I have set up an IPSec IKEv2 tunnel on a hap ac3 router following the following steps: https://support.nordvpn.com/Connectivity/Router/1360295132/Mikrotik-IKEv2-setup-with-NordVPN.htm
I have tested this NordVPN server on my Samsung Android phone using StrongSwan and it is working fine on my phone.
I have set up the firewall rule such that all LAN clients should tunnel:
/ip firewall address-list
add address=192.168.2.0/24 list=local
Note: The router lan address is set to 192.168.2.1
However, once the peer is active, the following behavior occurs on the router:
- the download test (speedtest.net) with a wireless client runs fine
- the upload test (speedtest.net) is extremely slow (0.01 Mbps)
- clients connected to LAN ports cannot access the internet
Below is the output from /ip firewall nat print
0 D ;;; ipsec mode-config
chain=srcnat action=src-nat to-addresses=10.6.1.111 src-address-list=local
dst-address-list=!local
1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none