Nord VPN Technical Questions

What is a proxy server?

In computer networks, proxy server acts as intermediary for queries from internet users seeking resources from other servers. User joins the proxy server, requesting some service, such as webpage, connection, file or other resource available from other server and the proxy server estimates the request as a way to control and simplify its’ complexity. Nowadays, most proxy servers facilitate the access to the content on the World Wide Web (WWW).

Proxy server has plenty of potential purposes including:

Keep machines anonymous for security;
Speed up the access to internet content using caching. Web proxies are mostly used to cache web pages from a web server;
Block the attempt to download same content multiple times in order to save bandwidth;
Log and audit Internet usage;
Scan transferred data for malware before delivery;
Scan upload data in order to prevent data loss;
Bypass webpage restrictions at work;
Access restriction/enhancement;
Apply access policy to network content or services;
Access websites filtered or banned by your ISP or government;
Bypass parental and security controls;
Allow website to make requests to externally hosted resources such as music files, images, movie files, etc. when cross-domain restrictions block the website from connecting directly to the outside domains;
Allow browser to make network requests to externally hosted content in a name of a website when cross-domain restrictions block the browser from directly accessing the outside domains.

Types of proxy

Proxy server may operate on the user’s local computer or at various points between destination servers on the Internet and user’s computer;
Proxy server which passes responses and requests unmodified is usually called a tunneling proxy or a gateway;
Forward proxy is an Internet-facing proxy which retrieves from a large range of sources, mostly everywhere on the Internet;
Reverse proxy usually is an Internet-facing proxy which is used as a front-end to protect and control access to a server on a private network, mostly performing tasks such as caching, authentication, load-balancing or decryption.

What is SOCKS?

Socket Secure (SOCKS) is an Internet protocol which routes network packets between server and a client through a proxy server. In addition SOCKS5 provides authentication therefore only authorized users can access the server. SOCKS server proxies connects through TCP to a wilful IP address and provides values for UDP packets to be forwarded.

SOCKS operates at Layer5 of the Open System Interconnection reference model. It has three layers – transport layer, an intermediate layer between the presentation layer and the session layer.
Comparison to HTTP proxying

SOCKS performs at a lower level that HTTP proxying: SOCKS takes advantage of handshake protocol to report the proxy software about the connection the client attempts to make and so operates as transparently as possible while an HTTP proxy could interpret and copy headers (for instance to invoke another underlying protocol, such as File Transfer Protocol (FTP). Nevertheless HTTP proxy normally forwards an HTTP request to the eligible HTTP server). Although HTTP proxy has a variant model in mind, the CONNECT method permits forwarding TCP connections. Nevertheless SOCKS proxies may work in reverse and forward UDP traffic while HTTP proxies can’t. HTTP proxies usually are more aware of the HTTP protocol and they perform higher-level filtering. However that normally only applies to POST and GET methods but not the CONNECT method.

Rob wishes to communicate with Jack over the internet, but a firewall between them operates on his network. Therefore Rob is not authorized to associate with Jack directly. Hence Rob connects to the SOCKS proxy on his network and informing SOCKS proxy about the connection he wills to make to Jack. SOCKS proxy starts a connection through the firewall and eases the communication between Rob and Jack.

Rob wishes to download a web page from Jack who runs a web server. Rob can’t directly join Jack’s server as firewall has been put on his network. To get in touch with the server Rob connects to his network HTTP proxy. His web browser communicates straight to the proxy in the same way it would communicate directly with Jack’s server if it could. It transmits a standard HTTP request header. The HTTP proxy connects to Jack’s server and then sends back to Rob any data Jack’s server returns.
What is IP address?

An IP address is a virtual address that indicates the computer location in a network. It is used to ascribe an identity which always is unique to every computer that has internet access and it is similar to actual physical address.

Internet Protocol (IP) address is keen for data transferring between computers or networks. Due to the scope of the internet, data gathering would be almost impossible without a reference point such as unique IP address.

