I’m learning Router OS, in order to put a RB1100AHx2 in production. At the moment sinking my teeth in IPSEC. To keep things simple I use export/import a lot. Much easier to save a known good state, and to revert to it, than trying to undo the last mistake.
Now I’m setting up a RSA Hybrid server. It works already, and I connect using my OpenSSL made certificates. And the restore is when things get weird.
Consider the following export line:
add address=0.0.0.0/0 auth-method=rsa-signature-hybrid comment=RSA dpd-interval=1m enc-algorithm=aes-128,3des,des generate-policy=port-strict hash-algorithm=md5 local-address=0.0.0.0 mode-config=RW-cfg passive=yes policy-template-group=rsa remote-certificate=paternot.crt_0
- Compare it with the screenshot I sent. Shouldn’t the certificate “mikrotik.crt_0” appear in the export line?
\ - When I erase all IPSEC configs, and try to do a restore, it fails - exactly on this line. The error message is: “failure: certificate not set”. If I erase this line from the backup file, the restore works. Of course, I have to reenter this line info by hand.
I included the export of /ip ipsec peers, where You can see the line does not mention the “mikrotik.crt_0” file.
I also included the export of “/certificate”.
So. Did I do something wrong? Or it is really a bug? Nevermind the passwords in the file: this is a test setup.
Thanks in advance,
mikrotik_bug.rsc (533 Bytes)
export_certificate.txt (510 Bytes)