100 lines
3.0 KiB
Markdown
100 lines
3.0 KiB
Markdown
---
|
|
name: nordvpn
|
|
description: "Manage NordVPN on the Hermes host — status, reconnect for fresh IP, settings reference, and Cloudflare-block workaround."
|
|
version: 1.0.0
|
|
category: devops
|
|
tags: [nordvpn, vpn, cloudflare, ip-block, networking]
|
|
---
|
|
|
|
# NordVPN Management
|
|
|
|
Manage the NordVPN connection on the Hermes host. Used when sites block the current IP (Cloudflare, bot detection) or when VPN status/settings need inspection.
|
|
|
|
## When to Use
|
|
|
|
- Sites return Cloudflare "Attention Required" or "Just a moment..." blocks
|
|
- Need a fresh IP to bypass rate limiting or geo-restrictions
|
|
- Inspecting or verifying VPN status and settings
|
|
- User asks about VPN configuration
|
|
|
|
## Commands
|
|
|
|
### Status & Info
|
|
|
|
```bash
|
|
nordvpn status # Connection status, server, IP, uptime
|
|
nordvpn settings # All configuration settings
|
|
nordvpn account # Account email, expiry, MFA status
|
|
nordvpn groups # Available server groups
|
|
nordvpn countries # Available countries
|
|
```
|
|
|
|
### Reconnect (Fresh IP)
|
|
|
|
**Agent is authorized to reconnect without asking.** Any other settings changes require user permission.
|
|
|
|
```bash
|
|
nordvpn disconnect
|
|
nordvpn connect us <city> # Use different city to avoid same server
|
|
```
|
|
|
|
Alternative: `nordvpn connect` (no args = recommended server).
|
|
|
|
### Settings (user permission required)
|
|
|
|
```bash
|
|
nordvpn set killswitch on|off
|
|
nordvpn set technology nordlynx|openvpn
|
|
nordvpn set lan-discovery on|off
|
|
nordvpn set threatprotectionlite on|off
|
|
nordvpn set post-quantum on|off
|
|
nordvpn set dns <1.1.1.1> <8.8.8.8>
|
|
nordvpn set autoconnect on|off
|
|
nordvpn set notify on|off
|
|
nordvpn set defaults # Reset all to defaults
|
|
```
|
|
|
|
### Allowlist
|
|
|
|
```bash
|
|
nordvpn allowlist add port 11434 # Allow port through VPN
|
|
nordvpn allowlist add subnet 10.0.0.0/24
|
|
nordvpn allowlist remove port 11434
|
|
```
|
|
|
|
## Current Configuration (as of 2026-07-12)
|
|
|
|
| Setting | Value |
|
|
|---------|-------|
|
|
| Technology | NORDLYNX |
|
|
| Firewall | enabled |
|
|
| Kill Switch | enabled |
|
|
| Auto-connect | enabled |
|
|
| Post-quantum | enabled |
|
|
| LAN Discovery | enabled |
|
|
| Threat Protection Lite | disabled |
|
|
| Meshnet | disabled |
|
|
| DNS | disabled |
|
|
| Allowlisted ports | 53 (UDP/TCP), 11434 (TCP) |
|
|
| Allowlisted subnets | 34.36.133.0/24 |
|
|
|
|
Account: mdkrushr@gmail.com, active until Aug 30, 2026. No dedicated IP. MFA off.
|
|
|
|
## Cloudflare Block Workaround
|
|
|
|
When browser or web tools hit Cloudflare blocks on target sites:
|
|
|
|
1. Check current IP: `nordvpn status`
|
|
2. Disconnect: `nordvpn disconnect`
|
|
3. Reconnect to different city: `nordvpn connect us Chicago` (or any city different from current)
|
|
4. Verify new IP: `nordvpn status`
|
|
5. Retry the blocked request
|
|
|
|
## Pitfalls
|
|
|
|
- **Don't change settings without user permission.** Reconnect only.
|
|
- **Use different city on reconnect** — same city may return the same server.
|
|
- **Allowlisted ports survive reconnect** — no need to re-add after IP change.
|
|
- **Kill switch blocks all traffic when disconnected** — brief outage during reconnect is normal.
|
|
- **Post-quantum only works with standard NordLynx servers** — not with dedicated IP, OpenVPN, or obfuscated servers.
|