I have followed this tutorial without success: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
As soon as I add the ipsec identity and it tries to connect to the NordVPN server, I get the following in the log:
new ike2 SA (I): NordVPN 197.123.75.147[4500]-185.234.243.27[4500] spi:123459cda6fd67b1:123457e581dd4624
unable to get local issuer certificate(20) at depth:1 cert:CN=NordVPN CA7,C=PA,ST=,L=,O=NordVPN,OU=,SN=
can't verify peer's certificate from store
peer failed to authorize: NordVPN 197.123.75.147[4500]-185.234.243.27[4500] spi:123459cda6fd67b1:123457e581dd4624
killing ike2 SA: NordVPN 197.123.75.147[4500]-185.234.243.27[4500] spi:123459cda6fd67b1:123457e581dd4624
Notes:
- Using the same NordVPN server and credentials I can connect using IKEv2 from my Android device (using this tutorial: https://support.nordvpn.com/Connectivit ... ndroid.htm)
- The date and time is correct on the router
- RouterBoard: RB750Gr3
- RouterOS 7.5
The only hunch I have is that there are additional certificates that I have to import on the Mikrotik that is already present on my Android device (hence why it works there).
On the log I can see it is looking for "CN=NordVPN CA7", but the certificate provided by NordVPN is simply: "CN=NordVPN Root CA"
Any help would be greatly appreciated!