Community discussions

MUM Europe 2020

Search found 23 matches

by theprojectgroup
Thu Nov 14, 2019 10:59 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

I'm on the most current 6.45.7 this is my config: /ip ipsec profile add dh-group=modp2048 dpd-interval=1h enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h name=ikev2 /ip ipsec peer add exchange-mode=ike2 name=ikev2 passive=yes profile=ikev2 send-initial-contact=no /ip ipsec proposal add auth-...
by theprojectgroup
Thu Nov 14, 2019 10:24 am
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

no - except of changing to the new certificate ;) Did you change it?
Can you show screenshots of your certs?
Screenshot 2019-11-14 at 09.23.49.png
by theprojectgroup
Wed Oct 30, 2019 10:39 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

SOLVED: Thx to Emils Z. from support. He pointed out, that in iOS13 & macOS Catalina "Apple has added SAN certificate field verification and it fails in the new version because your certificates does not have any Subject Alt". I re-created both certificates for client & server with subject alternat...
by theprojectgroup
Wed Oct 23, 2019 6:53 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

Not yet - Emil from support suggested to check the certificate to include the subject alternative names of local and remote id which didn't help (i just tried it with the client certificate)
Screenshot 2019-10-23 at 17.52.16.png
by theprojectgroup
Tue Oct 22, 2019 10:14 am
Forum: General
Topic: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine
Replies: 151
Views: 39278

Re: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine

Thx for the howto run winbox64 !

Make sure to backup "/Users/your-user-name/.wine/drive_c/users/flo/Application Data/Mikrotik" to later restore it to keep your connections...
by theprojectgroup
Tue Oct 22, 2019 9:45 am
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

Just found the RFC wich mentions the truncate issue: https://tools.ietf.org/html/rfc8221 AUTH_HMAC_SHA2_256_128 was not mentioned in [RFC7321], as no SHA2-based authentication was mentioned. AUTH_HMAC_SHA2_256_128 MUST be implemented in order to replace AUTH_HMAC_SHA1_96. Note that due to a long sta...
by theprojectgroup
Mon Oct 21, 2019 11:11 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

I found and iPhone 12.4.2, released after 13. Last update. I am having the same issue. Can anyone confirm?

UPDATE: My fault it works. I had to add the "Local ID"
I am confused and can’t understand what you are saying. Please let us know what works and what not and how you probably fixed it.
by theprojectgroup
Mon Oct 21, 2019 9:53 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

confirmed, changing to different hash algorithm doesn't help.
by theprojectgroup
Mon Oct 21, 2019 5:38 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Re: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

Don't want to blame anyone... The tunnel seems to establish fine but iOS thinks it's an "User Authentication" error. Regarding to apple we need to "configure the server to truncate the output of the SHA-256 hash to 128 bits" on the MikroTik, but how? Emil is already on it (opened a ticket, support.r...
by theprojectgroup
Sun Oct 20, 2019 11:37 pm
Forum: General
Topic: Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]
Replies: 18
Views: 5021

Solved: iOS 13 & macOS Catalina IKEv2 VPN not working anymore [SOLVED]

Hey People, since iO13 or macOS Catalina IKEv2 VPN isn't working anymore (client certificates). While trying to connect you get this error: "User authentication failed" From the MikroTik logs everything looks fine (client gets an IP assigned). MacOS Mojave and iOS12 are still working fine. This thre...
by theprojectgroup
Fri Aug 30, 2019 6:18 pm
Forum: General
Topic: Can't get IPv6 Address via DHCP Client on MikroTik
Replies: 5
Views: 891

Re: Can't get IPv6 Address via DHCP Client on MikroTik

In my case my cable ISP doesn't allow bridge mode, so i must use the crappy modem/router of them. I use the mikrotik as vpn gateway, ssh server, etc. This is why I want it to have an ipv6 address.
Currently it's only reachable via ipv4 behind nat / dst-nat for ssh, ipsec, etc.
by theprojectgroup
Fri Aug 30, 2019 12:23 pm
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 42
Views: 24740

Re: IPv6 Ping does not work with domain names

This is real ? Still an issue!

