

• --group <group_name> [country_code]: Connects to a server belonging to a specific server group. If a country_code is also provided, it attempts to connect to a server of that group within that country. This mechanism allows users to easily access specialized server types without needing to know individual server identifiers. Common groups include:

  • double_vpn: Routes traffic through two VPN servers for an additional layer of encryption. Example: nordvpn connect --group double_vpn (connects to the closest Double VPN server) or nordvpn connect --group double_vpn us (connects to a Double VPN server in the US).
  • p2p: Optimized for peer-to-peer file sharing. Example: nordvpn connect --group p2p or nordvpn connect --group p2p de.
  • dedicated_ip: Connects to your assigned Dedicated IP server, if you have subscribed to this service.
  • obfuscated_servers: Connects to servers that use obfuscation techniques to disguise VPN traffic, useful in restrictive network environments.

• p2p: A shortcut command equivalent to nordvpn connect --group p2p.

• double_vpn: A shortcut command equivalent to nordvpn connect --group double_vpn.

• Dedicated_IP: (Note the specific casing from documentation) A shortcut for connecting to a Dedicated IP server, likely equivalent to nordvpn connect --group dedicated_ip.

The connect command's flexibility in server selection, from fully automatic to highly specific, caters to a wide range of user needs and technical expertise.

Relevant Snippets: 3

Usage Examples:

# Connect to the best recommended server
nordvpn connect

# Connect to the best server in Germany
nordvpn connect de

# Connect to server us9876
nordvpn connect us9876

# Connect to a P2P server
nordvpn connect p2p

# Connect to a Double VPN server in the United Kingdom
nordvpn connect --group double_vpn uk

2. disconnect (Alias: d)

Description: Terminates the current VPN connection.

Syntax:

nordvpn disconnect
# or
nordvpn d

Relevant Snippets: 5

Usage Example:

nordvpn disconnect

3. status

Description: Displays the current connection status. This typically includes whether the VPN is connected, the IP address of the current server, country, city, and connection uptime.

Syntax:

nordvpn status

Relevant Snippets: 5

Usage Example:

nordvpn status

4. refresh

Description: Updates the local cache of available NordVPN servers. VPN server lists are dynamic; servers can be added, removed, or their operational status can change. The refresh command ensures the client has the most current list, which can be useful for troubleshooting connection issues or accessing newly deployed servers without restarting the client or its background daemon.

Syntax:

nordvpn refresh

Relevant Snippets: 7

Usage Example:

nordvpn refresh

C. Settings Configuration (set command and settings command)

The set command is a versatile tool for customizing various client behaviors and features. The settings command allows users to view the current configuration.

1. set (Alias: s)

Description: Modifies various NordVPN client settings.

Syntax:

nordvpn set <setting_option> <value>
# or
nordvpn s <setting_option> <value>

Relevant Snippets: 5

Sub-commands/Options for set: A comprehensive list of settings controllable via nordvpn set is provided in the table below. These options allow for fine-tuning of security features, connection protocols, and user experience elements. For instance, lan-discovery addresses the common need to access local network resources while connected to a VPN, and meshnet controls a significant feature for creating secure, private inter-device networks, which in some instances, might be primarily configurable via the CLI. The pq option for Post-Quantum protection indicates a forward-looking approach to security against emerging cryptographic threats.

Table: nordvpn set Sub-commands

Setting	Description	Example Values	Primary Snippets
analytics	Enable/disable anonymous usage data collection.	on, off	9
autoconnect	Enable/disable auto-connect; optionally specify target country, server, or group.	on [target], off	5
dns	Set custom DNS servers (space separated for multiple).	[ip2]	5
killswitch	Enable/disable Kill Switch (blocks internet if VPN drops).	on, off	5
lan-discovery	Enable/disable LAN device discovery while VPN is active.	enable, disable	5
meshnet	Enable/disable Meshnet feature for direct device-to-device connections.	on, off	5
notify	Enable/disable system notifications from the NordVPN client.	on, off	5
obfuscate	Enable/disable obfuscated servers to bypass VPN restrictions.	on, off	5
protocol	Set VPN protocol (typically UDP or TCP when technology is OpenVPN).	UDP, TCP	5
pq	Enable/disable Post-Quantum protection.	on, off	5
technology	Set underlying VPN connection technology.	OpenVPN, NordLynx	5
threatprotectionlite	Enable/disable Threat Protection Lite (DNS-based ad/malware blocking).	on, off	5

Usage Examples:

# Enable Kill Switch
nordvpn set killswitch on

# Set technology to NordLynx
nordvpn set technology NordLynx

# Enable autoconnect to the best server in Canada
nordvpn set autoconnect on ca

# Set custom DNS servers
nordvpn set dns 9.9.9.9 149.112.112.112

2. settings

Description: Displays the current configuration settings of the NordVPN client. This is useful for verifying which options are currently active after using the set command or to check default values.

