NORDVPN(1) NordVPN Manual NORDVPN(1)
NAME
nordvpn - command-line interface of the NordVPN service
SYNOPSIS
nordvpn <command> [arguments]
DESCRIPTION
The NordVPN app for Linux protects your sensitive data with military-
grade encryption so that whatever you do online stays secure and
private. More than 5000 servers worldwide. No logs of your online
activity. Secure up to 6 devices with a single account. Access online
content securely, with no restrictions.
COMMANDS
account
Shows account information.
cities
Shows a list of cities where servers are available.
connect, c
Connects you to VPN.
countries
Shows a list of countries where servers are available.
disconnect, d
Disconnects you from VPN.
groups
Shows a list of available server groups.
login
Logs you in.
logout
Logs you out.
rate
Rates your last connection quality (1-5).
register
Registers a new user account.
set, s
Sets a configuration option.
settings
Shows current settings.
status
Shows the current connection status.
version
Shows the app version.
allowlist, whitelist
Adds or removes allowlist options.
meshnet, mesh
Meshnet is a way to safely access other devices, no matter where in
the world they are. Once set up, Meshnet functions just like a
secure local area network (LAN) — it connects devices directly. It
also allows securely sending files to other devices. Use the
"nordvpn set meshnet on" command to enable Meshnet. Learn more:
https://meshnet.nordvpn.com/
fileshare
Transfers files of any size between Meshnet peers securely and
privately.
help, h
Shows a list of commands or help for one command.
OPTIONS
--help, -h
Shows help.
--version, -v
Prints the version.
EXAMPLES
Example 1. Connect to a recommended server
$ nordvpn connect
Example 2. Connect to a server in a specific country
$ nordvpn connect Australia
$ nordvpn connect Switzerland
$ nordvpn connect Greece
Example 3. Connect to a server in a specific city
$ nordvpn connect Sweden Stockholm
$ nordvpn connect Australia Sydney
$ nordvpn connect Japan Tokyo
Example 4. Connect to a server in a specific country using the country
code
$ nordvpn connect US
$ nordvpn connect JP
$ nordvpn connect AU
Example 5. Connect to a server in a specific group
$ nordvpn connect P2P
$ nordvpn connect The_Americas
$ nordvpn connect Dedicated_IP
Example 6. Connect to a server in a specific group and country
$ nordvpn connect --group P2P Germany
Example 7. Disconnect from VPN
$ nordvpn disconnect
Example 8. Set a protocol
$ nordvpn set protocol UDP
$ nordvpn set protocol TCP
Example 9. Enable Kill Switch
$ nordvpn set killswitch enabled
Example 10. Enable ThreatProtectionLite
$ nordvpn set threatprotectionlite enabled
Example 11. Enable auto-connect
$ nordvpn set autoconnect enabled
Example 12. Enable auto-connect to a specific country or city
$ nordvpn set autoconnect enabled
$ nordvpn set autoconnect enabled Australia
$ nordvpn set autoconnect enabled Sweden Stockholm
Example 13. Enable obfuscation
$ nordvpn set obfuscate enabled
Example 14. Enable notifications
$ nordvpn set notify enabled
Example 15. Change technology
$ nordvpn set technology NordLynx
$ nordvpn set technology OpenVPN
Example 16. Allowlist port
$ nordvpn allowlist add port 22
$ nordvpn allowlist add port 23 protocol UDP
$ nordvpn allowlist remove port 23
$ nordvpn allowlist remove port 22 protocol TCP
Example 17. Allowlist ports
$ nordvpn allowlist add ports 3000 5000
$ nordvpn allowlist add ports 3000 5000 protocol UDP
$ nordvpn allowlist remove port 3000 5000
$ nordvpn allowlist remove port 3000 5000 protocol TCP
Example 18. Allowlist subnet
$ nordvpn allowlist add subnet 192.168.0.0/16
$ nordvpn allowlist remove subnet 192.168.0.0/16
Example 19. Allowlist ports and subnets removal
$ nordvpn allowlist remove all
Example 20. Set custom DNS
$ nordvpn set dns off
$ nordvpn set dns 1.1.1.1 1.0.0.1
MESHNET
NordVPN's Meshnet is a type of virtual network that allows multiple
devices to connect and communicate with one another directly, even when
they are located in different parts of the world. Meshnet makes it
possible for people to access resources and services on each other's
devices securely and privately. It eliminates the need for firewall
configurations and overcomes CGNAT limitations, assigning each device a
unique Meshnet IP.
