Ok, that is, from your speech, I understand that if it's just OpenVPN ?Nope to both (moreover, non-accelerated AES on OVPN will be slow).
Since NordVPN has deprecated L2TP/IPsec in late 2018 (for some obscure reasons), ROS is no longer able to connect to NordVPN.
I've replaced my CHR with OPNsense because of that, and currently using OVPN from it.
Runs well, including AES-NI support (but I had to request certain changes to virtual hw as my VPS provider hasn't forwarded CPU flags correctly by default).
Still NordVPN is not very handy as they tend to change servers quite often, and doesn't have accessible registry of currently available servers.
Confirmed working with 6.45beta54.IKEv2 from NordVPN should work with latest testing releases, where support for EAP authentication methods was added.
See this post for details: viewtopic.php?f=2&t=126221#p731754
Did anybody report the PFS rekeying issue to Mikrotik? Any news on this topic?can confirm rekeying is broken in 6.45.1stable, the only solution to don't drop connection is to set PFS Group to: none, in IPsec proposal
13:33:33 ipsec got error: NO_PROPOSAL_CHOSEN
Information about this hack from the side of NordVPN:NordVPN was hacked recently. I have seen a lot of user accounts leaked on pastebins and forums. I would suggest users to stay away from that provider for a while