Syntax:

nordvpn settings

Relevant Snippets: 5

Usage Example:

nordvpn settings

D. Information and Lists

These commands help retrieve lists of available connection points and client information.

1. cities

Description: Displays a list of cities where NordVPN servers are available. This list can be optionally filtered by country.

Syntax:

nordvpn cities [country_code]

Arguments:

• [country_code]: (Optional) If provided, lists cities only for that specific country (e.g., us, gb).

Relevant Snippets: 5 (e.g., nordvpn cities united_states).

Usage Examples:

# List all available cities worldwide
nordvpn cities

# List cities in the United States
nordvpn cities us

2. countries

Description: Displays a list of all countries where NordVPN has servers.

Syntax:

nordvpn countries

Relevant Snippets: 5

Usage Example:

nordvpn countries

3. groups

Description: Shows a list of available server groups or categories (e.g., P2P, Double VPN, Dedicated IP, Obfuscated Servers). This command aids in the discovery of specialized server types that NordVPN offers. Knowing these group names allows users to leverage the --group option with the connect command, facilitating easy connections to servers optimized for specific tasks without needing to know individual server hostnames.

Syntax:

nordvpn groups

Relevant Snippets: 5

Usage Example:

nordvpn groups

4. version

Description: Displays the installed version of the NordVPN client. This is distinct from the global --version option but serves the same purpose.

Syntax:

nordvpn version

Relevant Snippets: 13 (explicitly nordvpn version), 14

Usage Example:

nordvpn version

E. Whitelisting

The whitelisting commands allow users to define exceptions to VPN tunneling, enabling specific ports or subnets to bypass the VPN or be explicitly allowed for features like LAN discovery or peer-to-peer applications. This provides fine-grained control over network traffic, which is essential for users integrating VPN usage into complex network setups or requiring local network access.

1. whitelist add port <port_number> [protocol]

Description: Adds a rule to the whitelist for a specified incoming port. Multiple port numbers can be specified, separated by spaces. The protocol (e.g., TCP, UDP) might be implicitly handled or an additional option, though current snippets primarily focus on the port number.

Syntax:

nordvpn whitelist add port <port> [<port2>...]

Arguments:

• <port>: The port number to whitelist.

Relevant Snippets: 5

Usage Example:

# Whitelist port 8080
nordvpn whitelist add port 8080

# Whitelist ports 22 and 80
nordvpn whitelist add port 22 80

2. whitelist remove port <port_number>

Description: Removes a previously allowlisted port from the whitelist.

Syntax:

nordvpn whitelist remove port <port> [<port2>...]

Arguments:

• <port>: The port number to remove from the whitelist.

Relevant Snippets: 5

Usage Example:

nordvpn whitelist remove port 8080

3. whitelist add subnet <subnet_cidr>

Description: Adds a rule to the whitelist for a specified subnet, typically in CIDR (Classless Inter-Domain Routing) notation. This is often used to maintain access to local network resources.

Syntax:

nordvpn whitelist add subnet <subnet_cidr>

Arguments:

• <subnet_cidr>: The subnet to whitelist (e.g., 192.168.1.0/24).

Relevant Snippets: 5

Usage Example:

# Whitelist the local subnet 192.168.1.0/24
nordvpn whitelist add subnet 192.168.1.0/24

4. whitelist remove subnet <subnet_cidr>

Description: Removes a previously allowlisted subnet from the whitelist.

Syntax:

nordvpn whitelist remove subnet <subnet_cidr>

Arguments:

• <subnet_cidr>: The subnet to remove from the whitelist.

Relevant Snippets: 5

Usage Example:

nordvpn whitelist remove subnet 192.168.1.0/24

F. Feedback and Help

1. rate <1-5>

Description: Allows the user to rate their last VPN connection quality on a scale of 1 to 5. This feedback is presumably used by NordVPN to monitor and improve service quality.

Syntax:

nordvpn rate <rating_value>

Arguments:

• <rating_value>: A numerical rating from 1 (poor) to 5 (excellent).

Relevant Snippets: 5

Usage Example:

# Rate the last connection as 5 (excellent)
nordvpn rate 5

2. help (Alias: h)

Description: Shows a list of available commands or provides detailed help for a specific command. This is an essential command for discovering functionalities and understanding command-specific options.

