IKEv2 - Win10 Select Certificate Multiple VPN tunels

huntah · June 13, 2018, 1:18pm

Hi,

I have IKEv2 with cert up and running. Everrthig is working as it should but I have a problem on Win10 1803 machines (maybe also other Win versions).
The config is based on:
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication

I manage multiple clients and all of the have IKEv2 VPN with certs.
My Win10 client sends the wrong certificate to different VPN Servers. How can I select which cert to use (like on IPAD od Strongswan).
The certs are imported in machine store.. But How can I select which one to use.
Anybody else expirienced and solved this problem?

Regards
Huntah

huntah · June 15, 2018, 6:00pm

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.

Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'

Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

akarpas · June 12, 2019, 10:35am

R1CH:

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

Could you or someone explain more as this is didnt work for me

huntah · June 12, 2019, 10:58am

What was the error?
You need PowerShell and not CMD.
It wont work if you have the same CA. I havent tried to specify which cert to use with the same CA (Certificate Authority).

This is useful if you have multiple IKEv2 VPN clients on different locations. And all the servers have different CA.

akarpas · June 12, 2019, 11:31am

R1CH:
Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!
Could you or someone explain more as this is didnt work for me

sorted out all works thank you

greek · August 1, 2019, 10:30pm

Tell me please, how to do it for Win7 Pro ?

Retral · February 13, 2020, 5:45pm

R1CH:

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

Thank you sir. That works very well.

mrkacg · May 16, 2021, 12:47pm

Hello, I have the same question