Hi, I have a mikrotik with a WAN ethernet link, a LAN ethernet link and a WiFi interface. The LAN/Wifi are bridged and IKEv2 clients come in via the WAN interface. I have set up traffic flow to be sent to a collector: /ip traffic-flow> print enabled: yes interfaces: all cache-entries: 256k active-fl...

Make sure you specify "interim-update" parameter under '/ip ipsec settings'. This setting currently is CLI only.

You are correct, works fine when this is set to a non-zero value.


Sent from my iPad using Tapatalk

Do you have any specific needs or ideas what might be a good value to pass in NAS-Port-Id? Currently a hex value of the remote peer's ID is written there and as far as we can see, RFC is not very specific what should be written there. Perhaps, the specific Identity ID could be written there? The cu...

Does anyone know what the value passed in NAS-Port-Id means for IPSEC sessions? The documentation doesn't (yet?) cover IPSEC: NAS-Port-Id - async PPP - serial port name; PPPoE - ethernet interface name on which server is running; HotSpot - name of the physical HotSpot interface (if bridged, the brid...

I have just tested this and to be fair, it seems to work. Thanks for listening, i had given up hope.

Achelon

I know, this is so frustrating. I thought it might be fixed after a year.

Hi, As requested. though I don't think there is anything special about my config. The IKEv2 accounting thing is still not fixed as well after all this time. Here is it. Regards, Achelon /radius add address=<radius server IP> secret=Password service=ppp,login,hotspot,wireless,dhcp,ipsec timeout=3s /i...

OK, understood. That is a shame.

Regards,
Achelon

Hi, I have set up IKEv2 server running on my Mikrotik 6.40.1 with authentication done by EAP passthrough to a RADIUS server which works fine except that no RADIUS Accounting records are ever sent from the Mikrotik to the RADIUS server; I only see the Auth requests. I know accounting works because it...

Hi, My working IKEv2 config using RSA certs seems to be broken since rc72. Only 1 device can connect at a time now. When second device tries to connect (e.g. macOS,) device logs "Failed to process IKE Auth packet". Config hasn't changed from my old working one of: /ip ipsec mode-config set request-o...

I apologize if this has been answered before, but I spent about 10 hours already trying to make a working config... Does anyone have a working IKEv2 for road warriors config that I could borrow as my starting point? I'm using ROS v6.38. Hamster, No need to apologise. It has taken me ages to get an ...

Modeconf is needed to give out ip addresses and send DNS to the iphone. I can access by IP, but can't use DNS names from remote network :( /ip ipsec mode-conf add name=cfg1 system-dns=yes address-pool=rw-pool address-prefix=32 /ip dns in this section I have correct DNS servers from my internal netw...

Hello, I am struggling to get IPv6 work with my L2TP server and I was hoping someone could advise. I have a network with a router running Mikrotik version 6.35. IPv6 functions correctly within the network using SLAAC addresses. My L2TP clients connect successfully but only ever receive a link local ...

Hi, I am configuring a VPN server using IPSEC/L2TP. The setup works fine with the exception that PFS does not appear to work - The generated security associations of an established vpn connection do not have the P flag set e.g.: Flags: A - AH, E - ESP, P - pfs 0 E spi=0x89A099A src-address=X.X.X.X d...