Hi,
i have a working IPSEC Tunnel between 2 Mikrotik behind a Router with Port Forwarding.
How must i change config to add an Android Client?
a.a.a.a = Site A Public IP
b.b.b.b = Site B Public IP
192.168.1.0 = Site A Local
192.168.10.0 = Site B local
I see this Error in SiteB Log: “no IKEV1 Peer Config for x.x.x.x”
Here´s the config:
SiteA
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256 hash-algorithm=sha512 name=\
secure-profile
/ip ipsec peer
add address=b.b.b.b/32 comment=vpn01 name=vpn01 profile=secure-profile
/ip ipsec proposal
add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=secure-proposal \
pfs-group=modp4096
/ip ipsec identity
add auth-method=pre-shared-key-xauth comment=vpn01 generate-policy=\
port-strict peer=vpn01 secret=")>xxx<" xauth-login=vpnuser \
xauth-password=xxx
/ip ipsec policy
add comment=vpn01 dst-address=192.168.10.0/24 proposal=secure-proposal \
sa-dst-address=b.b.b.b sa-src-address=0.0.0.0 src-address=\
192.168.1.0/24 tunnel=yes
SiteB (Passive)
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256 hash-algorithm=sha512 name=\
secure-profile
/ip ipsec peer
add address=a.a.a.a/32 comment=vpn01 name=vpn01 passive=yes profile=\
secure-profile send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha512,sha1 enc-algorithms=aes-256-cbc name=\
secure-proposal pfs-group=modp4096
/ip ipsec identity
add auth-method=pre-shared-key-xauth comment=test generate-policy=port-strict \
peer=vpn01 secret=")>xxx<" xauth-login=mike xauth-password=\
xxx
add auth-method=pre-shared-key-xauth comment=vpn01 generate-policy=\
port-strict peer=vpn01 secret=")>xxx<" xauth-login=vpnuser \
xauth-password=xxx
/ip ipsec policy
add comment=vpn01 dst-address=192.168.1.0/24 proposal=secure-proposal \
sa-dst-address=a.a.a.a sa-src-address=0.0.0.0 src-address=\
192.168.10.0/24 tunnel=yes