Why not just implement a second ping command called ping6?
by theprojectgroup
Thu Aug 29, 2019 11:19 pm
Forum: General
Topic: Can't get IPv6 Address via DHCP Client on MikroTik
Replies: 5
Views: 891

Re: Can't get IPv6 Address via DHCP Client on MikroTik

If all you want is a IPv6 host address without PD to populate the pool, then you need to get rid of the pool configuration. That assumes that the cable modem/router is serving as the v6 dhcp server (which it appears to be based on the client screen shot). Hey, thx for the hint. I'm wondering how to...
by theprojectgroup
Thu Aug 29, 2019 4:50 pm
Forum: General
Topic: Can't get IPv6 Address via DHCP Client on MikroTik
Replies: 5
Views: 891

Can't get IPv6 Address via DHCP Client on MikroTik

Hey All, I can't get an IPv6 address on my MikroTik via DHCPv6 Client. My Setup at my home office is like this: Vodafone Germany Docsis 3.1 Cable ISP < > Arris Cable Modem/Router < SWITCH > Clients on LAN, WLAN, etc. and also the MikroTik is connected (Dual Stack, IPv4 and IPv6) Acts as normal Route...
by theprojectgroup
Fri Aug 16, 2019 12:24 am
Forum: General
Topic: Backup and Restore Certificates
Replies: 21
Views: 10254

Re: Backup and Restore Certificates

Is there a recommended way to backup and restore config including certs & keys?
by theprojectgroup
Fri Aug 16, 2019 12:22 am
Forum: General
Topic: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]
Replies: 5
Views: 3321

Re: IKE2 RSA signature - identity not found for peer: DER DN: [SOLVED]

Same here, disabling doesn't help.

The strange thing is, it works on iOS fine, but the windows client doesn't. Current RouterOS from today on CCR
by theprojectgroup
Fri Sep 14, 2018 12:29 pm
Forum: General
Topic: Bugreport: Split-include buggy for (at least) IKEv2 (6.40.2 current and 6.41rc18)
Replies: 12
Views: 2889

Re: Bugreport: Split-include buggy for (at least) IKEv2 (6.40.2 current and 6.41rc18)

Any progress here @mrz? You mentioned some improvements in the future.
I have the same issue here with CCR and current routerOS on Windows and macOS/iOS clients.
The only use the first subnet defined in mode-config > split-include. The other subnets for the split tunnel are ignored.
by theprojectgroup
Sat Sep 08, 2018 4:25 pm
Forum: General
Topic: OpenVPN client takes long to connect (up to 20 seconds)
Replies: 1
Views: 390

Re: OpenVPN client takes long to connect (up to 20 seconds)

What I can see from apple configurator default lifetime is 1440 minutes (24h, 1day). Setting peer & proposal doesn't help. What I found the connection stays longer connected when setting lifetime to 60 minutes in apple configurator vpn profile and also on the Mikrotik CCR-10161-12G. I will test this...
by theprojectgroup
Sat Sep 08, 2018 1:33 pm
Forum: Beginner Basics
Topic: IPsec-SA expired before finishing rekey [SOLVED]
Replies: 4
Views: 2452

Re: IPsec-SA expired before finishing rekey [SOLVED]

I have the same issue with IOS and MacOS (current build): 10:04:00 ipsec processing payload: KE (not found) 10:04:00 ipsec IPsec-SA established: IP_OF_CLIENT[4500]->IP_OF_VPN_Router[4500] spi=0xa37f177 10:04:00 ipsec IPsec-SA established: IP_OF_VPN_Router[4500]->IP_OF_CLIENT[4500] spi=0xb93a775 10:0...
by theprojectgroup
Fri Aug 31, 2018 10:28 am
Forum: General
Topic: OpenVPN client takes long to connect (up to 20 seconds)
Replies: 1
Views: 390

OpenVPN client takes long to connect (up to 20 seconds)

Hey All, I have an issue with OpenVPN as long I use it on MT routers. It takes up to 20 seconds (until the client says it's connected) to establish a connection from a Mac (tunnelblick or viscosity) or Windows client. It doesn't make a difference which MT model I use, no matter if it's a hexLite or ...
by theprojectgroup
Mon Mar 13, 2017 10:00 pm
Forum: General
Topic: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)
Replies: 134
Views: 28174

Re: Is re-ordering fixed yet with IPSec and hardware acceleration? (Updating thread)

Looking good here on CCR1016-12G, tested before and after the update :)

Site2Site IPIP Tunnel Spain (fibre 300mbits ISP: consumer) <-----------> Germany (fibre 100mbits ISP: m-net corp) with latency:60ms

SMB2 traffic:
speed.png