Help with IKEv2/IPsec client configuration

Hello,

I’m trying to configure IKEv2/IPsec connection to NordVPN.
I’m using ROS v6.41.rc34 on hEX (mmips).
I have imported the root certificate from NordVPN and now I need to be able to configure the following parameters for my IPsec client Peer:

• Exchange mode: IKE2 (ok)
• Server address: us884.nordvpn.com (ok)
• Certificate: root.der_0 (ok)
  Login: “NordVPN Username”
  Password: “NordVPN Passworkd”

It’s with the last two parameters (login and password) that I have problem: if I choose “Auth. Method” in IPsec Peer Configuration to “rsa signature hybrid”, I get an error: “unsupported auth method by IKEv2 (6)”. No other auth. method option allows me to enter certificate, login and password.

Please help.

Thanks,
Pung1991.

Could someone from the MikroTik community please reply and help with the IKEv2 client configuration setup for NordVPN (or any other non-MikroTik VPN provider)?
Thanks a lot in advance.

I too am interested in getting this to work, however, I spoke to NordVPN support and they stated the following:-

As for IKEv2 unfortunately, it doesn’t recognize our server certificates and fails to establish connection

I’m not 100% what they mean by this. I was able to import the certificate Ok without error and select it within the profile however they won’t provide any more details.

any updates on this, did you get it working?

Unfortunately, I haven’t heard back anything from MikroTik on this topic.
Tried also talking to NordVPN support, but they were unable to help me as well
It looks like we need to wait for a miracle a.k.a. White Unicorn, a.k.a. MikroTik RouterOS v7 for any working IKEv2 and/or OpenVPN support (including UDP, certificates and LZO).

It looks like NordVPN uses EAP authentication for IKEv2 which is unfortunately not supported in current versions of RouterOS.

Hi Emils,

Any ETA on when this option or a working OpenVPN implementation with LZO, UDP, and Certificate authentication support will be available in the RouterOS?

Thanks,
Pung1991

Any update on this - It would be very useful right now.

+1 I could do with this running on my shiny new hap ac2 !
cant use L2TP/IPsec due to all the warnings about it being a bit crap!.
cheers

+1 - much needed.

Well, I actually make NordVPN works for L2TP/IPsec, if anyone interesting. on RB2011.
Even more, it works in configuration “dual VPN” - i.e. L2TP with provider and L2TP/IPSec VPN to Nord VPN

@Dimonana - sounds interesting
Please provide more details on configuring LT2TP/IPSec VPN with Nord VPN. Does it work with all servers or only with the old ones?
Were you able to configure IKEv2 for Nord VPN?

Em, as I said, I’ve setup L2TP/IPSec to NordVPN - and yes, that old servers - just 80 left from 4500+ of overall NordVPN.
And tomorrow it stopeed working - again with all old servers. Trash

At least PIA servers still support L2TP/IPSec without any issue. With the HW encryption support in 750G R3, you can get up to 60 MB/sec

Has there been any changes on this with the likes to supporting NordVPN Client setup using IKEv2?

Thanks

Not to my knowledge

Anyone from Mikrotik who is reading these forums and care to comment?

Nothing has changed. As I said, currently EAP authentication as initiator is not possible for IKEv2.

Is there any plans to implement it?

Most likely not until version 7.

Anyone willing to test it, here is your chance. Let me know if any help with configuration is needed.

Many thanks and I have working with PureVPN and their support could not help me much.

I sm uding now a IP address of one of their XX-ikev.ptoservers so that the internal and network IP (range) is constant. This have a src-nst with a condtant gateway.

Thanks to Mikrotik make it possible and also NordVPN to who outlawed L2TP PPTP. OpenVPN is reserved for ROS 7 so that could be close or still far away.