USING MESHNET
To turn on Meshnet on your device, run the following command:
$ nordvpn set meshnet on
When connected to Meshnet, each device gets a unique Nord hostname and
Meshnet IP address, for access from linked devices. Nord hostnames are
unique, automatically assigned names for all devices in Meshnet. The
format is <username>-<mountain>.nord, where <username> is the username
of your Nord Account email address. For example, secret.raccoon-
andes.nord. Additionally, you can assign each device a personalized
nickname, which will be used as an alternative hostname for that
device.
You can add devices to your Meshnet in two ways, depending on whether
the device is your own or belongs to another NordVPN user. To add your
own devices to your Meshnet, just install the NordVPN app on the
devices you want to connect, log in with your account, and enable
Meshnet. They will connect automatically. Meshnet allows you to add up
to 10 devices that use the same NordVPN account. To add a device owned
by another NordVPN user, send an invitation through the NordVPN app
specifying their email address. As soon as they accept the invitation
in their NordVPN app, their device becomes part of your Meshnet.
To view a list of your Meshnet devices, run the following command:
$ nordvpn meshnet peer list
If you want to unlink your device from Meshnet, enter the following
command, where <device> is the device's Nord hostname, nickname, or
Meshnet IP address:
$ nordvpn meshnet peer remove <device>
To link your personal device back, restart Meshnet on the unlinked
device. To find your peer's device name faster, start typing the name
and press Tab. The system will auto-complete the name based on matching
peers.
LINKING DEVICES IN MESHNET
To add an external device to your Meshnet, send an invitation to the
owner of the device. Here are the steps to follow:
1. Enter the following command, where <email> is the email address of
the NordVPN user you're inviting:
$ nordvpn meshnet invite send <email>
2. Grant or deny the permissions requested for the user's device by
pressing Y or N, respectively, one at a time. Repeat until you see
a message confirming that you've successfully sent your invitation.
3. The other user will receive your invitation in their NordVPN app.
If the user has NordVPN installed on multiple devices, they need to
accept the invitation on each device individually.
Once the device owner accepts the invitation, your devices will be
linked. Ensure that the invitation is sent to a user you know and
trust. The invitation remains active even after the other user accepts
it so that they have time to accept the same invitation on each of
their devices. If not canceled sooner, invitations expire within 72
hours from the time of sending.
To accept an invitation on a Linux device:
1. Enter the following command, where <email> is the inviter's email
address:
$ nordvpn meshnet invite accept <email>
2. Grant or deny the permissions requested for the inviter's device by
pressing Y or N, respectively, one at a time. Repeat until you see
a message confirming that you've successfully accepted their
invitation.
To view a list of sent and received invitations, type:
$ nordvpn meshnet invite list
MESHNET NICKNAMES
Meshnet nicknames offer a convenient way to organize your devices,
making it easier to remember and identify them within your Meshnet.
Each device gets an automatically generated Nord hostname, but you also
have the freedom to create custom nicknames and use them as hostnames
for accessing your Meshnet devices.
When creating nicknames for your Meshnet devices, keep them simple and
within these rules:
• Select a nickname within 25 characters.
• Use Latin letters (a-z, A-Z), numbers, and single dashes.
• Ensure your nickname does not start or end with a dash.
• Do not use spaces.
After you personalize a device with a nickname, you can still use its
original Nord hostname.
To assign a nickname to this device, run the following command,
replacing <new_nickname> with the name you prefer:
$ nordvpn meshnet set nickname <new_nickname>
To remove the current nickname, enter this command:
$ nordvpn meshnet remove nickname
To set a nickname for a specific peer device, enter the following
command, where <device> is the device's Nord hostname, nickname (if
already set), or Meshnet IP address:
$ nordvpn meshnet peer nickname set <device> <new_nickname>
To remove a nickname from a specific peer device, use the following
command:
$ nordvpn meshnet peer nickname remove <device>
MESHNET PERMISSIONS
Meshnet permissions control the access granted to other devices within
your network. You can choose who can connect to your device, send you
files, route their internet traffic through your device, and access
your local resources. These permissions help protect the security and
privacy of your network resources and data by limiting the potential
for unauthorized access.
The remote access permission determines if a Meshnet peer can access
your device using the Nord hostname, nickname, or Meshnet IP address.
By default, remote access is granted for all devices.
