Anyone has working IKEv2 vpn server on Mikrotik with ROS 6.40+?

Hello,

does anyone have working IKEv2 vpn server running on ROS 6.40+, working with windows and mac? If yes, can you please post your config and ROS version?

EAP is not possible for server, only for client (6.45.6, throws error “Only EAP client supported”).
Certificates don’t work or have issues on ROS 6.40+, with errors “unable to get local issuer certificate” and “local issuer certificate depth 0”, Downgrade to 6.39.3 solves this.
Mikrotik has changed IKEv2 heavily, the old examples don’t work (Road Warrion IKEv2 one) refer to non-existing fields or values, even just value names
are just changed to make a huge mess (rsa signature in 6.44.5 is digital signature in 6.45.6 etc)…

I’m fine with both EAP or certificates, as long as it works on both pc and mac.

edit - there are many unanswered posts regarding this, like
http://forum.mikrotik.com/t/ipsec-unable-to-get-local-issuer-certificate/127920/1
http://forum.mikrotik.com/t/vpn-with-rsa-sig-and-ikev2-issues-with-windows-7-client/133882/1

but some also state it works for them
http://forum.mikrotik.com/t/road-warrior-remote-access-using-ipsec-ikev2-with-cert-authorization-for-multiple-users/128124/1


thank you

It is a mess if you are using old and insecure versions (6.39.3 is already 2 years old). Upgrade to the latest stable version and almost all Wiki examples will work or perhaps the issue is somewhere else.

https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication

For EAP, you will have to have RADIUS server with EAP support, then you can use IKEv2 in RouterOS as responder.

Instead of asking others for their configuration, post yours and IPsec debug logs when running at least the latest long-term version.