Community discussions

MikroTik App
 
dark
just joined
Topic Author
Posts: 1
Joined: Tue Nov 20, 2018 7:04 pm

Route all traffic through NordVPN?

Tue Nov 20, 2018 7:29 pm

Hello,

I am new to MikroTik and bought a Mikrotik hAP Lite Intern (RB941-2nD) and would like to configure the following:
The router is behind a firewall I have no access to. To use VPN I have to use Port 443 and TCP.
It is connected to the network with a LAN cable and should be an access point that routes all traffic through a NordVPN Server.

I tried a few tutorials, but nothing worked. The NordVPN support says that the router doesn't support OpenVPN, but it obviously does.
Any chance to do the above?

Thank you for every answer :)

(Here is the .ovpn file I have: https://downloads.nordcdn.com/configs/f ... m.tcp.ovpn)
 
User avatar
m4t7e0
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Tue Jun 09, 2015 12:17 am
Contact:

Re: Route all traffic through NordVPN?

Wed Nov 21, 2018 7:30 pm

Hi, yes is possible,
first step is setup your openVPN VPN you know hot to do it?
Plese Read https://support.nordvpn.com/#/Connectiv ... -Setup.htm
than you can simple make a prerouting "NordVPN route" mangle rules with for all the traffic that you want to route on NordVPN and than add a static route 0.0.0.0/0 gateway "nordvpn inteface" route mangle "NordVPN route"
 
sharik987
just joined
Posts: 7
Joined: Wed Oct 23, 2013 9:56 am

Re: Route all traffic through NordVPN?

Tue Nov 27, 2018 10:29 am

How did you set up Mikrotik with NordVPN?
 
msatter
Forum Guru
Forum Guru
Posts: 1760
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Route all traffic through NordVPN?

Tue Nov 27, 2018 1:48 pm

Mikrotik does not yet support the features needed to make use those kind of OpenVPN services.
L2TP/IPSEC is fully supported.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.47.1 / Winbox 3.24 / MikroTik APP 1.3.14
 
filipelias
just joined
Posts: 9
Joined: Sat Jan 06, 2018 9:44 pm

Re: Route all traffic through NordVPN?

Tue Nov 27, 2018 3:03 pm

Hi, yes is possible,
first step is setup your openVPN VPN you know hot to do it?
Plese Read https://support.nordvpn.com/#/Connectiv ... -Setup.htm
than you can simple make a prerouting "NordVPN route" mangle rules with for all the traffic that you want to route on NordVPN and than add a static route 0.0.0.0/0 gateway "nordvpn inteface" route mangle "NordVPN route"
Mikrotik does not yet support the features needed to make use those kind of OpenVPN services.
L2TP/IPSEC is fully supported.
So, Is it possible or not?

Send from my Moto Z Play using Tapatalk.

 
sharik987
just joined
Posts: 7
Joined: Wed Oct 23, 2013 9:56 am

Re: Route all traffic through NordVPN?

Wed Nov 28, 2018 10:09 am

L2TP/IPSEC is fully supported.
Why does not it work?

/interface l2tp-client
add connect-to=us2854.nordvpn.com ipsec-secret=nordvpn name=L2TP-nordvpn password=xxxxxxx profile=default user=xxxxxx@gmail.com
/ip ipsec peer
add address=us2854.nordvpn.com disabled=yes exchange-mode=main-l2tp generate-policy=port-strict secret=nordvpn (ipisec manual mode)
add address=87.101.95.163/32 exchange-mode=main-l2tp generate-policy=port-strict secret=nordvpn (ipisec dinamic mode)
/ip ipsec policy
add dst-address=87.101.95.163/32 dst-port=1701 proposal=NordVPN protocol=udp src-address=10.153.XXX.XX/32 src-port=1701
/ip firewall filter
add action=accept chain=input comment="aloow ipsec-ah" protocol=ipsec-ah
add action=accept chain=input comment="allow ipsec-esp" protocol=ipsec-esp
add action=accept chain=input comment="allow l2tp" dst-port=1701,500,4500 protocol=udp
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc,aes-128-cbc,3des
add auth-algorithms=md5 enc-algorithms=3des lifetime=1h name=NordVPN
You do not have the required permissions to view the files attached to this post.
 
darkprocess
Member Candidate
Member Candidate
Posts: 255
Joined: Fri Mar 20, 2015 1:16 pm

Re: Route all traffic through NordVPN?

