Community discussions

MikroTik App

Search found 7 matches

by Normie
Sun Nov 17, 2019 3:32 pm
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

Did you mean that row will not work if MT acting as responder? Yes, that's what I had in mind. The value of my-id is used as the ID the local peer sends to the remote one to identify itself, the values of remote-id of the individual identity rows are matched to the ID provided by the remote peer in...
by Normie
Sun Nov 17, 2019 3:08 pm
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

@td32, I assume you had in mind to set, in the /ip ipsec identity row at the Mikrotik serving as initiator (client), my-id=key-id:the-group-ID . So this addresses the OP. Do you also have an idea how to make the embedded Windows client use the groupID in L2TP/IPsec mode as @Normie requires? Did you...
by Normie
Sun Nov 17, 2019 3:06 pm
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

set this
my-id=key-id
my-id=groupID
Thanks, will try. It may be solution for mac clients.
For win-clients you right - windows embedded l2tp/ipsec client not working with tunnel groups, sad but true.

It's time to switch to ikev2 :)
by Normie
Tue Nov 05, 2019 12:31 pm
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

It’s a pity that professional MT doesn’t do the same thing that home zyxel keenetic can do (although it has huge problems in implementing ikev2) or xiaomi. I really need different shared secrets, because groups of remote users should not know absolutely nothing about each other. Then the best option...
by Normie
Sun Nov 03, 2019 1:08 am
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

it’s impossible to set ipsec identities with different shared secrets on same peer, and if you setting up Road Warrior scheme (with ip-undefined remote users and MT as responder) you have 1 “universal” peer with address ::/0, so, you can’t set different secrets for grouping remote peers The above u...
by Normie
Fri Nov 01, 2019 2:06 am
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 2020

Re: IPSec - pre-shared-key-xauth with GroupName

Looks like it’s not possible, even with “pure” IPSec XAuth nor L2TP/IPSec, unfortunately. IPSec’s implementation is vendor-specific and MT’s version don’t have “group name” parameter, so leave it blank on client side, or it will not work. Also, it’s impossible to set ipsec identities with different ...
by Normie
Sun Oct 13, 2019 4:48 am
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 18
Views: 9029

Re: Mikrotik "Internet detect" problem

Hello all.

Still not work, ROS 6.45.6, RB4011, 1 WAN interface with DHCP-client ensbled, uplink to radio-bridge to ISP router, 2 LANs.