Hi,
I have created a certificate and a VPN server on my mikrotik router based on this tutorial:
https://jcutrer.com/howto/networking/mikrotik/ios-ikev2-vpn-mikrotik
I had to modify the tutorial a bit with a help of several forums, since Router OS changed meanwhile. I also used different certificate creation based on some forum post.
My problem is, that in iOS and macOS connecting to the VPN with these certs works like a charm, but not on windows. When I try to connect to the router on windows I get the following error on the router’s log:
<ipsec,error identity not found for peer: DER DN: CN=vpn.client,C=HU,ST=state,L=locality,O=xx,OU=organization-unit,SN
I suppose the client cert needs to contain some other stuff for windows, but I do not know. Could someone help me, what could be the issue here?
My certification creation code is here:
# Certificate Authority
/certificate add name=my.ca common-name=my.ca key-usage=key-cert-sign,crl-sign trusted=yes
/certificate sign my.ca
# Server cert
/certificate add name=vpn.server common-name=vpn.server country=HU days-valid=365 key-size=2048 locality=locality organization=xx state=state trusted=yes unit=organization-unit subject-alt-name=DNS:vpn.server
/certificate sign vpn.server ca=my.ca
/certificate set trusted=yes vpn.server
# Client cert
/certificate add name=vpn.client common-name=vpn.client country=HU days-valid=365 key-size=2048 locality=locality organization=xx state=state trusted=yes unit=organization-unit subject-alt-name=DNS:vpn.client
/certificate sign vpn.client ca=my.ca
/certificate set trusted=yes vpn.client
# Exporting the two cert
/certificate export-certificate my.ca
/certificate export-certificate vpn.client export-passphrase=blablabla type=pkcs12