Wed Nov 28, 2018 1:01 pm

NordVPN dropped support of l2tp.
 
msatter
Forum Guru
Forum Guru
Posts: 1760
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Route all traffic through NordVPN?

Wed Nov 28, 2018 1:45 pm

NordVPN dropped support of l2tp.
Is going to drop support for it on the 1st of December.

https://nordvpn.com/blog/l2tp-pptp-protocol-update/

Come on Mikrotik. We can't use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.47.1 / Winbox 3.24 / MikroTik APP 1.3.14
 
marianob85
just joined
Posts: 15
Joined: Wed Feb 08, 2017 9:47 pm

Re: Route all traffic through NordVPN?

Sun Dec 02, 2018 1:48 pm

@Mikrotik support.
When we can expect OVPN or IKEv2 support for NordVPN ?
 
User avatar
m4t7e0
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Tue Jun 09, 2015 12:17 am
Contact:

Re: Route all traffic through NordVPN?

Thu Dec 06, 2018 6:42 pm

Hello,
I am new to MikroTik and bought a Mikrotik hAP Lite Intern (RB941-2nD) and would like to configure the following:
The router is behind a firewall I have no access to. To use VPN I have to use Port 443 and TCP.
Hi dear, i'm so sorry i forgot about USING TCP 443 Port, the only avaiable VPN i think the good one is using SSL like SSTP, but seem they doesen't support this protocol.
 
castlemaster
just joined
Posts: 5
Joined: Mon Apr 09, 2018 12:04 pm

Re: Route all traffic through NordVPN?

Fri Dec 07, 2018 2:09 pm

I've just been chatting with NordVPN about this matter too and they say it's mikrotik's OpenVPN Client implementation that's broken, so when can we expect a fix? They suggest flashing OpenWRT or DD-WRT but I don't want to touch those.
 
lucasimo88
just joined
Posts: 8
Joined: Fri Apr 06, 2018 8:43 pm

Re: Route all traffic through NordVPN?

Fri Dec 07, 2018 9:37 pm

I've just been chatting with NordVPN about this matter too and they say it's mikrotik's OpenVPN Client implementation that's broken, so when can we expect a fix? They suggest flashing OpenWRT or DD-WRT but I don't want to touch those.
We need complete support for IPSEC/IKEv2 with EAP Authentication...
 
TheSirStumfy
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sun Oct 14, 2018 7:54 pm

Re: Route all traffic through NordVPN?

Tue Dec 11, 2018 8:39 am

Last i heard about this was "probably in rOs V7"... :(
 
psydrohne
just joined
Posts: 3
Joined: Sun Jan 06, 2019 5:25 pm

Re: Route all traffic through NordVPN?

Sun Jan 06, 2019 5:49 pm

[/quote]
Come on Mikrotik. We can't use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.
[/quote]

Please make OpenVPN or IKEv2 support for NordVPN soon! My Microtik hEX is actually useless, because NordVPN drops L2TP support...
 
User avatar
Xymox
Member
Member
Posts: 391
Joined: Thu Jan 21, 2010 5:04 pm
Location: Phoenix, Arizona US
Contact:

Re: Route all traffic through NordVPN?

Mon Jan 28, 2019 2:39 pm

Ive been asking and posting about this for years. I do not understand why Mikrotik refuses to address this. Its very easy to add this. They added "kid control" which was far more difficult and involved.

Could there be some reason they have intentionally not implemented OpenVPN fully ? Does it create a level of security for users that some countries don't like ?

Over years I have seen this come up over and over and it never gets solved.
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 917
Joined: Mon May 14, 2012 9:30 pm

Re: Route all traffic through NordVPN?

Mon Jan 28, 2019 8:34 pm

OVPN has not worked on port 1194 for about 10 years now.

Also as for using those VPN services to "side step" geolocation... providers update their blacklists from time to time too.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
bgma
just joined
Posts: 1
Joined: Fri Sep 14, 2018 8:38 am

Re: Route all traffic through NordVPN?

Mon Mar 11, 2019 11:09 am

Any news on OpenVPN client?
I find it rude that Mikrotik doesn't even bother to comment ...
 
jimint
just joined
Posts: 10
Joined: Fri Aug 11, 2017 12:58 am

Re: Route all traffic through NordVPN?

Tue Mar 19, 2019 10:21 am

Ive been asking and posting about this for years. I do not understand why Mikrotik refuses to address this. Its very easy to add this. They added "kid control" which was far more difficult and involved.

