A bit non-Mikrotik question, but I can’t understand why my Windows 10 PC is not using a correct certificate when connecting to my Mikrotik router.
I have 2 identical Mikrotik routers at 2 different locations. They both have public IP and that’s pretty great since once I get something to work on any router, I can “duplicate” config on another router. On one of the routers I managed to get IKE2 VPN working, setup Windows 10 VPN profile and everything works great.
Now I decided to setup IKE2 VPN server on second router. I’ve done the exact same steps and tested using Linux laptop - everything works great. However, Windows 10 does not connect because it attempts to use first router’s client certificate instead of the second router’s… Question - how do I specify (or help Windows 10 decide) which certificate Windows should use for certain profile?
Note that I am using digital-signature (aka certificates) authentication method.
In Mikrotik logs I get this:
identity not found for peer: DER DN: My client
It’s because it’s first router’s client certificate, not the second router’s client certificate. How do I choose which certificate to use for certain profile? Linux right away gives option to set CA, certificate and private key, but that’s not seem to be possible with Windows OS…