For example, when you browse the internet, your computer will link URL request with your IP address which will transmit the request over the internet to retrieve information. Information or the resulting data will only be sent back to the IP address that initiated the request. Accordingly, similar to a normal physical address, two IP addresses are needed for the successful transfer of data between two different systems.
How does an IP address look like?

An IP address can be recognized quite easily. Basic IP address contains 4 different numbers separated by dots. For example, your IP address ( consists of 4 different numbers separated by 3 dots. Each computer has a unique IP address which is assigned by the Internet Service Provider. The set of 4 numbers separated by dots is an element of the Internet Protocol v4 (IPv4) and supports 32 bits.

Nevertheless, regarding to the increase in demand of IP addresses, the new Internet Protocol v6 (IPv6) is existing as well. An IPv6 address contains 8 different elements separated by a colon (:) instead of a dot. Unlike IPv4, the IPv6 version can also consist of letters and is able to provide more addresses as such a system supports up to 128 bits.
What is Virtual Private Network?

A Virtual Private Network (VPN) is network technology that secures network connection over a public network such as private network owned by a service provider or the Internet. Government agencies, large corporations and educational institutions use VPN technology to enable users securely connect to a private network.

VPN can connect multiple pages over a great distance just like Wide Area Network (WAN). VPN is often used to extend intranets worldwide to spread news and information to a wide user base. Educational institutions use VPN to associate campuses that can be spread across the country or around the world.

In order to access the private network, an internet user must be authenticated by a unique ID and password. An authentication token if mainly used to access a private network through a personal ID number (PIN) which must be entered by user. The PIN is a unique authentication code that changes in accordance with particular frequency as a rule around every 30 seconds.
Types of protocols

There are a number of VPN protocols which are used to secure the transferring of data traffic over a public network. Each protocol differs fractionally in the way data is kept secure.

IP security (IPSec) is used to secure connection over the Internet. IPSec can use tunneling or transport mode to encrypt data traffic in a VPN. Difference between these two modes is that tunneling encrypts the entire data packet while transport mode encrypts only the message within the data packet (also known as payload). IPSec is is frequently specified as a security overlay for its’ use as a security layer for other protocols.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) use cryptography to secure connections over the Internet. Both protocols use a “handshake” authentication method that involves a negotiation of network parameters between server machines and the client. An authentication process involving certificates is used in order to initiate connection successfully. Certificates as cryptographic keys and they are stored on the client and the server.

Point-to-Point Tunneling Protocol (PPTP) is another tunneling protocol which is used to link a distant client to a private server over the Internet. PPTP is one of the most broadly used VPN protocol because of its’ simple configuration and upkeep. This protocol is included with Windows™ Operating System.

Layer 2 Tunneling Protocol (L2TP) is a protocol which is used to tunnel data connections traffic between two sites over the Internet. L2TP is often used together with IPSec to protect the transfer of L2TP data packets over the Internet. In this case IPSec acts as a security layer. Unlike PPTP, VPN execution using L2TP/IPSec requires the use of certificates or a shared key.

VPN technology employs complex encryption to guarantee security and stop any malicious interception of data between private websites. All traffic over VPN is encrypted using algorithms to protect data entity and privacy. VPN framework is governed by strict rules and standards to guarantee a private communication channel between sites. Corporate network admins are liable for execution and disposal of VPN, deciding the extent of a VPN and monitoring network traffic across the network firewall. A VPN administrators must constantly check the overall architecture and extent of the VPN to assure communications are kept private.
Secure Socket Tunneling Protocol

Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel with features that allow traffic to pass through firewalls that block L2TP/IPsec and PPTP traffic. SSTP provides a technology to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of Point to Point Protocol allows support for powerful authentication methods such as EAP-TLS. The use of HTTPS means that traffic will flow through TCP port 443, a port which is commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key encryption, negotiation and integrity checking.
Point to Point Tunneling Protocol

Point-to-Point Tunneling Protocol (PPTP) is a network protocol which enables the secure transfer of data from a remote client to a private company server by creating a virtual private network across IP/TCP-based data networks. PPTP supports multi-protocol, on-demand, virtual private networking over the public networks such as the Internet.

