I’ve been struggling with getting this to work for the past couple of days, despite using some reference configs from this forum and from the wiki, but still can’t a VPN up — so I thought I’d ask for help here.
The desired config is an IKEv2 VPN server on the Mikrotik router, for road warriors with iOS/macOS devices.
- the Mikrotik is sitting behind an Ubiquiti EdgeRouter, which gets a dynamic WAN IP. I would like to keep that Ubiquiti ER, therefore really only using the Mikrotik as a pure VPN server to be reached from the WAN.
- I have a DDNS service so the WAN IP address is reachable through DNS resolution. Let’s call it ‘domain.co’.
- The ER routes internal traffic to the LAN1, configured as 192.168.1.0/24
- The ER is connected to a switch for LAN1 connectivity; the Mikrotik router is connected to that switch and gets a static lease 192.168.1.212
- I always start with the stock Mikrotik config (currently on v6.40.4), which means another NAT on its own LAN2 (192.168.88.0/24). I don’t need that extra LAN2, but can leave it as is if that makes the config easier
I followed these steps (which are pretty similar to the official Wiki, with a bit more details).
- cert creation is OK
- I substituted the example 192.168.223.2 by the Mikrotik router’s own IP address 192.168.1.212
- VPN IP address pool set as 192.168.33.2-192.168.33.200, and also reflected in dst-address parameter
I first start testing from a device on the LAN1, with the VPN server set to 192.168.1.212 (aligned with the server cert). But even that step doesn’t work and the VPN tunnel doesn’t come up (and no visible logs on the RouterOS interface).
Is there something I should be doing differently here? I’ve been trying all sorts of different combinations, to no avail. I’d welcome any pointers!