NordVPN on Linode
I have installed NordVPN on a Ubuntu Linode. The installation works ok, however, I loose connectivity to the terminal when I try to connect to the VPN.
I have tried whitelisting port 22, which is how this is solved in my local implementations.
Does anyone know how to make it work on a Linode?
So since you're running a client on the Linode, this behavior is actually expected by default. If you try to access your Linode directly over Lish and use this dig command to see that you can reach the internet and verify that the NordVPN IP is being recognized as your public IP rather than your Linode's.
This is what you want, but it also has the side effect of interrupting your SSH session since traffic coming back is now being routed through the NordVPN IP, and can no longer make it back on your connection established through the normal Linode IP.
This community post has some extensive discussion on the topic as well as some great examples of getting this to work with OpenVPN.
That said, since you are using NordVPN the IP will most likely be changing dynamically you will want to look into this with NordVPN specifically. I found this thread which seems to have a solution though I wasn't able to test it myself:
Essentially you'll be doing a similar whitelist with the built in nordvpn command:
nordvpn whitelist add port 22
You can use this for any ports you need to be reachable over the Linode IP as well, like a hosted site or application.
Once you have the VPN up and running with the whitelist you can confirm it's working by either of these commands to fetch your internet visible public IP:
dig +short myip.opendns.com @resolver1.opendns.com curl ipv4.icanhazip.com
I ended up testing this myself and can confirm that in addition to using the nordvpn whitelist command you'll also need to manually add a route with these commands.
ip rule add from x.x.x.x table 128 ip route add table 128 to y.y.y.y/y dev eth0 ip route add table 128 default via z.z.z.z
Where x.x.x.x is your Server public IP, y.y.y.y/y should be the subnet of your Server public IP address, eth0 should be your Server public Ethernet interface, and z.z.z.z should be the default gateway.