Hi, I’m in dead end. I got MK with L2TP/IPSec VPN with rsa authorization .. It works fine with Android device. Bud I’m unable connect with Windows client.
- I downloaded cert CA and User
- merge it with openssl
- import it.
But it not works, on android I can select certificate. But on windows it do not prompt me to select certificate so I know problem in windows somewhere or at way how I generated certificates, or import it.
Certificates was generated by IPSet tutorial from Mikrotik wiki ( From Ikev2 RSA) https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_Ikev2_RSA_auth
My config:
# sep/08/2017 12:59:13 by RouterOS 6.40.3
# software id = HHJ5-08K2
#
# model = RouterBOARD 750G r3
# serial number = 6F3806AED257
/interface bridge
add arp=proxy-arp name=bridge_local
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.50
add name=pool_vpn ranges=192.168.88.51-192.168.88.60
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge_local name=defconf
/ppp profile
add bridge=bridge_local local-address=192.168.88.2 name=vpn_profile_L2TP \
remote-address=pool_vpn
/interface bridge port
add bridge=bridge_local interface=ether2-master
/interface l2tp-server server
set default-profile=default enabled=yes ipsec-secret=123456789
/interface list member
add comment=defconf interface=ether2-master list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
add address=109.105.43.202/27 interface=ether1 network=109.105.43.192
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 disabled=yes generate-policy=\
port-override secret=123456789
add address=0.0.0.0/0 auth-method=rsa-signature certificate=server1 comment=\
"with cert" dh-group=modp1024 generate-policy=port-override
/ip route
add distance=1 gateway=109.105.43.193
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ppp secret
add name=user1 password=user1 profile=vpn_profile_L2TP
/system clock
set time-zone-name=Europe/Prague
/system logging
add topics=ipsec,!debug
add topics=l2tp
/system ntp client
set enabled=yes primary-ntp=216.239.35.8
/system routerboard mode-button
set enabled=no on-event=""
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
Certificates at mikrotik:
Certificates at windows:
Windows vpn conf:
Log at moment when connection is made from windows:
Do you have some idea ? What is wrong ?