MikroTik routers can run VPN connections through the IKEv2 EAP protocol. But having RouterOS version 6.45 or later is mandatory as NordVPN won't work on older versions. However, you have to create an IKEv2 EAP VPN tunnel from your router to your preferred NordVPN server to secure your complete web connection. So, without further delay, let's learn how to set up and use NordVPN on MikroTik.
1. First, visit the NordVPN website.
2. Click the Grab the Deal button next.
3. Now, choose a VPN subscription on the upcoming screen and enter your payment details to complete your purchase.
4. Once done, wait for a confirmation on your subscription.
5. Next, open a terminal in your RouterOS settings.
6. Now, install the root CA certificate of NordVPN by entering the below command-
/tool fetch url="https://downloads.nordcdn.com/certificates/root.der" /certificate import file-name=root.der
7. After that, click here to get the hostname for the VPN server you want to connect to.
8. Now, set up the IPsec tunnel by creating a Phase 1 profile and a separate Phase 2 proposal configuration-
/ip ipsec profile add name=NordVPN /ip ipsec proposal add name=NordVPN pfs-group=none
9. You have to create a new policy group and template now-
/ip ipsec policy group add name=NordVPN /ip ipsec policy add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes
10. Once done, create a new mode configuration entry with responder=no, which will request the configuration parameters from the NordVPN server-
/ip ipsec mode-config add name=NordVPN responder=no
11. Set peer and identity configurations next and specify your NordVPN credentials under the username and password parameters-
/ip ipsec peer add address=nl125.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN /ip ipsec identity add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=YourNordVPNServiceUsername password=YourNordVPNServicePassword
Find your NordVPN service credentials from your online account dashboard under the Advanced tab.
12. You've to choose now what to send over the VPN tunnels; for that, first, use the below commands to create a new IP/Firewall/Address list-
/ip firewall address-list add address=YourLocalNetworkIP list=local
13. Next, assign this list to mode-config using the below commands-
/ip ipsec mode-config set [ find name=NordVPN ] src-address-list=local
14. When done, verify the correct source NAT rule is generated dynamically in the presence of the IPsec tunnel by using the following command-
/ip firewall nat print
That's all! Now you know how to configure and use NordVPN on MikroTik. Connect with us using the below button in case of any queries. Thanks for reading!