When remote access is enabled, your device accepts incoming connections
from a Meshnet peer. The connections can be initiated from the same
local network or from the outside. When remote access is disabled, your
device does not accept connections from a Meshnet peer. If a connection
is attempted (for example, using the ping command), it will fail
because the recipient will not receive it. Having the remote access
permission disabled prevents the peer from accessing any shared folders
or services on your device.
The traffic routing feature allows you to route internet traffic
through compatible devices on your Meshnet. Traffic routing is only
possible through Meshnet devices running on Windows, Linux, and MacOS.
When the traffic routing permission is enabled, your Meshnet peers are
allowed to route their internet traffic through your device. In
essence, your device can act as a VPN server for your fellow users.
Caution: Use traffic routing only with trusted devices to avoid
potential misuse, as your browsing activity can be monitored on the
device you are routing through. With the traffic routing permission
disabled, the peer cannot route their internet traffic through your
device.
The local network permission works in tandem with traffic routing. Its
function is to either permit or deny access to your local network
devices while a Meshnet peer is routing traffic through your device.
Local network access is a supplementary feature to traffic routing, and
as such, traffic routing must be enabled to make use of the LAN
permission.
With the local network permission enabled, your Meshnet peer can route
their internet traffic through your device and interact with all of the
devices that are located in the same local area network. The devices
can vary from a router to a home server or network-attached storage
(NAS). Caution: Enable local network permission only for trusted
devices to ensure home network and device security. Untrusted entities
may cause severe damage if granted full access to your LAN devices.
When the local network permission is disabled, the Meshnet peer cannot
access devices on your LAN. Traffic routing remains functional unless
otherwise configured, but it only alters the Meshnet peer's public IP
address. Should the peer attempt to connect to a local IP address, the
connection will default to their LAN instead of yours.
The file sharing permission allows you to send and receive files
between your Meshnet peers via the NordVPN app. By default, file
sharing is allowed for all devices in your Meshnet. For instructions on
how to share files, see MESHNET FILE SHARING.
When you enable file sharing for a specific Meshnet peer, you can start
receiving files from that device. You can also choose whether to
automatically accept file transfers from this sender without receiving
a transfer request by using auto-accept permission. If you disable the
file sharing permission for one of your Meshnet peers, you will not
receive any files from that device. However, unless the peer disables
file sharing for you, you can still send files to the peer's device.
To manage permissions, proceed with the following instructions:
1. Run this command to list your Meshnet peers:
$ nordvpn meshnet peer list
2. Note the name of the peer device you want to alter permissions for.
The output also shows current permission settings.
3. To allow or disable the permission, use one of the following
commands. Replace <permission> with the desired setting -
[incoming|routing|local|fileshare|auto-accept] - and <device> with
the peer's Nord hostname, nickname, or Meshnet IP address:
$ nordvpn meshnet peer <permission> allow <device>
$ nordvpn meshnet peer <permission> deny <device>
MESHNET ROUTING
The traffic routing feature of Meshnet allows you to route all of your
internet traffic via a compatible peer device. When you initiate a
connection to the peer device, it is established using NordLynx
technology, which ensures a fast, secure, and encrypted connection
between devices.
When routing traffic, you get assigned the public IP address of the
host device and connect to the internet using it instead of your
standard IP address. The host device acts as a VPN server. Traffic
routing is available even when the host device is connected to a VPN
server. In such cases, instead of the IP address given by the internet
service provider (ISP), you will be assigned the IP address of the VPN
server to which the host is connected. Additionally, traffic routing
can be chained between several devices. This means that you can route
traffic through a peer device that is already routing traffic through
another device. When routing traffic, the connection tunnel
automatically uses the following NordVPN DNS addresses: 103.86.96.100
and 103.86.99.100.
When using traffic routing, be cautious that:
• A client device is assigned your public IP address, which
potentially could lead to illegal activities being performed
under your IP.
• A client device, with the local network permissions enabled,
could access other devices on your LAN and make unauthorized
changes.
• A host device could monitor your network activity, such as DNS
queries.
To start using traffic routing, make sure that the device you want to
route traffic through meets the following criteria:
• The NordVPN app is running, and the Meshnet feature is enabled in
the app.
• The device is connected to your Meshnet.
• The traffic routing permission is granted for your client device.
