Getting NordVPN WireGuard details

GetNordVPNWireGuardDetails.md

About

Instructions to obtain WireGuard details of your NordVPN account. These can be used to setup a WireGuard tunnel on your router to NordVPN.

Source: https://forum.gl-inet.com/t/configure-wireguard-client-to-connect-to-nordvpn-servers/10422/27

Prerequisites

If you have any linux machine, use that or install a vm if you don't have one.

Get their official linux app installed. Make sure you have wireguard installed too. And set the used technology to Nordlynx by running nordvpn set technology nordlynx

Fetching details

Connect to nordvpn with command: nordvpn connect (don't forget to login with nordvpn login --legacy).

Fetch (your) IP address

After successful connection run

ifconfig nordlynx

Fetch your private key

Run

sudo wg show nordlynx private-key

Output of this command should be something like this:

CKMAE9LARlt2eZHgGnNaSUYiKllKJN7f3hed/bWm5E8=

The key above is just a random key for demo purposes.

Fetch your public key

Run

sudo wg show nordlynx public-key

Output of this command should be something like this:

TO158iXbNXt2eZHgGnNaSUYiKZHgGN7f3hed/bWm5E8=

The key above is just a random key for demo purposes.

Fetch server details

Make sure you have curl and jq installed on your host/router. These are needed to be able to fetch the config of NordVPN Server. If not installed, go ahead and install

opkg install curl jq

After installation enter the command below to fetch the recommended server config:

curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"|jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'

Output:

uk1818.nordvpn.com #your endpoint host
178.239.166.185 #its ip address
London #city
United Kingdom #country
K53l2wOIHU3262sX5N/5kAvCvt4r55lNui30EbvaDlE= #Server public key
10 #Server load at the time.

Or just visit the following url https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1 from your browser and look for the details manually.

Thank you for your all info. This is simple version with Docker command, you only need access code and country code (optional) to generate the config file

https://github.com/magicstone1412/NordVPN_WireGuard

Since all the replies here use v1 api and download all the servers to filter them client-side with jq, here is a odata filter version, on the v2 API:

filter by country (153 is Netherlands) there is an api that list countries, and technologies to get the ids.
filter to only the servers supporting wireguard_udp, etc...

Pushing the filtering server side just made me feel better :D.

SERVERS_RESPONSE=$(curl --silent "https://api.nordvpn.com/v2/servers?limit=16384&filters\[country_id\]=153&filters\[servers_groups\]\[identifier\]=legacy_p2p&filters\[servers_technologies\]\[identifier\]=wireguard_udp")

SERVERS=$(echo "$SERVERS_RESPONSE" | jq --argjson TECH_ID "$WIREGUARD_TECH_ID" '
  [
    .servers[] |
    {
      name: .name,
      hostname: .hostname,
      load: .load,
      status: .status,
      wireguard_public_key: (
        .technologies[] |
        select(.id == $TECH_ID) |
        .metadata[] |
        select(.name == "public_key") |
        .value
      )
    }
  ] |
  sort_by(.load)
')

I made a couple interactive shell scripts that generate WireGuard configs based on the conversation here; just provide your Access Token and it'll walk you through the rest:

https://github.com/j0hnm4r5/nordvpn-wg

It looks similar to @magicstone1412's (I didn't see theirs when I started this; sorry for the duplicated efforts!)

thanks @j0hnm4r5
you could update you script to use v2 api with odata filter, if you care. see my comment just above.

Huge thanks @j0hnm4r5 this is the best script for those like me who want to create nord-->wireguard configs based on 2digit country names e.g "us"
After all these years i finally found something very simple that works and does exactly what i need.
Well done!

THIS script worked for me , on 03-16-2026 . you need to be aware of this, log into nordvpn , then on the left pane , click on nordvpn , the new page has at the bottom , " manual settings " click on it, authenticate and it gives you the " real" usrname and password for both Openvpn and Wireguard to use the script above to get the " settings for wireguard " . you need Linux to do it, BEFORE , I knew (remembered ) how to get my login credentials , I tried in Windows 11 powershell but it would fail, I never went back to retest as I do dual boots in this laptop. I did sucessfully setup Wireguard in PFsense , but have not tried using the client to permanently log my whole house to NORD , as this will make life for my wife HELL. (not computer / web site savvy ) , beside my sons use Mullvad vpn in their gaming computers and I only use nord in my Synology using Openvpn to NORD. works for me.

alternative way without downloading their software (needs curl and jq):

