Hi,
I have running IPSEC VPN server with iOS RoadWarrior clients connected and it works like a charm.
Now I have to add crap called Windows Mobile 8.1 to the family. This OS supports only IKEv2 and L2TP/IPsec.
It looks like iOS and WM can connect only with very specific dh-group setting.
Since I have no idea about source IP address of connection my /ip ipsec peer have address=0.0.0.0/0
iOS works when peer dh-group=modp1024 and Windows Mobile is working when dh-group=modp2048.
Can I have somehow different peer settings for each type of devices ? I can’t filter them by source IP since those are not static tunnels.
I tried two peers - both iOS and WM can’t connect.
With single peer:
- dh-mode 1024 → iOS OK, WM NG,
- dh-mode 2048 → iOS NG, WM OK
/ip ipsec> peer pr
Flags: X - disabled, D - dynamic
0 address=0.0.0.0/0 local-address=:: passive=no port=500 auth-method=pre-shared-key secret="XXXXX" generate-policy=port-override policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-128,aes-256 dh-group=modp1024 lifetime=8h dpd-interval=2m dpd-maximum-failures=5
1 X address=0.0.0.0/0 local-address=:: passive=no port=500 auth-method=pre-shared-key secret="XXXXX" generate-policy=port-override policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-128,aes-256 dh-group=modp2048 lifetime=2h dpd-interval=2m dpd-maximum-failures=5
Any idea how to make this running ??
ROS: 6.33.3