The networking technology of Point to Point Tunelling Protocol is an extension of the remote access PPP defined in the certification by the Internet Engineering Task Force (IETF) titled “The Point to Point Protocol for the Transmission of Multi Protocol Datagrams over PP Links,” referenced to as RFC (Request For Comments) 1171. The Point to Point Tunneling Protocol is a network protocol that encapsulates PPP packets into Internet Protocol datagrams for transmission over the Internet or other public IP/TCP-based networks. PPTP can also be used in private LAN to LAN networking.

The PPTP extension of PPP is clarified in the document titled “Point to Point Tunneling Protocol ,” PPTP – ppext – draft-ietf – 00. Text – pptp. A plan of this document was submitted to the IETF in June, 1996 by the firms of the PPTP Forum, which includes Ascend Communications, Microsoft Corporation, ECI Telematics, US Robotics and3Com/Primary Access.

Layer Two Tunneling Protocol (L2TP) is an amplification of the Point to Point Tunneling Protocol (PPTP) and it is used by an Internet service provider (ISP) to approve the operation of a virtual private network (VPN) over the Internet. Layer 2 Tunneling Protocol merges the best features of two other tunneling protocols: L2F from Cisco Systems and PPTP from Microsoft. The two main component parts that make up L2TP are the the L2TP Network Server (LNS), which is the instrument that terminates and possibly authenticates the Point-to-Point Protocol stream and L2TP Access Concentrator (LAC), it is the device that physically terminates a call.

PPP defines a means of encapsulation to send multiprotocol packets over layer two (L2) point to point links. Normally, a user connects to a network access server (NAS) through dialup POTS, ADSL, ISDN, or other service and runs Point-to-Point Protocol over that connection. In this configuration, the PPP and L2 session endpoints are both on the same network access server.

L2TP uses packet-switched network connections to able the endpoints to be located on different machines. The user has a Layer 2 connection to an access concentrator, which tunnels individual Point-to-Point Protocol frames to the network access server, therefore the packets can be processed separately from the destination of the circuit termination. This indicates that the connection can close at a local circuit concentrator, eliminating all possible long-distance charges, among other benefits. There is no difference in the operation from the user’s point of view.
What is OpenVPN?

OpenVPN is an open source software application that executes virtual private network (VPN) techniques for producing safe site-to-site or point-to-point connections in remote access facilities and bridged or routed configurations. OpenVPN uses a custom security protocol which utilizes TLS/SSL for key exchange. It is able to traverse firewalls and network address translators (NATs). James Yonan wrote it and published it under the GNU General Public License (GPL).

OpenVPN allows peers to authenticate each other using username and password, certificates, or a pre-shared secret key. When used in a multi-client server configuration, it allows the server to launch an authentication certificate for every user using certificate authority and signature. It uses the OpenSSL encryption library broadly as well as TLSv1.2/SSLv3 protocols and consists of many control and security features.
Types of VPN Tunneling

VPN supports two types of tunneling – compulsory and voluntary. Both types of tunneling are commonly used.

In voluntary tunneling, the VPN user manages connection setup. Firstly the client makes a connection to the carrier network provider (an Internet Service Provider in the case of Internet VPNs). After this, the VPN client application creates the tunnel to a Virtual Private Network server over this live connection.

The carrier network provider manages VPN connection setup, in compulsory tunneling. When the client at first makes an ordinary connection to the carrier, the carrier in turn at once brokers a VPN connection between a VPN server and that client. From the client’s position, Virtual Private Network connections are set up in just one step while the two-step procedure required for voluntary tunnels.

Compulsory VPN tunneling authorizes clients and associates them with specific Virtual Private Network servers using logic built into the broker device and it is sometimes called the Point of Presence Server (POS), VPN Front End Processor (FEP) or Network Access Server (NAS). Compulsory tunneling hides the info of VPN server connectivity from the VPN clients and efficiently transfers management control over the tunnels from users to the ISP. In exchange, service providers must take on the additional burden of installing and maintaining FEP devices.
VPN Tunnel

Virtual private network technology is based on the concept of tunneling. VPN tunneling involves generating and retaining a logical network connection (which may contain intermediate hops). On this connection, packets built in a specific VPN protocol format are encapsulated inside some other base or carrier protocol, then transmitted between server and VPN client and finally de-encapsulated on the receiving side.

