Howdy folks,
My set up: A beefy gaming PC on a 1000mb fiber connection with a good home router NID. I am also a computer engineer so I get the techy stuff.
My question: I was playing with speed tests and I noticed that Nord added another ethernet adapter for Nordlynx while NOT on nordvpn. I get the technology is using 2 NATs. I wanted to test some speed, so I removed the adapter from device manager (but I didn’t speed test before I removed because I’m dumb), yes Nord slows my speed down when in use. Does having the two NATs on all the time provide any additional security when the VPN isn’t enabled? NATing provides almost no additional security these days, especially if the Nordlynx protocol has no additional security features built into the protocol as well as being 1 to 1 packet replication to your regular network adapter. After removing the lynx adapter, it comes back now but only when connected to Nordvpn.
Just trying to understand what Nord is doing here, and if there is any benefit of having the NAT *always on*.
Appreciated for any and all assistance.
-------------------
UPDATE!!!
So, after some speed tests, for protocols TCP is the slowest at around 110mbs (thats bits as well, divide that by 8 for btyes), UDP was around 125 and nordlynx was around 700 so the speed difference is great. Heavy CPU usage but that’s to be expected.
Also, I found no difference in speed if NordVPN is not on BUT the two NATs are enabled vs just the regular NIC adapter. I dug really deep into my windows syslogs and event manager. The NATed ethernet adapter is a virtual IP container or VIP that is just a traffic manager for the regular ethernet adapter. It’s essentially a mail carrier that 1 to 1s the packets to your NIC. I highly doubt there’s any additional security added here as I could not find any other processes running in windows event manager or my bandwidth logs, especially since this test is when Nord is NOT running.
I may ping nords support desk for more info on this magic second adapter, but I think I figured out what this second NAT/ethernet adapter does functions wise.
Being double natted is a sure fire way to deal with reduction in speed. It’s basically (PC)OUT> IN > OUT > IN > OUT > OUT(WAN) rather than just OUT > IN > OUT > OUT (to my understanding anyway). Couple things you can do are: try whitelisting your subnet and/or checking the NordLynx adapter to see if you can change it’s gateway IP
I’d also ensure the DNS setting is off or default and considering pointing your router’s DNS to Nord’s DNS servers. This may also fix it but wouldn’t be my first stop. Also not sure what all is btwn your computer and the internet but you can get traffic without poking holes in a firewall
I haven’t experienced NordLynx always being on, few times I turned it off learning about this double NAT situation I don’t recall noticing it lol
I noticed since having NordVPN it takes longer for webpages to load. So I looked online to see if there was a fix/solution for this, which is when I read about NordLynx. It showed me how to switch my VPN Protocol from Auto (recommended) to NordLynx. I literally just did this so I haven’t had any good or bad to report, but if using NordLynx is supposed to connect to VPN servers faster, improve your connection speeds, and keep your personal data and online activity private, then why is the default on NordVPN set to Auto (recommended) and not NordLynx?
Thank you for the info, check my updated OP for more info on what I was attempting to test.
Thank you for the user guide.
This is a dead thread but since I’m the OP and a decent guy with too much time on his hands atm I’ll give you an educated guess. Likely, the auto function tries all VPN protocols and sees which is the fastest. Contrasting, if you select a specific one it will only use that protocol.
Nice, thanks for the update, it sounds like some of your apps/services are being forced through the Ethernet connection specifically, or am I misunderstanding?
I’m no engineer, just helpdesk and networking hobbyist more or less. I wonder what would happen if you pointed the Ethernet adapter to your Nord local IP for the gateway, normalizing any other DNS and gateway changes you might’ve made.
Sounds like they’re relatively isolated but stuff running over the Ethernet nic might be getting turned around to Nord from the router before actually hitting the internet? Do you have Ethernet and wifi enabled?
I can tell, you are no dummy and will read the user guide. IMO there are several factors, that you and your device are only one of. 
.
You are correct. I spoke with their Help today. So I put it back to auto. If it causes lags I will just switch it off for a bit. But thanks to everyone who got back to me.
Nothing is forced to my knowledge. This second adapter is essentially a fake or virtual gateway with a public IP that’s just NATed to your regular IP/adapter gateway etc.
I could try that, it actually might break the traffic flow because the Nord private NAT is flowing to your regular NIC gateway, I suspect that will totally happen as I removed the Nord IP and it broke my internet in testing. It’s auto NATed to your NIC IP. I don’t see any easy way to change it.
Your last paragraph is correct, it’s just adding a virtual gateway that sits in front of your NIC. I see this as 100% a speed increase with VPN connectivity as a feature, no security at all. Yes both are enabled, I’m on a wired connection however. Wifi for gaming is silly.
