Files
hermes-skills/nordvpn/SKILL.md

100 lines
3.0 KiB
Markdown

---
name: nordvpn
description: "Manage NordVPN on the Hermes host — status, reconnect for fresh IP, settings reference, and Cloudflare-block workaround."
version: 1.0.0
category: devops
tags: [nordvpn, vpn, cloudflare, ip-block, networking]
---
# NordVPN Management
Manage the NordVPN connection on the Hermes host. Used when sites block the current IP (Cloudflare, bot detection) or when VPN status/settings need inspection.
## When to Use
- Sites return Cloudflare "Attention Required" or "Just a moment..." blocks
- Need a fresh IP to bypass rate limiting or geo-restrictions
- Inspecting or verifying VPN status and settings
- User asks about VPN configuration
## Commands
### Status & Info
```bash
nordvpn status # Connection status, server, IP, uptime
nordvpn settings # All configuration settings
nordvpn account # Account email, expiry, MFA status
nordvpn groups # Available server groups
nordvpn countries # Available countries
```
### Reconnect (Fresh IP)
**Agent is authorized to reconnect without asking.** Any other settings changes require user permission.
```bash
nordvpn disconnect
nordvpn connect us <city> # Use different city to avoid same server
```
Alternative: `nordvpn connect` (no args = recommended server).
### Settings (user permission required)
```bash
nordvpn set killswitch on|off
nordvpn set technology nordlynx|openvpn
nordvpn set lan-discovery on|off
nordvpn set threatprotectionlite on|off
nordvpn set post-quantum on|off
nordvpn set dns <1.1.1.1> <8.8.8.8>
nordvpn set autoconnect on|off
nordvpn set notify on|off
nordvpn set defaults # Reset all to defaults
```
### Allowlist
```bash
nordvpn allowlist add port 11434 # Allow port through VPN
nordvpn allowlist add subnet 10.0.0.0/24
nordvpn allowlist remove port 11434
```
## Current Configuration (as of 2026-07-12)
| Setting | Value |
|---------|-------|
| Technology | NORDLYNX |
| Firewall | enabled |
| Kill Switch | enabled |
| Auto-connect | enabled |
| Post-quantum | enabled |
| LAN Discovery | enabled |
| Threat Protection Lite | disabled |
| Meshnet | disabled |
| DNS | disabled |
| Allowlisted ports | 53 (UDP/TCP), 11434 (TCP) |
| Allowlisted subnets | 34.36.133.0/24 |
Account: mdkrushr@gmail.com, active until Aug 30, 2026. No dedicated IP. MFA off.
## Cloudflare Block Workaround
When browser or web tools hit Cloudflare blocks on target sites:
1. Check current IP: `nordvpn status`
2. Disconnect: `nordvpn disconnect`
3. Reconnect to different city: `nordvpn connect us Chicago` (or any city different from current)
4. Verify new IP: `nordvpn status`
5. Retry the blocked request
## Pitfalls
- **Don't change settings without user permission.** Reconnect only.
- **Use different city on reconnect** — same city may return the same server.
- **Allowlisted ports survive reconnect** — no need to re-add after IP change.
- **Kill switch blocks all traffic when disconnected** — brief outage during reconnect is normal.
- **Post-quantum only works with standard NordLynx servers** — not with dedicated IP, OpenVPN, or obfuscated servers.