For Internet-based Virtual Private Networks, packets in one of several VPN protocols are encapsulated within (IP) packets. VPN protocols also support encryption and authentication to keep the tunnels secure.
What is a DNS leak?

When using privacy service like NordVPN, it is very important that all of your Internet traffic originating from your machine is routed through VPN network. If any traffic is leaked outside of the VPN connection to the network, any adversary monitoring the traffic will be able to log all your activity.

Domain Name System (DNS) is used to translate domains such as into a numerical IP addresses for instance which are required for routing data packets on the Internet. Whenever your device contacts a server on the world wide web, such as the entered URL in your browser, your computer send a request to a DNS server for the IP address. Most of the Internet Service Providers assign their controlled DNS servers to the customers and use it for logging and recording Internet activity made by you.

Sometimes, even when connected to the VPN network, the operating system resume to use default DNS servers instead of using the anonymous DNS servers.

How to solve the DNS leak?

1. Our custom application for Windows, macOS, Android and iOS has a DNS leak protection feature implemented automatically, which will prevent your DNS from leaking.

2. Use NordVPN DNS servers.

In order to get NordVPN’s DNS servers please contact our support team.

To set it go to: Windows: Control Panel → Network and Sharing Center → Change Adapter Settings → Righ-click on your ‘Local Area Connection’ and select Properties → Click on the ‘Internet Protocol Version 4 (TCP/IPv4) and selectProperties → Click on the ‘Use the following DNS server addresses’ and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your Local Area Connections!

Mac: System Preferences → Network → Choose your network device → Advanced → DNS tab and type in the selected DNS server addresses. Please mind that you need to set DNS servers for ALL your network devices!

Linux: Network applet → Edit Connections → Edit your network device → Ipv4 Settings → Choose Automatic (DHCP) addresses only and add DNS servers in the textbox with every server address to be separated by a comma. Please mind that you need to set DNS servers for ALL your network devices!

You can check your DNS leak at the DNS leak test webpage.
What is Double VPN?

Double VPN is a security solution when the data is encrypted twice through multi-node farm. The encryption is double AES-256-CBC.
What are Anti-DDoS servers?

Anti DDos servers are suggested for a less interrupting connection, since they have an advanced stability checking system.
What encryption do you use to secure the connection?

For L2TP/IPSec it is AES-256. For OpenVPN – 256 bit SSL encryption. PPTP uses MPPE-128 encryption.
What are the Pros/cons with Transmission Control Protocol (TCP) vs User Datagram Protocol (UDP) when using OpenVPN?

UDP is mainly used for online streaming and downloading. TCP is more reliable but a little slower than UDP and usually used for web browsing.
How do I uninstall NordVPN?

For PPTP or L2TP connections just delete the NordVPN connection under “Network Connections” in the “Control Panel” on Windows. If you are using our custom software, simply go to C:/Program Files/NordVPN folder and run the ‘Uninstall’ file.
What ports should be open on firewall/router for it to work?

1723, 443 TCP and 1194 UDP ports should be open, also your firewall/router/ISP must allow pass-through for PPTP/VPN. Typical working: embedded Microsoft firewall in Windows, Linksys/D-Link/TP-Link/ASUS Router manufactured after year 2007, ADSL broadband. Typical not-working: not-Microsoft firewall, Netgear/Trend Router, all router-integrated ADSL modem. If you get error 619 with ADSL connection, please remove home router and disable not-Microsoft firewall software.
How does a VPN account work?

As soon as you connect to our VPN server your computer is assigned a new IP address and new DNS resolvers. Then all of your Internet traffic is encrypted and is tunneled to our VPN server. Once there, it is decrypted and allowed to travel to its intended destination. Your local ISP will only see a single encrypted data stream between you and our VPN server. Your ISP can no longer monitor, log or control your Internet usage and you can bypass your ISP restrictions.