Note: These instructions is written for Raspberry Pi OS with GNOME ↗ .HOWTO: NordVPN (NordLynx) to Native WireGuard .conf (Raspberry Pi GNOME / Android)
Sat, Jan 17, 2026
Why I created this guide
I created this solution because I wanted to manage my VPN visually through the OS settings (GNOME/Network Manager), without being tied to the terminal or having to type login commands constantly.
I also prefer a clean system without the proprietary NordVPN software running in the background.
This guide allows you to extract standard WireGuard .conf files from your NordVPN (NordLynx) subscription. Prerequisite: An active NordVPN subscription.
Why use this method instead of OpenVPN?
- Visual Control: Toggle your VPN on/off directly from your desktop menu (GUI). No more terminal commands.
- Performance: WireGuard uses significantly less CPU and RAM than OpenVPN. This is vital for the Raspberry Pi.
- Speed: You will likely achieve much higher throughput (upload/download speeds).
- Latency: WireGuard often offers a lower ping, which makes browsing feel snappier.
- Universal: The .conf files work natively on Android, iOS, PC, and Mac without installing the NordVPN app.
SECURITY WARNING:
The generated .conf file works without a username/pas
sword (it uses a Private Key). Treat this file like a password and do not share it, otherwise others can use your NordVPN subscription!
Phase 1: Temporary Installation
We only need the official app once to negotiate the encryption keys.
Official NordVPN for Raspberry Pi Download Page ↗
- Install the app:
Code:
sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh) - Grant permissions (so we can run commands without sudo later):
Code:
sudo usermod -aG nordvpn $USER - Reboot (Required):
Code:
sudo reboot - Log in:(If the browser doesn't open, use nordvpn login --token <your_token>)
Code:
nordvpn login
Phase 2: The Script
This script handles the connection, forces a key refresh (to prevent conflicts), and extracts the configuration into a clean file.
Create a file named NordVPN-WireGuard.sh and paste this code NordVPN-WireGuard_2026-01-17.sh ↗ :
Code:
#!/bin/bash# COMMAND EXAMPLES:# 1. ./NordVPN-WireGuard.sh nl -> NordLynx-nl1234.conf# 2. ./NordVPN-WireGuard.sh nl999 -> NordLynx-nl999.conf# 1. CHECK INPUTif [ -z "$1" ]; then echo "Usage: $0 <country_code_or_server_id>" echo "Example: $0 nl OR $0 nl999" exit 1fiSERVER_ARG=$1echo echo " 1. Cleaning up old connections"nordvpn disconnect > /dev/null 2>&1# HARD RESET: Force the kernel to forget old keysif ip link show nordlynx > /dev/null 2>&1; then sudo ip link delete nordlynxfiecho " 2. Preparing Connection to $SERVER_ARG"# Force Key Refreshnordvpn set technology openvpn > /dev/null 2>&1sleep 1nordvpn set technology nordlynx > /dev/null 2>&1# Connectecho echo " Connecting: to $SERVER_ARG..."echo nordvpn connect "$SERVER_ARG"# Wait loop for valid connectionMAX_RETRIES=20COUNT=0echo echo " Waiting for valid handshake..."while [ $COUNT -lt $MAX_RETRIES ]; do if sudo wg show nordlynx private-key > /dev/null 2>&1; then CHECK_KEY=$(sudo wg show nordlynx private-key) if [ -n "$CHECK_KEY" ]; then break fi fi sleep 1 ((COUNT++))doneif [ $COUNT -eq $MAX_RETRIES ]; then echo " ERROR: Timeout. Connection failed." exit 1fisleep 3echo echo " 3. Extracting Credentials"# Get Hostname and remove hidden characters (\r)RAW_HOSTNAME=$(nordvpn status | grep -i "Hostname" | awk '{print $2}')SERVER_CODE=$(echo "$RAW_HOSTNAME" | cut -d'.' -f1 | tr -d '\r' | tr -d '\n')# Final FilenameOUTPUT_FILE="NordLynx-${SERVER_CODE}.conf"echo " Target Server: $SERVER_CODE"# Extract SecretsPRIVATE_KEY=$(sudo wg show nordlynx private-key)PUBLIC_KEY=$(sudo wg show nordlynx | grep "peer:" | awk '{print $2}')ENDPOINT=$(sudo wg show nordlynx | grep "endpoint:" | awk '{print $2}')ADDRESS=$(ip -4 addr show nordlynx | grep inet | awk '{print $2}' | cut -d'/' -f1)# Write the .conf filecat <<EOF > "$OUTPUT_FILE"[Interface]PrivateKey = $PRIVATE_KEYAddress = $ADDRESS/32DNS = 103.86.96.100, 103.86.99.100[Peer]PublicKey = $PUBLIC_KEYAllowedIPs = 0.0.0.0/0Endpoint = $ENDPOINTPersistentKeepalive = 25EOFecho " Success! Saved as: $OUTPUT_FILE"echo " 4. Cleanup"nordvpn disconnect > /dev/null 2>&1echo echo " Disconnected."echo 
Phase 3: Generating your Configs
Check the NordVPN Server List ↗ to find your preferred server ID.
- Make the script executable:
Code:
chmod +x NordVPN-WireGuard.sh - Run the script.
Option A: Auto-select best server in a country (e.g., Netherlands)Option B: Select a specific server numberCode:
./NordVPN-WireGuard.sh nlCode:
./NordVPN-WireGuard.sh nl999
Phase 4: Import, Use & Uninstall
How to use this file:
- On Raspberry Pi (GNOME): Go to Settings -> Network -> VPN -> Click (+) -> Import from file.
- On Android/iOS: Transfer the file to your phone and open it with the official WireGuard app.
This file is standalone. If you want to use this VPN connection on another Raspberry Pi or Android device, you only need this file. You do not need to install the NordVPN software or enter your username/password again on that device.
Cleanup:
Since you have the standalone config file, you no longer need the NordVPN software installed on your Pi. You can safely remove it to save resources and keep your system clean:
Code:
nordvpn disconnectsudo apt purge nordvpn -ysudo apt autoremove -ysudo rm -rf /var/lib/nordvpn /var/run/nordvpn.sockEnjoy your cleaner, faster VPN connection!
Statistics: Posted by Wobbo — Sat Jan 17, 2026 2:31 pm