How to Configure & Use NordVPN on MikroTik

MikroTik routers can run VPN connections through the IKEv2 EAP protocol. But having RouterOS version 6.45 or later is mandatory as NordVPN won't work on older versions. However, you have to create an IKEv2 EAP VPN tunnel from your router to your preferred NordVPN server to secure your complete web connection. So, without further delay, let's learn how to set up and use NordVPN on MikroTik.

1. First, visit the NordVPN website.

2. Click the Grab the Deal button next.

3. Now, choose a VPN subscription on the upcoming screen and enter your payment details to complete your purchase.

4. Once done, wait for a confirmation on your subscription.

5. Next, open a terminal in your RouterOS settings.

6. Now, install the root CA certificate of NordVPN by entering the below command- 

/tool fetch url="https://downloads.nordcdn.com/certificates/root.der"
/certificate import file-name=root.der

7. After that, click here to get the hostname for the VPN server you want to connect to. 

8. Now, set up the IPsec tunnel by creating a Phase 1 profile and a separate Phase 2 proposal configuration- 

/ip ipsec profile
add name=NordVPN
/ip ipsec proposal
add name=NordVPN pfs-group=none

9. You have to create a new policy group and template now- 

/ip ipsec policy group add name=NordVPN
/ip ipsec policy add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes

10. Once done, create a new mode configuration entry with responder=no, which will request the configuration parameters from the NordVPN server-

/ip ipsec mode-config
add name=NordVPN responder=no

11. Set peer and identity configurations next and specify your NordVPN credentials under the username and password parameters- 

/ip ipsec peer
add address=nl125.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=YourNordVPNServiceUsername password=YourNordVPNServicePassword

12. You've to choose now what to send over the VPN tunnels; for that, first, use the below commands to create a new IP/Firewall/Address list- 

/ip firewall address-list
add address=YourLocalNetworkIP list=local

13. Next, assign this list to mode-config using the below commands-

/ip ipsec mode-config
set [ find name=NordVPN ] src-address-list=local

14. When done, verify the correct source NAT rule is generated dynamically in the presence of the IPsec tunnel by using the following command- 

/ip firewall nat print

That's all! Now you know how to configure and use NordVPN on MikroTik. Connect with us using the below button in case of any queries. Thanks for reading!