Community discussions

MikroTik App
  4. RouterOS
  5. General

IKEv2 to NordVPN

Post Reply
 
unk90
just joined
Topic Author
Posts: 4
Joined: Wed Jul 24, 2019 11:54 pm

IKEv2 to NordVPN

Thu Jul 25, 2019 12:21 am

Hello everyone

I followed these steps (https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS) for connecting my device to nordvpn but I am having issues.
I tried this both on a RB2011 and on a RB931 both having the same problem, the connection drops exactly after 24 seconds every time. I can see a new entry under "Active Peers" but it disappears after 24 seconds.

When I check the log I see these:
Code: Select all
Jul/25/2019 00:08:14 ipsec ike2 starting for: 85.159.237.23
Jul/25/2019 00:08:15 ipsec adding notify: NAT_DETECTION_DESTINATION_IP
Jul/25/2019 00:08:15 ipsec,debug => (size 0x1c)
Jul/25/2019 00:08:15 ipsec,debug 0000001c 00004005 ff53a8a8 2c31c927 52d5b78d a1bb724f 6ee3f4b6
Jul/25/2019 00:08:15 ipsec adding notify: NAT_DETECTION_SOURCE_IP
Jul/25/2019 00:08:15 ipsec,debug => (size 0x1c)
Jul/25/2019 00:08:15 ipsec,debug 0000001c 00004004 d7bcbdce 08b5503b 6266c182 dec38416 1778a03a
Jul/25/2019 00:08:15 ipsec adding payload: NONCE
Jul/25/2019 00:08:15 ipsec,debug => (size 0x1c)
Jul/25/2019 00:08:15 ipsec,debug 0000001c 7a4588d0 f9be183c 0f71a1f0 3d06be0e 72096596 1fa2dc70
Jul/25/2019 00:08:15 ipsec adding payload: KE
Jul/25/2019 00:08:15 ipsec,debug => (first 0x100 of 0x108)
Jul/25/2019 00:08:15 ipsec,debug 00000108 000e0000 a1309fe2 9dc4bd0e 2133c84d 792ccde0 c7e9e36a 81495601
Jul/25/2019 00:08:15 ipsec,debug ac9e3774 d24bedac 45c401a4 26a9b5e9 97c557e9 9505062c e0bd46a3 79b01a3c
Jul/25/2019 00:08:15 ipsec,debug af82e837 5ff34e85 c9fdb5fb d619b70f 6242442e 7e1a22bd 6ff8e280 16aa6feb
Jul/25/2019 00:08:15 ipsec,debug 6d8b4134 98948073 abaaff77 331795fb 13936c7e 4964aadd cb9c898d e8e21733
Jul/25/2019 00:08:15 ipsec,debug c51116a9 eb86d994 2f6bfbf0 e1b5c996 4127e00a 8c034590 1b7dc045 7ce12b9d
Jul/25/2019 00:08:15 ipsec,debug 77baefea 431940fc 8fa05cec 8336a89a 28e43d9b 928844eb 08ca2a85 07d48666
Jul/25/2019 00:08:15 ipsec,debug e37f6189 bf691379 43fd8877 3e79e34e 70eb23b5 a632102e ea0d4eca e930de8e
Jul/25/2019 00:08:15 ipsec,debug 1566eaef 82033e1e 11085f81 2a14bc51 539d1199 15ae79b5 b6b9d88f 5a4c3652
Jul/25/2019 00:08:15 ipsec adding payload: SA
Jul/25/2019 00:08:15 ipsec,debug => (size 0x40)
Jul/25/2019 00:08:15 ipsec,debug 00000040 0000003c 01010006 0300000c 0100000c 800e0080 03000008 01000003
Jul/25/2019 00:08:15 ipsec,debug 03000008 02000002 03000008 03000002 03000008 0400000e 00000008 04000002
Jul/25/2019 00:08:15 ipsec <- ike2 request, exchange: SA_INIT:0 85.159.237.23[4500]
Jul/25/2019 00:08:15 ipsec,debug ===== sending 440 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:15 ipsec,debug 1 times of 444 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:15 ipsec,debug ===== received 440 bytes from 85.159.237.23[4500] to 192.168.10.8[4500]
Jul/25/2019 00:08:15 ipsec -> ike2 reply, exchange: SA_INIT:0 85.159.237.23[4500]
Jul/25/2019 00:08:15 ipsec ike2 initialize recv
Jul/25/2019 00:08:15 ipsec payload seen: SA (48 bytes)
Jul/25/2019 00:08:15 ipsec payload seen: KE (264 bytes)
Jul/25/2019 00:08:15 ipsec payload seen: NONCE (36 bytes)
Jul/25/2019 00:08:15 ipsec payload seen: NOTIFY (28 bytes)
Jul/25/2019 00:08:15 ipsec payload seen: NOTIFY (28 bytes)
Jul/25/2019 00:08:15 ipsec payload seen: NOTIFY (8 bytes)
Jul/25/2019 00:08:15 ipsec processing payload: NONCE