1. go to https://my.nordaccount.com/dashboard/nordvpn/manual-configuration/ and create an access token
2. get your private key

curl -s -u token:<ACCESS_TOKEN> https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_key

3. get server info

curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1" | jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'

4. create config:

[Interface]
PrivateKey = <PRIVATE_KEY> # from step 2
Address = 10.5.0.2/32 # this IP is always the same
DNS = 9.9.9.9 # your favorite DNS server

[Peer]
PublicKey = <PUBLIC_KEY> # from step 3
AllowedIPs = 0.0.0.0/0, ::/0 # route everything
Endpoint = <ENDPOINT>:51820 # endpoint or IP from step 3, the port is always the same

Amazing and can be done right from my MacBook with a few commands. Built a file and its working in my Unifi setup under Wireguard.

The following bash script automates the process and allows you to generate configurations for specific countries:

#!/bin/bash
set -eu

for cmd in curl jq; do
  if ! type "$cmd" >/dev/null 2>&1; then
    echo "Error: $cmd is required but not installed." >&2
    exit 1
  fi
done

read -r -p "Enter country name (or 'list' to show all, Enter for recommended): " country_input
echo

if [ "${country_input,,}" = "list" ]; then
  echo "Available countries:"
  curl -s "https://api.nordvpn.com/v1/servers/countries" | \
    jq -r '.[].name' | sort
  exit 0
fi

read -r -s -p "Enter your NordVPN access token: " token
echo
if [ -z "${token:-}" ]; then
  echo "Error: access token cannot be empty." >&2
  exit 1
fi

private_key=$(curl -s -u "token:$token" \
  "https://api.nordvpn.com/v1/users/services/credentials" |
  jq -r '.nordlynx_private_key')

if [ "${private_key:-null}" = "null" ]; then
  echo "Error: Failed to fetch private key. Check your token." >&2
  exit 1
fi

base_url="https://api.nordvpn.com/v1/servers/recommendations"
params="?filters[servers_technologies][identifier]=wireguard_udp&limit=1"

if [ -n "${country_input:-}" ]; then
  countries=$(curl -s \
    "https://api.nordvpn.com/v1/servers/countries" |
    jq -r --arg country "$country_input" \
      '.[] | select(.name | ascii_downcase | contains($country | ascii_downcase)) | .id')

  country_count=$(echo "$countries" | grep -c .)
  case $country_count in
    0)
      echo "Error: No country found for '$country_input'." >&2
      echo "Run with 'list' to see available countries." >&2
      exit 1
      ;;
    1)
      country_id="$countries"
      ;;
    *)
      echo "Error: Multiple countries match '$country_input' ($country_count)." >&2
      echo "Be more specific. Run with 'list' to see all." >&2
      exit 1
      ;;
  esac

  params="$params&filters[country_id]=$country_id"
fi

server_info=$(curl -s --globoff "$base_url$params")

hostname=$(echo "$server_info" | jq -r '.[0].hostname')
endpoint=$(echo "$server_info" | jq -r '.[0].station')
pub_key=$(echo "$server_info" | jq -r '.[0].technologies[] | select(.identifier == "wireguard_udp") | .metadata[] | select(.name == "public_key") | .value')

if [ "${hostname:-null}" = "null" ] || \
   [ "${endpoint:-null}" = "null" ] || \
   [ "${pub_key:-null}" = "null" ]; then
  echo "Error: Failed to fetch server info." >&2
  exit 1
fi

cat << EOF > nordvpn.conf
[Interface]
PrivateKey = $private_key
Address = 10.5.0.2/32
DNS = 103.86.96.100, 103.86.99.100

[Peer]
PublicKey = $pub_key
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = $hostname:51820
PersistentKeepalive = 25
EOF

echo "WireGuard config generated: nordvpn.conf"
echo "Server: $hostname ($endpoint)"
[ -n "${country_input:-}" ] && echo "Country filter: $country_input (ID: $country_id)"

Usage example:

❯ bash generate-nordvpn-wg-v3.sh
Enter country name (or 'list' to show all, Enter for recommended): Spain

Enter your NordVPN access token:
WireGuard config generated: nordvpn.conf
Server: es232.nordvpn.com (185.214.97.124)
Country filter: Spain (ID: 202)

❯ cat nordvpn.conf
[Interface]
PrivateKey = <redacted>
Address = 10.5.0.2/32
DNS = 103.86.96.100,103.86.99.100

[Peer]
PublicKey = OaSGanHmoG3ytojHqodqeYYoN7s+4bF2wGfA67MHAXY=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = es232.nordvpn.com:51820
PersistentKeepalive = 25