Vigor routers can establish a VPN tunnel to NordVPN with IKEv2 EAP protocol. Refer to this article for more information.
In some cases, the VPN canott be connected to NordVPN when “Allow pass inbound fragmented …” is disabled.
According to the captured packets, NordVPN sends large packets with the size of 2760, which need to be fragmented.
When “Allow pass inbound fragmented large packets (required for certain games and streaming)” is unchecked on Firewall General Setup, the fragmented packets must be reassembled before it’s processed. The largest size that can be handled by a Vigor router is 2282. Any larger packets (from NordVPN) will be dropped. Resulting in failure to establist the VPN tunnel.
When you encounter the same issue check the syslogs for the following entry:
“2019-09-02 09:00:23”, “## IKEv2 DBG : Out CP : request new virtual ip ”
“2019-09-02 09:00:35”, “[IPSEC][L2L][1:NordVPN][@188.8.131.52] IKE link timeout: state linking”
“2019-09-02 09:00:35”, “## IKEv2 DBG : INFORMATIONAL OUT : Sending IKEv2 Delete IKE SA request, deleting #138688”
Check if “Allow pass inbound fragmented large packets (required for certain games and streaming)” is enabled on [Firewall] > [General Setup] page.
If the problem still persists, capture the syslogs logs and forward to firstname.lastname@example.org for analysis.