--- name: nordvpn description: "Manage NordVPN on the Hermes host — status, reconnect for fresh IP, settings reference, and Cloudflare-block workaround." version: 1.0.0 category: devops tags: [nordvpn, vpn, cloudflare, ip-block, networking] --- # NordVPN Management Manage the NordVPN connection on the Hermes host. Used when sites block the current IP (Cloudflare, bot detection) or when VPN status/settings need inspection. ## When to Use - Sites return Cloudflare "Attention Required" or "Just a moment..." blocks - Need a fresh IP to bypass rate limiting or geo-restrictions - Inspecting or verifying VPN status and settings - User asks about VPN configuration ## Commands ### Status & Info ```bash nordvpn status # Connection status, server, IP, uptime nordvpn settings # All configuration settings nordvpn account # Account email, expiry, MFA status nordvpn groups # Available server groups nordvpn countries # Available countries ``` ### Reconnect (Fresh IP) **Agent is authorized to reconnect without asking.** Any other settings changes require user permission. ```bash nordvpn disconnect nordvpn connect us # Use different city to avoid same server ``` Alternative: `nordvpn connect` (no args = recommended server). ### Settings (user permission required) ```bash nordvpn set killswitch on|off nordvpn set technology nordlynx|openvpn nordvpn set lan-discovery on|off nordvpn set threatprotectionlite on|off nordvpn set post-quantum on|off nordvpn set dns <1.1.1.1> <8.8.8.8> nordvpn set autoconnect on|off nordvpn set notify on|off nordvpn set defaults # Reset all to defaults ``` ### Allowlist ```bash nordvpn allowlist add port 11434 # Allow port through VPN nordvpn allowlist add subnet 10.0.0.0/24 nordvpn allowlist remove port 11434 ``` ## Current Configuration (as of 2026-07-12) | Setting | Value | |---------|-------| | Technology | NORDLYNX | | Firewall | enabled | | Kill Switch | enabled | | Auto-connect | enabled | | Post-quantum | enabled | | LAN Discovery | enabled | | Threat Protection Lite | disabled | | Meshnet | disabled | | DNS | disabled | | Allowlisted ports | 53 (UDP/TCP), 11434 (TCP) | | Allowlisted subnets | 34.36.133.0/24 | Account: mdkrushr@gmail.com, active until Aug 30, 2026. No dedicated IP. MFA off. ## Cloudflare Block Workaround When browser or web tools hit Cloudflare blocks on target sites: 1. Check current IP: `nordvpn status` 2. Disconnect: `nordvpn disconnect` 3. Reconnect to different city: `nordvpn connect us Chicago` (or any city different from current) 4. Verify new IP: `nordvpn status` 5. Retry the blocked request ## Pitfalls - **Don't change settings without user permission.** Reconnect only. - **Use different city on reconnect** — same city may return the same server. - **Allowlisted ports survive reconnect** — no need to re-add after IP change. - **Kill switch blocks all traffic when disconnected** — brief outage during reconnect is normal. - **Post-quantum only works with standard NordLynx servers** — not with dedicated IP, OpenVPN, or obfuscated servers.