I just upgraded to 6.43 and my ipsec peers are now giving me the warning:
“Unsafe configuration, suggestion to use certificates”
Is there a way around this when using a pre-shared key, or do we now need to use certificates to get rid of this message?
Thanks.
This is informative message so that you know potential risk of using PSK.
Any detailed wiki page on how to use certificates on ipsec please ?
As there are quite limited options to automate certificate operations at MikroTik (be it Let’s Encrypt or other) I would like to ask, what is so unsafe with IPsec using PSK in case the key is >64 characters long, both sides have static IP, ipsec mode works in main mode (also ipsec connections from untrusted IPs, are not accepted)?