Closing the topic for now.Current state of GUI (WebFig and Winbox) are not completely up to date in RouterOS v7. Report only issues visible in console.
What's new in 6.45beta45 (2019-May-13 09:22):
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
/interface dot1x server
Please send a supout.rif file from your router to firstname.lastname@example.orgIPSec configuration completely lost after the update! All profiles 'unknown'. It was neccesary downgrade and restore backup previously done! Major bug! Be careful with this before name a version "stable", please!!!
RADIUS accounting has been implemented. Please let us know if you have any feedback or issues with it.What's new in 6.45beta16 (2019-Mar-18 07:49):
Changes in this release:
*) ipsec - added support for RADIUS accounting;
Could you please send us the supout.rif file from the router?I upgraded from 6.43.12 and had two IPsec peers with RSA key auth. After upgrading to 6.44rc1, only one of the two peers was added to the new ipsec identities tab. I had to recreate the other to bring it up again.
/ip ipsec proposal print Flags: X - disabled, * - default 0 * name="default" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=modp1024
Pre-shared key with XAuth was never really supported in IKEv2. Also IKEv2 rfc does not acknowledge XAuth as an authentication method.Hi,
What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
Can you post some screenshots of your peer menu?I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
The router could have rebooted due to kernel failure in some rare occasions.I ask myself what issues my cAP ac devices have? Can you please give some more information about it?
Current implementation allow only include this data into test connection, but waiting for it impacts results, we need to implement data collection as separate connection to get this working, it is in our to-do list.Why there are no tcp-download "remote-cpu-load"?
Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?