Due to lazyiness I have not yet set up a NordVPN VPN connection on IPFire, but for the next best thing, I went for the IPFire proxy server to forward everything to NordVPN proxies.
And I wanted to share here how I did this, if someone else would ever want to do this… And of course I’m open for improvements:
-
Make sure you have IPfire proxy configured and enabled
-
Create a file
/var/ipfire/proxy/advanced/acls/include.acl
to configure squid to forward everything to NordVPN, except for internal networks:cache_peer be145.nordvpn.com parent 80 3130 default no-query login=<nordvpn_account>:<nordvpn_password> always_direct allow IPFire_ips IPFire_networks never_direct allow all
where
<nordvpn_account>:<nordvpn_password>
needs to be changed by your own NordVPN credentials. You can leave the server as is for the moment. -
Create an hourly cronjob to check for the ‘best’ server to use according to NordVPN and update IPFire proxy with it: Create the file
/etc/fcron.daily/squid-nordvpn-updater
:#!/bin/bash # Retrieve best server according to nordvpn best_server=$(curl -s https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations | python -c 'import json,sys;obj=json.load(sys.stdin);print obj[0]["hostname"]') # If result contains a nordvpn server (rudimentary check), put it in squid config echo $best_server | grep "nordvpn.com" && sed -i "s/[a-z0-9]\+\.nordvpn\.com/$best_server/g" /var/ipfire/proxy/advanced/acls/include.acl # and reconfigure squid squid -k reconfigure
and make the file executable with
chmod ug+x /etc/fcron.daily/squid-nordvpn-updater
-
Now run the script for a first time manually to activate forwarding to NordVPN. The nordvpn server in the
acl
-file will be updated to a server best for you at that moment and squid will be reloaded.
I hope this helps someone. And please comment on/suggest improvements as you see fit.