Syntax:

nordvpn help
nordvpn help <command_name>
nordvpn h
nordvpn h <command_name>

Relevant Snippets: 5

Usage Example:

# Show general help information
nordvpn help

# Show help for the 'connect' command
nordvpn help connect

V. Advanced Topics

The NordVPN CLI facilitates several advanced configurations and features:

A. Understanding NordLynx vs. OpenVPN (set technology)

The nordvpn set technology command allows users to switch between NordLynx and OpenVPN. NordLynx is NordVPN's custom protocol built around WireGuard®, known for its high speed and modern cryptography. OpenVPN is a highly configurable and widely trusted open-source protocol that can use either UDP (User Datagram Protocol) for speed or TCP (Transmission Control Protocol) for reliability, configurable via nordvpn set protocol <UDP|TCP>. The choice depends on user priorities: NordLynx often provides better performance, while OpenVPN might be preferred for its established track record or ability to use TCP, which can be more resilient in networks with high packet loss or strict firewalls.

B. Using Obfuscated Servers (set obfuscate)

The nordvpn set obfuscate <on|off> command enables or disables the use of obfuscated servers. These servers are designed to bypass network restrictions or censorship that specifically target VPN traffic by making it look like regular HTTPS traffic. This feature is particularly useful in countries or networks where VPN use is restricted or blocked. The connect --group obfuscated_servers command may also be available to connect specifically to these servers.

C. Post-Quantum Protection (set pq)

The nordvpn set pq <on|off> command controls Post-Quantum (PQ) protection. This is an advanced security feature designed to safeguard user data against the potential threat of future quantum computers, which could theoretically break current encryption standards. Enabling PQ protection utilizes experimental cryptographic techniques to enhance security for long-term data privacy.

D. Meshnet Deep Dive (set meshnet and related usage)

Meshnet is a significant feature that allows users to create secure, private, and encrypted connections directly between their own devices or devices of other NordVPN users they trust, regardless of their physical location. It effectively allows users to form their own private VPN network. The command nordvpn set meshnet <on|off> controls this feature. Some sources suggest that certain aspects or the initial availability of Meshnet might be primarily or exclusively managed through the CLI. This makes the CLI indispensable for users wishing to leverage Meshnet for secure file sharing, collaborative gaming, or accessing services running on remote personal devices. Whitelisting rules might also interact with Meshnet for allowing specific traffic between peered devices.

E. Interaction with GUI

NordVPN offers a GUI for Linux in addition to the CLI. While the GUI provides a visual way to manage connections and some settings, the CLI remains fully functional and may be necessary for certain advanced configurations or features not yet implemented in the GUI. Ideally, settings configured via one interface should be reflected in the other, but users leveraging both should be aware that the CLI often provides more granular control.

VI. Updating the NordVPN Client

Keeping the NordVPN client up-to-date is crucial for security, performance, and access to the latest server lists and features. For Debian-based Linux distributions (like Ubuntu, Debian, Linux Mint), the client can typically be updated using the system's package manager:

sudo apt-get update
sudo apt-get upgrade nordvpn

Alternatively, reinstalling the package can also perform an upgrade:

sudo apt-get install nordvpn

It is important to note that older versions of the NordVPN client (e.g., versions older than 3.12.0) may eventually lose the ability to connect to servers, making regular updates essential for continued service.

VII. Conclusion

The NordVPN Linux CLI offers a comprehensive suite of commands for managing VPN connections and client settings. From basic login and connect operations to advanced configurations like custom DNS, Kill Switch, protocol selection, and specialized server access, the CLI provides powerful control for users comfortable with the terminal. Features like token-based login, Meshnet management, and fine-grained whitelisting further extend its utility, particularly for automated tasks, server environments, and users with specific networking requirements. While a GUI is available, the CLI often provides faster access to the full range of functionalities and remains a critical tool for many Linux users. For quick reference on any command, users are encouraged to utilize the nordvpn help <command> functionality.

VIII. Appendix: Quick Command Reference Table

This table provides a concise summary of the primary NordVPN CLI commands and their aliases for quick lookup.

Command	Alias(es)	Brief Description
login		Logs into NordVPN account.
logout		Logs out of NordVPN account.
account		Shows account information.
register		Registers a new user account.
connect	c	Connects to a VPN server.
disconnect	d	Disconnects from the VPN server.
status		Shows current connection status.
refresh		Refreshes the server list.
set	s	Sets a configuration option.
settings		Lists the current settings.
cities		Lists available cities for connection.
countries		Lists available countries for connection.
groups		Lists available server groups (e.g., P2P, Double VPN).
version		Displays the installed client version.
whitelist		Manages whitelist rules for ports and subnets.
rate		Rates the quality of the last connection (1-5).
help	h	Shows help information for commands.