Jul/25/2019 00:08:15 ipsec processing payload: SA
Jul/25/2019 00:08:15 ipsec IKE Protocol: IKE
Jul/25/2019 00:08:15 ipsec  proposal #1
Jul/25/2019 00:08:15 ipsec   enc: aes128-cbc
Jul/25/2019 00:08:15 ipsec   prf: hmac-sha1
Jul/25/2019 00:08:15 ipsec   auth: sha1
Jul/25/2019 00:08:15 ipsec   dh: modp2048
Jul/25/2019 00:08:15 ipsec matched proposal:
Jul/25/2019 00:08:15 ipsec  proposal #1
Jul/25/2019 00:08:15 ipsec   enc: aes128-cbc
Jul/25/2019 00:08:15 ipsec   prf: hmac-sha1
Jul/25/2019 00:08:15 ipsec   auth: sha1
Jul/25/2019 00:08:15 ipsec   dh: modp2048
Jul/25/2019 00:08:15 ipsec processing payload: KE
Jul/25/2019 00:08:16 ipsec,debug => shared secret (size 0x100)
Jul/25/2019 00:08:16 ipsec,debug ea0ab91a 5e3d971f 3253adf4 ef07cb9c f67afa03 0b201dcf a3fda937 01607c31
Jul/25/2019 00:08:16 ipsec,debug c18ce7ea a2c0dca4 30440637 4f2f5788 8590ab57 95eee08e 062a1d8b ef6ec315
Jul/25/2019 00:08:16 ipsec,debug 4200438e ce23e470 2ef2fb80 3098d01c ce58fa17 9bdf9fa3 fb4d108a 210a61c4
Jul/25/2019 00:08:16 ipsec,debug fecca544 2798e8cd 7c057c8d d12653f9 fb078805 efe4daf6 aa3c331a ee157b65
Jul/25/2019 00:08:16 ipsec,debug 017a6459 31a9f685 db57a391 b2bd04de 9ed7702b 614344cf f7718111 d81dfa7a
Jul/25/2019 00:08:16 ipsec,debug cceb4363 40d0d9f6 5605b03b dd358016 11d745f7 c98e793a a000fa5a e37c3801
Jul/25/2019 00:08:16 ipsec,debug 17ca60b2 c5d2df09 7b27ad2c d20dc323 a05357f4 79751cad 53261df4 1540a2fc
Jul/25/2019 00:08:16 ipsec,debug c0e8f044 8ee088e5 1d30b3b8 8ead4dda 891f1a99 967b3510 1e0d823c 5aa1d609
Jul/25/2019 00:08:16 ipsec,debug => skeyseed (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug 3be85217 a0e2fc2d d8554e4a aa279e21 e27ebddf
Jul/25/2019 00:08:16 ipsec,debug => keymat (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug 0b4dc2a0 01836fb4 33e44975 aa3c117d a614dd88
Jul/25/2019 00:08:16 ipsec,debug => SK_ai (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug 53662e5f ca94f0f4 a9c6446b 52b196e8 bd153d84
Jul/25/2019 00:08:16 ipsec,debug => SK_ar (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug 57da094d 940bfc55 b9434604 3ab15bc3 fc4e09f2
Jul/25/2019 00:08:16 ipsec,debug => SK_ei (size 0x10)
Jul/25/2019 00:08:16 ipsec,debug ff5342f1 a652df34 b545870a a27f8320
Jul/25/2019 00:08:16 ipsec,debug => SK_er (size 0x10)
Jul/25/2019 00:08:16 ipsec,debug 304bc7e8 aa0e6dc9 c48a9ad3 515ed1b9
Jul/25/2019 00:08:16 ipsec,debug => SK_pi (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug f8831ba3 acd000a6 db16a511 7c8f4f56 39a765a2
Jul/25/2019 00:08:16 ipsec,debug => SK_pr (size 0x14)
Jul/25/2019 00:08:16 ipsec,debug 651a56ad 8824edcc ceb68f11 858de65d 0c57f395
Jul/25/2019 00:08:16 ipsec,info new ike2 SA (I): 192.168.10.8[4500]-85.159.237.23[4500] spi:8584701bef72016b:f241ef67bc7b1f97
Jul/25/2019 00:08:16 ipsec processing payloads: NOTIFY
Jul/25/2019 00:08:16 ipsec   notify: NAT_DETECTION_SOURCE_IP
Jul/25/2019 00:08:16 ipsec   notify: NAT_DETECTION_DESTINATION_IP
Jul/25/2019 00:08:16 ipsec   notify: MULTIPLE_AUTH_SUPPORTED
Jul/25/2019 00:08:16 ipsec (NAT-T) LOCAL
Jul/25/2019 00:08:16 ipsec KA list add: 192.168.10.8[4500]->85.159.237.23[4500]
Jul/25/2019 00:08:16 ipsec init child
Jul/25/2019 00:08:16 ipsec init child continue
Jul/25/2019 00:08:16 ipsec offering proto: 3
Jul/25/2019 00:08:16 ipsec  proposal #1
Jul/25/2019 00:08:16 ipsec   enc: aes256-cbc
Jul/25/2019 00:08:16 ipsec   enc: aes192-cbc
Jul/25/2019 00:08:16 ipsec   enc: aes128-cbc
Jul/25/2019 00:08:16 ipsec   auth: sha1
