Hi all,
I’m pretty new to Mikrotik and RouterOS.
I’m trying to follow allong with this NordVPN/IPSec tutorial, and the command to register a new IPSec Identity is not working for me.
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=support@mikrotik.com password=secret
I know I am in the right scope, /ip ipsec identity, but it tells me “expected end of command (line 1 column 36)”.
The GUI has no options for Username and Password. And if I try to add the identity without eap-methods=eap-mschapv2 and username and password, which seems to make the command valid, it tells me “EAP supported only for responder”.
If anyone could help me out with what I could be doing wrong, it would be much appreciated.
Same problem here. I’m not seeing “eap” in the auth method list. When I use the terminal I always get an error message saying: EAP supported only for responder.
Please help.
Thanks.
Same problem here : hanging in EAP.
It used to work in the past, and even weirder: its still working fine for US + Canada, eg ca1069.nordvpn.com or us8375.nordvpn.com.
Any suggestions ?
Same over here and gets stuck on the EAP. Time to invoke support of NordVPN.
Apr/23/2021 08:33:08 ipsec -> ike2 reply, exchange: AUTH:4 213.232.87.121[4500] 32061b3dfe12f257:ca15adba805cbf6c
Apr/23/2021 08:33:08 ipsec payload seen: ENC (60 bytes)
Apr/23/2021 08:33:08 ipsec processing payload: ENC
Apr/23/2021 08:33:08 ipsec,debug => iv (size 0x10)
Apr/23/2021 08:33:08 ipsec,debug af1156bd a0468151 80799c14 a81e8615
Apr/23/2021 08:33:08 ipsec,debug decrypted packet
Apr/23/2021 08:33:08 ipsec,debug,packet => decrypted packet (size 0x24)
Apr/23/2021 08:33:08 ipsec,debug,packet 32061b3d fe12f257 ca15adba 805cbf6c 30202320 00000004 00000024 00000008
Apr/23/2021 08:33:08 ipsec,debug,packet 04020004
Apr/23/2021 08:33:08 ipsec payload seen: EAP (8 bytes)
Apr/23/2021 08:33:08 ipsec processing payloads: NOTIFY (none found)
Apr/23/2021 08:33:08 ipsec processing payload: EAP
Apr/23/2021 08:33:08 ipsec,error EAP failed:
Apr/23/2021 08:33:08 ipsec,info killing ike2 SA: x.x.x.x[4500]-213.232.87.121[4500] spi:32061b3dfe12f257:ca15adba805cbf6c
Found my solution and maybe that goes up for many others.
I was using my email and password to use the VPN on the Mikrotik for almost two years now and it worked like a charm. I tried many things in the router but that did not change anything.
It seems that NordVPN does not allow using their service with just e-mail and password and now you get a dedicated username and password generated by them to be used in manual setups.
You can find those generated setting on the following page: my.nordaccount.com/dashboard/nordvpn/ and look under Advanced configuration
I hope that this helps, so that not many have to search everywhere like I did to see this be changed without any notification by NordVPN.
thanks, changing username password solved my issues as well !