Skip to content

Configure NordLynx on a Unifi Dream Machine

encrypted-chacho

VPN slowing you down? OpenVPN is fantastic for privacy, but if you need speed, it's not the best protocol option. Enter WireGuard: lightweight and fast. That's why NordVPN's NordLynx is built on WireGuard; it's a game-changer. Setting up a VPN client on an edge router, like the Unifi Dream Machine, allows the entire network traffic to benefit so great - let's do that! There's only one problem: NordVPN doesn't currently provide easy config files.

The solution: Generate the configuration on a Linux machine and use those details to set up NordLynx on your router. This guide will walk you through the process by first installing NordVPN on a debian-based Linux VM (Parrot Security OS) and then using that configuration to set up NordLynx on a Unifi Dream Machine.

Install NordVPN and WireGuard on a Linux Machine

sudo apt install wireguard curl
sh <(curl%20-sSf%20https://downloads.nordcdn.com/apps/linux/install.sh)

Initiate Login to NordVPN Account 

nordvpn login

Copy the link into a browser and log into your NordVPN account there. Right click on the "Continue" button and select "Copy Link." callback-link

Log into NordVPN via Terminal nordvpn-login

Set up NordVPN to use NordLynx 

nordvpn set technology NordLynx

Run NordVPN and Grab Conf

Connect to Your Preferred NordVPN City/Server 

nordvpn connect New_York

Run wg showconf nordlynx and note the highlighted fields: configLinux

Configure Wireguard on Unifi Dream Machine

Log into your router via the browser GUI and configure a WireGuard interface. In this example, it's a Unifi Dream Machine so the GUI looks like the image on the right after you've logged in and clicked through numbers 1-3 (and selected Manual if it is not already selected). Plug in the remaining fields shown and be sure to adjust the port number if necessary. configUDM

Note: The interface's Public Key is generated based on the Private Key so the only Public Key you are entering is for the Server.

Once you have clicked Apply, if it is configured properly, the screen will indicate it is connected. At this point you can then create a Policy-Based Route to push whatever traffic from whichever devices or networks through the VPN interface.
policy-based routing