Jul/25/2019 00:08:16 ipsec can't get local certificate from configuration
Jul/25/2019 00:08:16 ipsec ID_I (ADDR4): 192.168.10.8
Jul/25/2019 00:08:16 ipsec adding payload: ID_I
Jul/25/2019 00:08:16 ipsec,debug => (size 0xc)
Jul/25/2019 00:08:16 ipsec,debug 0000000c 01000000 c0a80a08
Jul/25/2019 00:08:16 ipsec adding notify: INITIAL_CONTACT
Jul/25/2019 00:08:16 ipsec,debug => (size 0x8)
Jul/25/2019 00:08:16 ipsec,debug 00000008 00004000
Jul/25/2019 00:08:16 ipsec adding payload: SA
Jul/25/2019 00:08:16 ipsec,debug => (size 0x44)
Jul/25/2019 00:08:16 ipsec,debug 00000044 00000040 01030405 0a24a62b 0300000c 0100000c 800e0100 0300000c
Jul/25/2019 00:08:16 ipsec,debug 0100000c 800e00c0 0300000c 0100000c 800e0080 03000008 03000002 00000008
Jul/25/2019 00:08:16 ipsec,debug 05000000
Jul/25/2019 00:08:16 ipsec initiator selector: 0.0.0.0/0
Jul/25/2019 00:08:16 ipsec adding payload: TS_I
Jul/25/2019 00:08:16 ipsec,debug => (size 0x18)
Jul/25/2019 00:08:16 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff
Jul/25/2019 00:08:16 ipsec responder selector: 0.0.0.0/0
Jul/25/2019 00:08:16 ipsec adding payload: TS_R
Jul/25/2019 00:08:16 ipsec,debug => (size 0x18)
Jul/25/2019 00:08:16 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff
Jul/25/2019 00:08:16 ipsec prepearing internal IPv4 address
Jul/25/2019 00:08:16 ipsec prepearing internal IPv4 netmask
Jul/25/2019 00:08:16 ipsec prepearing internal IPv6 subnet
Jul/25/2019 00:08:16 ipsec prepearing internal IPv4 DNS
Jul/25/2019 00:08:16 ipsec adding payload: CONFIG
Jul/25/2019 00:08:16 ipsec,debug => (size 0x2c)
Jul/25/2019 00:08:16 ipsec,debug 0000002c 01000000 00010004 00000000 00020004 00000000 000d0008 00000000
Jul/25/2019 00:08:16 ipsec,debug 00000000 00030004 00000000
Jul/25/2019 00:08:16 ipsec <- ike2 request, exchange: AUTH:1 85.159.237.23[4500]
Jul/25/2019 00:08:16 ipsec,debug ===== sending 444 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:16 ipsec,debug 1 times of 448 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:21 ipsec retransmit
Jul/25/2019 00:08:21 ipsec,debug ===== sending 444 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:21 ipsec,debug 1 times of 448 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:26 ipsec retransmit
Jul/25/2019 00:08:26 ipsec,debug ===== sending 444 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:26 ipsec,debug 1 times of 448 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:28 ipsec,debug KA: 192.168.10.8[4500]->85.159.237.23[4500]
Jul/25/2019 00:08:28 ipsec,debug 1 times of 1 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:31 ipsec retransmit
Jul/25/2019 00:08:31 ipsec,debug ===== sending 444 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:31 ipsec,debug 1 times of 448 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:36 ipsec retransmit
Jul/25/2019 00:08:36 ipsec,debug ===== sending 444 bytes from 192.168.10.8[4500] to 85.159.237.23[4500]
Jul/25/2019 00:08:36 ipsec,debug 1 times of 448 bytes message will be sent to 85.159.237.23[4500]
Jul/25/2019 00:08:41 ipsec max retransmit failures reached
Jul/25/2019 00:08:41 ipsec,info killing ike2 SA: 192.168.10.8[4500]-85.159.237.23[4500] spi:8584701bef72016b:f241ef67bc7b1f97
Jul/25/2019 00:08:41 ipsec KA remove: 192.168.10.8[4500]->85.159.237.23[4500]
Jul/25/2019 00:08:41 ipsec,debug KA tree dump: 192.168.10.8[4500]->85.159.237.23[4500] (in_use=1)
Jul/25/2019 00:08:41 ipsec,debug KA removing this one...



