I believe that there are some members would like to know how to set up RouterOS using IKEv2 with RSA authentication to work with iOS devices (iPhone or iPad). After the IPSec connection in IKEv2 mode, they would like the iOS devices is not only able to connect the remote network but also direct all the iOS device traffic to the remote gateway (RouterOS IKEv2 server).
In general we follow the link [1] to configure the RouterOS using IKEv2 with RSA authentication for iOS clients without too much problem. We are able to connect the remove network using the fixed IP method. However, if you want to browse not-fixed IP sites (not belonging to the remote network devices), for instance www.facebook.com, it will fail. It is because the DNS issue of iOS devices, which uses the local DNS [2] (in Chinese). In order to resolve this issue, you have to reset the DNS server to the remote end gateway (RouterOS IKEv2 server).
After the DNS modification, you are able to browse non-ip websites via the remote gateway. A member named gfx86674 of www.telecom-cafe.com presented a complete installation method on RouterOS and the settings on the member’s iPhone [3] (in Chinese).
Should need more information, please let me know by forwarding the message to the telecom-cafe forum.
YH
References:
[1] https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication
[2] http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&ptid=7124&pid=44408
[3] http://www.telecom-cafe.com/forum/viewthread.php?tid=7126