IPsec Nordvpn no more connection

Hello,

Since the last few Updates my NordVPN configuration doesn’t work anymore.
I don’t know if the Update is at fault or I changed anything I should not.

The problem is, that the router can’t connect to NordVPN. The router tries reconnecting every few seconds.
Here is a part from the log. I don’t know if thats help to find the error.

22:00:13 ipsec <- ike2 request, exchange: AUTH:4 5.180.62.54[4500] 13bee50222693665:69adc1ff8d728f96 
22:00:13 ipsec,debug ===== sending 236 bytes from 87.181.207.42[4500] to 5.180.62.54[4500] 
22:00:13 ipsec,debug 1 times of 240 bytes message will be sent to 5.180.62.54[4500] 
22:00:15 ipsec,debug ===== received 76 bytes from 5.180.62.54[4500] to 87.181.207.42[4500] 
22:00:15 ipsec -> ike2 reply, exchange: AUTH:4 5.180.62.54[4500] 13bee50222693665:69adc1ff8d728f96 
22:00:15 ipsec payload seen: ENC (48 bytes) 
22:00:15 ipsec processing payload: ENC 
22:00:15 ipsec,debug => iv (size 0x10) 
22:00:15 ipsec,debug 00c52864 9556711a 3a6bcb4f 9b35e707 
22:00:15 ipsec,debug => plain payload (trimmed) (size 0x8) 
22:00:15 ipsec,debug 00000008 04020004 
22:00:15 ipsec,debug decrypted 
22:00:15 ipsec payload seen: EAP (8 bytes) 
22:00:15 ipsec processing payloads: NOTIFY (none found) 
22:00:15 ipsec processing payload: EAP 
22:00:15 ipsec,error EAP failed:

The Log is over 900 lines long. I don’t know if I can post the whole log, or if there any sensible data. Please advise me. If needed, I can post the whole thing.
I’m not really good in RouterOS, the most things I do with try and error
If you need any config to help me localise the problem, than please let me know.

By the way, I used this tutorial to set up the VPN.
https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS
In the beginning it works pretty well, but now I doesn’t know where I should search the problem.
I have deleted the whole ipsec config and tried to setup it new, but no success. Still the same problem.

I hope anybody can help me with it.
Thanks

You should post the relevant part of your configuration. Something like this could help:

/ip ipsec export hide-sensitive

The NordVPN CA certificate is installed? System time is set correctly?

Thank you for your help.
Here is my ipsec config:

[stonie@MikroTik_Router] > /ip ipsec export hide-sensitive
# mar/02/2020 17:07:13 by RouterOS 6.46.4
# software id = JAQM-WPKB
#
# model = CCR1009-8G-1S-1S+
# serial number = 5A18043D07A0
/ip ipsec mode-config
add connection-mark=NordVPN name=NordVPN responder=no
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=de713.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des pfs-group=none
add name=NordVPN pfs-group=none
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=xxxxx@xxxxmail.com
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes

Sytem time is one minute off to my PC, should be ok, or not?
Certificate is installed, like in the howto described:

[stonie@MikroTik_Router] > /certificate print where name~"root.der"
Flags: K - private-key, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted 
 #         NAME                       COMMON-NAME                     SUBJECT-ALT-NAME                                                  FINGERPRINT                    
 0       T root.der_0                 NordVPN Root CA                                                                                   8b5a495db498a6c2c8ca7af6ae4a...

The only think I found to be different is:

set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des pfs-group=none

Mine:

add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc name=NordVPN pfs-group=none

I enforce sha256 for authorizations and encoding only aes-256-cbc. A bit slower but safer.

Thank you for your advice, but unfortunately still the same problem.

OmG how embarrassing, Only to test it I have entered the password new and now it works.
Sorry guys that was really dumb.
I’m so sorry.

Nevertheless, thank you for your help.

No problem it happens to the best.