Here is my configuration
Code: Select all
# jul/25/2019 00:12:09 by RouterOS 6.45.2
# software id = 1EQB-TR9N
#
# model = RouterBOARD 931-2nD
# serial number = 7CBD08CD2C2B
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add name=NordVPN responder=no
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=nl125.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
add name=NordVPN pfs-group=none
/ip pool
add name=DHCP_wifi_pool ranges=10.0.0.10-10.0.0.20
/ip dhcp-server
add address-pool=DHCP_wifi_pool disabled=no interface=wlan1 name=DHCP_wifi
/ip address
add address=10.0.0.1/24 interface=wlan1 network=10.0.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8 gateway=10.0.0.1
/ip firewall nat
add action=masquerade chain=srcnat
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=\
    port-strict mode-config=NordVPN peer=NordVPN policy-template-group=\
    NordVPN username=xyz
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=\
    0.0.0.0/0 template=yes
/system logging
add action=disk disabled=yes topics=ipsec,!packet


any help will be appreciated
Regards
Top
 
pizzonia
just joined
Posts: 16
Joined: Mon May 06, 2013 8:16 pm

Re: IKEv2 to NordVPN

Sat Jul 27, 2019 11:57 am

I have problems with NordVPN and Mikrotik. I followed tutorial on wiki and NordVPN homepage but result is that my PC opens only google and rest internet not?? Any ideas?

Poslano sa mog SM-G965F koristeći Tapatalk

Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11343
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEv2 to NordVPN

Sat Jul 27, 2019 6:01 pm

I followed tutorial on wiki and NordVPN homepage but result is that my PC opens only google and rest internet not?? Any ideas?
This is a different kind of issue than the one in the OP, so please open a separate topic for it. And instead of just referring to tutorials, post the complete resulting configuration of your Tik, between [code] and [/code] tags, after obfuscating the personal info following the hint in my automatic signature below.
Top
Post Reply
  4. RouterOS
  5. General