This tutorial is officially written by Mikrotik. You can find the original tutorial here.
Since firmware version v6.45, Mikrotik routers support dialing out an IKEv2 EAP VPN tunnel to a NordVPN server. This tutorial explains how you can create an IKEv2 EAP VPN tunnel from Mikrotik router to a NordVPN server.
/tool fetch url="https://downloads.nordvpn.com/certificates/root.der"
/certificate import file-name=root.der
/ip ipsec profile
add name=NordVPN
/ip ipsec proposal
add name=NordVPN pfs-group=none
While it is possible to use the default policy template for policy generation, it is better to create a new policy group and template to separate this configuration from any other IPsec configuration.
/ip ipsec policy group
add name=NordVPN
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes
/ip ipsec mode-config
add name=NordVPN responder=no
/ip ipsec peer
add address=nl125.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=YourNordVPNUsername password=YourNordVPNPassword
/ip firewall address-list
add address=10.5.8.0/24 list=local
Assign newly created IP/Firewall/Address list to mode config configuration:
/ip ipsec mode-config
set [ find name=NordVPN ] src-address-list=local
/ip firewall nat print