Thanks! Check the other conversation in this thread, I figured it out. Just took me some time!
Gotcha, thank you, all that being said you aren’t technically double NATed, because at this point I’m certain you’re aware the problems that causes. That is unless your raw connection is fooled into thinking so when Nord is disabled yet the virtual adapter is available; it not being available and the raw configs believing so would explain the reduction in speed. A virtual orb of confusion haha.
You really got it going on man, I’m puzzled, if the latter there is the case it just begs more questions as it’s anomalous by nature. Do you use a stand alone firewall or just those built into one service/device or another? You’re on Windows right?
I’ll have to double check but I believe my setup with Nord does get assign a private IP with public. Also, if you have access to a shit laptop or network device you can host Nord on OpenVPN on the edge of your network, remove this problem entirely (I had to iron out things for various streaming services)
I was checking out some logs, I doubt your raw connection even knows it’s there. It’s a two-way funnel to your normal adapter IP which is now in the back end, I think. Also, I just tested this, messing with your default connection with the virtual adapter being active without Nordvpn active breaks your shit too. It can’t bypass. UUhhhhhhhhh.
I use a virtual sonic wall appliance, I’m on Windows 10 64pro with a LOT of security addons. IMHO Never use Windows Firewall as it’s basically made out of crayons and construction paper. I could probably bypass it on other systems and I am in NO way a hacker of any kind. Not my specialty.
Any connection to the internet requires both a private and public IP space, so you’re correct that Nord gives you both. It’s required with standard IPv4 routing (google the OSI model for more information). So you turned a shit laptop into a dedicated VPN appliance, pretty slick honestly man, but it’s a SPOF or single point of failure. What happens when your laptop eats a turd? Is your whole house internet fucked after that? I would test.
Summary: Man, this Nord solution is so inelegant. It’s not transparent, there’s zero documentation on what the virtual adapter does, adds no security as far as I can tell, why it’s there in the first place apart from their silly marketing video on their website and it’s honestly, while I think harmless, cryptic as FUCK.
Thank you for that too, awesome insight.
My personal network and various hosts are on a beefed up Dell Optiplex 7050 and using VMs under ESXi. I can 100% confirm that if pfSense goes down (with or without OpenVPN running, I can toggle it in the web GUI without any noticable change in speed or connectivity) its essentially a kill switch. The box has 3 NICs (ethernet only, wireless off a NG R7000 behind a switch/on VLAN) and pf is the only service that is attached to the WAN. My setup is unique in that I personally don’t have access to the ISP router/modem or account, which is why I built it all out in the first place.
I was puzzled but now I’m stumped haha. There has got to be something local in my opinion at this point. To my experience Nord’s customer service is great, I’d reach out to them and just start off with “look, it’s complicated and if you don’t know please connect me to someone who might”
It’s been fun exploring this though, I’m out of any even remotely helpful insight but I do appreciate the back and forth, definitely got me learning some things. I have also found that their self help is generally useless, geared towards the plug n play crowd as their service generally is. Maybe there’s some PowerShell or CMD options you can explore as the Linux client is completely terminal based.
Hear me out, what if you created a low profile VM locally that hosted Nord exclusively and just pointed to that in effort to bypass this issue? Talking 1gig ram and 1 CPU core, shortcut to launch or add to startup? I don’t know, but thanks again for letting me take some of your time
Hear me out, what if you created a low profile VM locally that hosted Nord exclusively and just pointed to that in effort to bypass this issue? Talking 1gig ram and 1 CPU core, shortcut to launch or add to startup? I don’t know, but thanks again for letting me take some of your time
I don’t think you would gain anything, apart from offloading the CPU and RAM it takes to run Nord off say your gaming PC (which any VPN can get quite high if you push lots of traffic, just how traffic routing works, it takes more compute with more traffic so your VM would need to be beefier), I really don’t see an issue with this second virtual adapter running other than it’s weird but does boost your VPN speeds significantly…So I get why it exists, it doesn’t seem to harm anything. It’s just a weird design if that makes sense.
You seem fairly knowledgeable which is great, but I’m happy to answer any other cloud computing questions you may have. I have designed physical data centers which is much more electrical engineering, and additionally huge cloud computing IaaS platforms that you shove inside them. I love teaching this shit so it’s not a burden at all.
It does, now I wanna look more into what’s actually running on my desktop. Surely I have something similar happening that I’m unaware of. I’ve seen the virtual adapter and all but didn’t think anything of it nor did I experience much difference btwn having Nord enabled or disabled. Do you have meshnet enabled?
If you designed them then I was the guy building similar projects for Verizon, lead the RF crews for them during the 2020 super bowl in Miami among whole lot of climbing towers before I got into helpdesk. I’m sure Ive got plenty more as I intend to build out a cloud on this server.
.