Could there be some reason they have intentionally not implemented OpenVPN fully ? Does it create a level of security for users that some countries don't like ?

Over years I have seen this come up over and over and it never gets solved.
+1000
 
pronto
just joined
Posts: 3
Joined: Tue Sep 11, 2018 12:45 pm

Re: Route all traffic through NordVPN?

Thu Jul 04, 2019 10:27 pm

 
User avatar
Polard55
just joined
Posts: 4
Joined: Tue Jul 09, 2019 9:00 am

Re: Route all traffic through NordVPN?

Tue Jul 09, 2019 9:52 am

Seems to be working now, see here: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
That's great news that finally Mikrotik is supporting IKEv2 properly, Btw I have been using L2tp Protocol on Mikrotik, as my vpn client [REDACTED] still support it, I have configured it easily by following this guide: https://www.[REDACTED].com/download/router-vpn but still I want to switch it on IKev2 as its much better and secure protocol and finally I can do it. Thanks for sharing this.
 
daydiff
just joined
Posts: 2
Joined: Tue Dec 10, 2019 6:09 pm

Re: Route all traffic through NordVPN?

Sat Dec 14, 2019 11:28 am

Seems to be working now, see here: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS

Is it broken again? I'm getting an error on the latest RouterOS 6.46

21:30:42 ipsec ike2 starting for: 23.226.132.237 
21:30:43 ipsec adding notify: NAT_DETECTION_DESTINATION_IP 
21:30:43 ipsec adding notify: NAT_DETECTION_SOURCE_IP 
21:30:43 ipsec adding payload: NONCE 
21:30:43 ipsec adding payload: KE 
21:30:43 ipsec adding payload: SA 
21:30:43 ipsec <- ike2 request, exchange: SA_INIT:0 23.226.132.237[4500] 6d7e507d7e8ae0b2:0000000000000000 
21:30:43 ipsec -> ike2 reply, exchange: SA_INIT:0 23.226.132.237[4500] 6d7e507d7e8ae0b2:0000000000000000 
21:30:43 ipsec payload seen: NOTIFY 
21:30:43 ipsec first payload is NOTIFY 
21:30:43 ipsec processing payloads: NOTIFY 
21:30:43 ipsec   notify: COOKIE 
21:30:43 ipsec adding notify: COOKIE 
21:30:43 ipsec adding notify: NAT_DETECTION_DESTINATION_IP 
21:30:43 ipsec adding notify: NAT_DETECTION_SOURCE_IP 
21:30:43 ipsec adding payload: NONCE 
21:30:43 ipsec adding payload: KE 
21:30:43 ipsec adding payload: SA 
21:30:43 ipsec -> ike2 reply, exchange: SA_INIT:0 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:43 ipsec ike2 initialize recv 
21:30:43 ipsec payload seen: SA 
21:30:43 ipsec payload seen: KE 
21:30:43 ipsec payload seen: NONCE 
21:30:43 ipsec payload seen: NOTIFY 
21:30:43 ipsec payload seen: NOTIFY 
21:30:43 ipsec payload seen: NOTIFY 
21:30:43 ipsec processing payload: NONCE 
21:30:43 ipsec processing payload: SA 
21:30:43 ipsec IKE Protocol: IKE 
21:30:43 ipsec  proposal #1 
21:30:43 ipsec   enc: aes128-cbc 
21:30:43 ipsec   prf: hmac-sha1 
21:30:43 ipsec   auth: sha1 
21:30:43 ipsec   dh: modp2048 
21:30:43 ipsec matched proposal: 
21:30:43 ipsec  proposal #1 
21:30:43 ipsec   enc: aes128-cbc 
21:30:43 ipsec   prf: hmac-sha1 
21:30:43 ipsec   auth: sha1 
21:30:43 ipsec   dh: modp2048 
21:30:43 ipsec processing payload: KE 
21:30:43 ipsec,info new ike2 SA (I): 192.168.178.24[4500]-23.226.132.237[4500] spi:6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:43 ipsec processing payloads: NOTIFY 
21:30:43 ipsec   notify: NAT_DETECTION_SOURCE_IP 
21:30:43 ipsec   notify: NAT_DETECTION_DESTINATION_IP 
21:30:43 ipsec   notify: MULTIPLE_AUTH_SUPPORTED 
21:30:43 ipsec (NAT-T) LOCAL 
21:30:43 ipsec KA list add: 192.168.178.24[4500]->23.226.132.237[4500] 
21:30:43 ipsec init child 
