NordVPN Renewal + testing others....

So, my subscription was up for renewal and they dropped the 3-year option for a 2-year version at the same price as 3-years.

I went around looking for deals on services using wireguard for the faster speeds I have w/ Nord. I found a few contenders that were about the same price as Nord 3Y plan.

CyberGhost was compelling price wise but, I couldn't get it working properly using Linux even though it installed it wouldn't connect / authenticate in linux. Worked fine on the phone though with the app but, the speeds were ~100mbps with wireguard as the protocol which with Nord got full speeds ~900mbps.

Torguard was next on the list of trials and I was able to get it working on both phone / PC and the speeds were as expected but, the linux app wouldn't launch until a login o the headless PC to activate it. Their sales page would flag the purchase as "fraud" while connected to a VPN which was a turn off. The routing updates the app applied caused Plex to crash and restart as it was being blocked by the routes that the app was injecting.

I had a few more options to test / potentially switch to but, the value wasn't there for competing with the price of Nord. Renewed Nord with "retailmenot" coupon for $4.32 off the price + activating RTM for another 25% cash back.

Nord:
Normal 2Y - 3.56/mo
Discounts 2Y - 2.36/mo
Original 3Y Nord w/ discounts / rebates - $1.97/mo


Other options above w/ discounts / rebates - $1;94-$1.99/mo


Sometimes it's just easier to renew with a price increase than battle with the issues other apps present. Tried and true apps / services result in an easier experience. Having to "hack" the different options to make them work as they should shouldn't have to be the case.

While the other providers presented better prices they required additional tactics to make them work such as modifying the install script due to them not supporting the latest release of linux. enabling auto login to get the program to launch and connect, add/remove routes to make things function properly post connection. The whole reason for needing it to work with liinux is that I designed the PC to act as the Router / WIFI / media server / FW / DVR and a couple of other functions. With this it's the aggregation point for everything on the network and provides all devices with protection without monkeying around with apps / routers (dd-wrt/tomato) or the # of devices restrictions of the providers which range from 1-unlimited.

 

So, for the last couple of days Nord has been acting up with GMAIL / FACEBOOK related sites using the US servers. In the past I've simply switched versions of the software to use known good servers from my spreadsheet of them that I've documented over time. This issue hasn't abated though using this method and nothing is being reported anywhere on the web. I just switched to 3.9.4.x from 3.9.5.x / 3.10.x clients and when you switch versions it randomly connects to servers upon startup. This time it opted for Costa Rica and behold Gmail / FB were working while connected vs needing to be disconnected to work properly. While the routing for CR vs US won't provide optimal speeds it will work for the time being to not be exposed.

 

So, a little update.

Main PC/server/Router connects just fine when connected to US servers to sites I see an impact on. Did some reconfigurations / testing in various attempts to get things working again through wireguard based connectivity to retain bandwidth. Whatever the issue is it's not on my side and I'll keep pushing Nord to fix their crap. In the meantime on a whim other than connecting to CR servers I switched things up to use OVPN instead of WG and US servers are working again for the impacted sites though at a reduced speed due to the bloated OVPN module over WG.

Speeds are alright when picking a low utilized server but, still not as snappy as the WG version. I think this isn't being reported as an issue since it works on a primary connection just not clients connecting through the primary connection.

CM <> Server (router/linux) <> WIFI (AP/NWA210AX) <> Clients

I do networking for a living and this is throwing me a curveball since I can't compare their servers from a working one to a non-working one to point them in the right direction to resolve the issue. I'm sure there's probably some pfSense / DD-WRT people out there scratching their heads too but, I couldn't find anything posted through Googling the past few days. I found some unique options though using WG directly and not using Nord's app to connect. Double checked all my routing / firewall entries just as a precaution but, didn't find any issues as those had not been touched prior to the TLS issue coming up.

I did purge / reinstall security related packages on the box though just in case there was some corruption or the like. It's just hard to pin point where the bug is w/o having full access across the network to inspect things. Another oddity of the WG connection is trace's don't work but, on the OVPN they do which helps to see where any potential issue might be.

 

I have not moved any of my computers to Win 11, but one is on a preview version. Nordlynx (Wireguard) stopped working and multiple reinstalls did not fix it. Nord pointed out that Win 11 and precursors were still beta and they were planning to fix it by the Win 11 launch date. They do now have what seems to be a fix, though I am not sure if it is final (version 6.39.6). They do still have a site location anomaly (some servers in Atlanta and Charlotte show as being in Germany to some sites (including sometimes theirs). However, with specified DNS, there does not seem to be any leakage. I am happy to give up OVPN and its slowness for Nordlynx.

 

I run it on Linux so, it's been viable for years at this point. W11 compatibility shouldn't be that much different than W10. The issue I'm having is that the Linux server/router I've been using for a few years now with Nordlynx/Wireguard to be my router can browse the sites w/o issue but, clients W10/Andoird can't hit them or get them to load unless I connect to Costa Rica servers.

Single PC's using the nordlynx shouldn't have issues with connecting and working just fine. The issue comes with multiple devices being funneled through a single device. For Windows users the option that would come to mind is ICS (internet connection sharing).

Cable modem <> Server/router <> WIFI <> Clients

I tossed the consumer grade router / wifi for a custom build instead for a couple of reasons other than the costs of upgrading with newer WIFI generations it's more secure than the buggy software the likes of Netgear / Cisco / Linksys / DLink / etc. I don't have to rely on them to fix bugs in 6-12 months or never in some cases and can apply new kernel versions for linux as they become availabel (weekly) or packages for software for hostapd / wpasupplicant / openssl if running an adapter/card.

 

So, it looks like the release of 3.11.0 client for Linux coincides with them fixing the routing issue I was having. Coincidence? Maybe.



It's nice to have it working properly again as OVPN struggled for speed (~400-500mbps / some under 100mbps depending on server) / stalled on speed tests / spit out tons of syslog messages regarding issues with Nord's "activity"

Clients are no longer having a problem reaching sites now over the wireguard (nordlynx) configuration as they had been working prior to the issue.

I did have extensive back and forth emails with them over the issue and called them out on the issue. I provided all the info they asked for but, they ghosted me after my last response pinning it on them and not continuing their "trouble shooting" antics of changing settings any longer.

Sorted out the issue with RTM not paying out on the purchase ~2 months post purchase and got my rebate for 25% off deposited finally as well. I'm almost certain pihole blocking all tracking had something to do with he delay. Which is why you keep emails / screenshots of this sort of thing until they payout. Never had any issues that come to mind while using ebates/rakuten though.

I was seriously looking into other VPN options if they didn't get this resolved. Mullvad came to the top of the list though even though it's double the price it sounds promising in the event of needing a different provider down the road. Mullvad though requires a bit more manual selection of servers to connect to. I stumbled upon a list of their servers and noticed they include the bandwidth they're connected to which is a nice focal point to assess how they might perform. A handful of them are on 10GE connections. Most are on 1GE though. Considering their higher price for service I'm wondering how saturated things are and what kind of performance one might get while connected.