Route all traffic through NordVPN?

dark · November 20, 2018, 5:29pm

Hello,

I am new to MikroTik and bought a Mikrotik hAP Lite Intern (RB941-2nD) and would like to configure the following:
The router is behind a firewall I have no access to. To use VPN I have to use Port 443 and TCP.
It is connected to the network with a LAN cable and should be an access point that routes all traffic through a NordVPN Server.

I tried a few tutorials, but nothing worked. The NordVPN support says that the router doesn’t support OpenVPN, but it obviously does.
Any chance to do the above?

Thank you for every answer

(Here is the .ovpn file I have: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/ch106.nordvpn.com.tcp.ovpn)

m4t7e0 · November 21, 2018, 5:30pm

Hi, yes is possible,
first step is setup your openVPN VPN you know hot to do it?
Plese Read https://support.nordvpn.com/#/Connectivity/Router/1136267512/Mikrotik-Setup.htm
than you can simple make a prerouting “NordVPN route” mangle rules with for all the traffic that you want to route on NordVPN and than add a static route 0.0.0.0/0 gateway “nordvpn inteface” route mangle “NordVPN route”

sharik987 · November 27, 2018, 8:29am

How did you set up Mikrotik with NordVPN?

msatter · November 27, 2018, 11:48am

Mikrotik does not yet support the features needed to make use those kind of OpenVPN services.
L2TP/IPSEC is fully supported.

filipelias · November 27, 2018, 1:03pm

So, Is it possible or not?

Send from my Moto Z Play using Tapatalk.

sharik987 · November 28, 2018, 8:09am

Why does not it work?

/interface l2tp-client
add connect-to=us2854.nordvpn.com ipsec-secret=nordvpn name=L2TP-nordvpn password=xxxxxxx profile=default user=xxxxxx@gmail.com
/ip ipsec peer
add address=us2854.nordvpn.com disabled=yes exchange-mode=main-l2tp generate-policy=port-strict secret=nordvpn (ipisec manual mode)
add address=87.101.95.163/32 exchange-mode=main-l2tp generate-policy=port-strict secret=nordvpn (ipisec dinamic mode)
/ip ipsec policy
add dst-address=87.101.95.163/32 dst-port=1701 proposal=NordVPN protocol=udp src-address=10.153.XXX.XX/32 src-port=1701
/ip firewall filter
add action=accept chain=input comment=“aloow ipsec-ah” protocol=ipsec-ah
add action=accept chain=input comment=“allow ipsec-esp” protocol=ipsec-esp
add action=accept chain=input comment=“allow l2tp” dst-port=1701,500,4500 protocol=udp
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc,aes-128-cbc,3des
add auth-algorithms=md5 enc-algorithms=3des lifetime=1h name=NordVPN

darkprocess · November 28, 2018, 11:01am

NordVPN dropped support of l2tp.

msatter · November 28, 2018, 11:45am

Is going to drop support for it on the 1st of December.

https://nordvpn.com/blog/l2tp-pptp-protocol-update/

Come on Mikrotik. We can’t use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.

marianob85 · December 2, 2018, 11:48am

@Mikrotik support.
When we can expect OVPN or IKEv2 support for NordVPN ?

m4t7e0 · December 6, 2018, 4:42pm

Hi dear, i’m so sorry i forgot about USING TCP 443 Port, the only avaiable VPN i think the good one is using SSL like SSTP, but seem they doesen’t support this protocol.

castlemaster · December 7, 2018, 12:09pm

I’ve just been chatting with NordVPN about this matter too and they say it’s mikrotik’s OpenVPN Client implementation that’s broken, so when can we expect a fix? They suggest flashing OpenWRT or DD-WRT but I don’t want to touch those.

lucasimo88 · December 7, 2018, 7:37pm

We need complete support for IPSEC/IKEv2 with EAP Authentication…

TheSirStumfy · December 11, 2018, 6:39am

Last i heard about this was “probably in rOs V7”…

psydrohne · January 6, 2019, 3:49pm

[/quote]
Come on Mikrotik. We can’t use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.
[/quote]

Please make OpenVPN or IKEv2 support for NordVPN soon! My Microtik hEX is actually useless, because NordVPN drops L2TP support…

Xymox · January 28, 2019, 12:39pm

Ive been asking and posting about this for years. I do not understand why Mikrotik refuses to address this. Its very easy to add this. They added “kid control” which was far more difficult and involved.

Could there be some reason they have intentionally not implemented OpenVPN fully ? Does it create a level of security for users that some countries don’t like ?

Over years I have seen this come up over and over and it never gets solved.

gotsprings · January 28, 2019, 6:34pm

OVPN has not worked on port 1194 for about 10 years now.

Also as for using those VPN services to “side step” geolocation… providers update their blacklists from time to time too.

bgma · March 11, 2019, 9:09am

Any news on OpenVPN client?
I find it rude that Mikrotik doesn’t even bother to comment …

jimint · March 19, 2019, 8:21am

+1000

pronto · July 4, 2019, 7:27pm

Seems to be working now, see here: https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS

Polard55 · July 9, 2019, 6:52am

That’s great news that finally Mikrotik is supporting IKEv2 properly, Btw I have been using L2tp Protocol on Mikrotik, as my vpn client PureVPN still support it, I have configured it easily by following this guide: https://www.purevpn.com/download/router-vpn but still I want to switch it on IKev2 as its much better and secure protocol and finally I can do it. Thanks for sharing this.