21:30:43 ipsec init child continue 
21:30:43 ipsec offering proto: 3 
21:30:43 ipsec  proposal #1 
21:30:43 ipsec   enc: aes256-cbc 
21:30:43 ipsec   enc: aes192-cbc 
21:30:43 ipsec   enc: aes128-cbc 
21:30:43 ipsec   auth: sha1 
21:30:43 ipsec can't get local certificate from configuration 
21:30:43 ipsec ID_I (ADDR4): 192.168.178.24 
21:30:43 ipsec adding payload: ID_I 
21:30:43 ipsec adding notify: INITIAL_CONTACT 
21:30:43 ipsec adding payload: SA 
21:30:43 ipsec initiator selector: 0.0.0.0/0 
21:30:43 ipsec adding payload: TS_I 
21:30:43 ipsec responder selector: 0.0.0.0/0 
21:30:43 ipsec adding payload: TS_R 
21:30:43 ipsec prepearing internal IPv4 address 
21:30:43 ipsec prepearing internal IPv4 netmask 
21:30:43 ipsec prepearing internal IPv6 subnet 
21:30:43 ipsec prepearing internal IPv4 DNS 
21:30:43 ipsec adding payload: CONFIG 
21:30:43 ipsec <- ike2 request, exchange: AUTH:1 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:43 ipsec -> ike2 reply, exchange: AUTH:1 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:43 ipsec payload seen: ENC 
21:30:43 ipsec processing payload: ENC 
21:30:43 ipsec payload seen: ID_R 
21:30:43 ipsec payload seen: CERT 
21:30:43 ipsec payload seen: CERT 
21:30:43 ipsec payload seen: AUTH 
21:30:43 ipsec payload seen: EAP 
21:30:43 ipsec processing payloads: NOTIFY (none found) 
21:30:43 ipsec ike auth: initiator finish 
21:30:43 ipsec processing payload: ID_R 
21:30:43 ipsec ID_R (FQDN): us3398.nordvpn.com 
21:30:43 ipsec processing payload: AUTH 
21:30:43 ipsec processing payloads: CERT 
21:30:43 ipsec got CERT: us3398.nordvpn.com 
21:30:43 ipsec got CERT: CN=NordVPN CA4,C=PA,ST=,L=,O=NordVPN,OU=,SN= 
21:30:43 ipsec requested auth method: RSA 
21:30:44 ipsec,info,account peer authorized: 192.168.178.24[4500]-23.226.132.237[4500] spi:6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:44 ipsec processing payload: EAP 
21:30:44 ipsec adding payload: EAP 
21:30:44 ipsec <- ike2 request, exchange: AUTH:2 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:44 ipsec -> ike2 reply, exchange: AUTH:2 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:44 ipsec payload seen: ENC 
21:30:44 ipsec processing payload: ENC 
21:30:44 ipsec payload seen: EAP 
21:30:44 ipsec processing payloads: NOTIFY (none found) 
21:30:44 ipsec processing payload: EAP 
21:30:44 ipsec adding payload: EAP 
21:30:44 ipsec <- ike2 request, exchange: AUTH:3 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:44 ipsec -> ike2 reply, exchange: AUTH:3 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:44 ipsec payload seen: ENC 
21:30:44 ipsec processing payload: ENC 
21:30:44 ipsec payload seen: EAP 
21:30:44 ipsec processing payloads: NOTIFY (none found) 
21:30:44 ipsec processing payload: EAP 
21:30:44 ipsec adding payload: EAP 
21:30:44 ipsec <- ike2 request, exchange: AUTH:4 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:46 ipsec -> ike2 reply, exchange: AUTH:4 23.226.132.237[4500] 6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:46 ipsec payload seen: ENC 
21:30:46 ipsec processing payload: ENC 
21:30:46 ipsec payload seen: EAP 
21:30:46 ipsec processing payloads: NOTIFY (none found) 
21:30:46 ipsec processing payload: EAP 
21:30:46 ipsec,error EAP failed:  
21:30:46 ipsec,info killing ike2 SA: 192.168.178.24[4500]-23.226.132.237[4500] spi:6d7e507d7e8ae0b2:8c639a553a050e77 
21:30:46 ipsec KA remove: 192.168.178.24[4500]->23.226.132.237[4500]

Who is online

Users browsing this forum: k6ccc and 30 guests