To start routing traffic on Linux, follow these steps:
1. Run this command to list your Meshnet peers:
$ nordvpn meshnet peer list
2. Note the name of the host device you want to route traffic through.
3. Run the following command, replacing <device> with the device's
Nord hostname, nickname, or Meshnet IP address:
$ nordvpn meshnet peer connect <device>
4. You can check the connection status by using this command:
$ nordvpn status
5. To stop traffic routing, run one of the following commands:
$ nordvpn disconnect
$ nordvpn d
MESHNET FILE SHARING
With Meshnet, you can transfer files of any size securely and
privately. The files you send go to the recipient directly over an
encrypted peer-to-peer connection — we don't upload your files to any
server or cloud.
Before you begin, make sure that the device you want to share files
with meets the following criteria:
• The NordVPN app is running, and the Meshnet feature is enabled in the
app.
• The device is connected to your Meshnet.
Tip: For quicker input, use Tab for auto-completion of valid device
names, transfer IDs, and file names.
You can initiate a file transfer from the NordVPN app by completing
these steps:
1. Enter the nordvpn meshnet peer list command and copy the name or
Meshnet IP address of the device you want to share your files with.
2. Type the nordvpn fileshare send command, followed by your peer
device's Nord hostname, nickname, or Meshnet IP address and the
path to the file you want to transfer, as shown:
$ nordvpn fileshare send <peer> </path/to/your/file>
3. Add more files to the transfer if needed. You can drag files from
the file explorer to the terminal to paste the path. File
directories can also be sent.
4. The file transfer begins as soon as the recipient accepts your
download request on their device.
Note: You can only send files to the devices that have the file sharing
permission enabled for your device. To display the history of transfers
sent from your device, along with their ID, size, status, and other
relevant details, use this command:
$ nordvpn fileshare list --outgoing
The transfers in the list are arranged in chronological order, with the
oldest transfers appearing first.
To receive files shared from another linked device, follow these steps:
1. Have your Meshnet peer send the files.
2. Enter the nordvpn fileshare list --incoming command.
3. Copy the ID of the file transfer request you want to accept.
4. Type nordvpn fileshare accept followed by the file transfer ID from
the previous step, as shown:
$ nordvpn fileshare accept <id>
Alternatively, accept transfers through notifications by enabling them
with nordvpn set notify on. You can find the received files in your
computer's default download folder, which is typically the Downloads
folder.
If you want to download only specific files from the transfer, provide
the names of the files you choose to accept:
$ nordvpn fileshare accept <id> <file1> <file2>...
To display the list of files in a particular transfer directory, enter
the nordvpn fileshare list command followed by the transfer ID:
$ nordvpn fileshare list <id>
You can enable automatic transfer acceptance from a specific peer. To
do this, run the following command, replacing <device> with the peer's
Nord hostname, nickname, or Meshnet IP address:
$ nordvpn meshnet peer auto-accept enable <device>
If you want to specify the location on your system where downloaded
files will be saved, use the --path command option followed by the
desired location and the transfer ID:
$ nordvpn fileshare accept --path </path/to/directory> <id>
If you need to cancel a transfer while it is still in progress, press
Ctrl + C or use the cancel command.
The cancel command is typically used when the transfer is running in
the background (--background option) or when you are canceling from a
different terminal session. To cancel a file transfer, enter the
following command, replacing <id> with the ID of the transfer you want
to cancel.
$ nordvpn fileshare cancel <id>
To cancel a specific file in a transfer, provide the file's name
following the transfer ID:
$ nordvpn fileshare cancel <id> <file>
You can remove entries from your file sharing history by using the
clear command. To completely remove all of your transfer history, run
this command:
$ nordvpn fileshare clear all
This command removes all transfers older than the specified time
period:
$ nordvpn fileshare clear <time_period>
For example, nordvpn fileshare clear 1d 12h clears entries older than
36 hours. Specify time periods using the systemd time span syntax:
https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html
BUGS
Our QA team did their best to hunt for bugs before the release. But if
it happens that we missed something, please report it to
support@nordvpn.com.
NOTES
Note 1. ThreatProtectionLite and custom DNS
Enabling ThreatProtectionLite disables custom DNS and vice versa.
Note 2. Nord Account login without graphical user interface
1. Run the nordvpn login command on your Linux device. 2. Open the
provided link in a browser. 3. Complete the login procedure. 4.
Right-click on the Return to the app button and select Copy link
address. 5. Run nordvpn login --callback <URL> with the copied
URL. 6. Enter nordvpn account to verify that login was successful.
Our customer support works 24/7. If you have any questions or issues,
drop us a line at support@nordvpn.com
NordVPN 3.19.0 2024-09-30 NORDVPN(1)
Generated by dwww version 1.14 on Fri Jan 24 06:33:19 CET 2025.