Good day,
I’m sorry if all of this was answer before, I didn’t find anything about this in the forum or internet (I think internet lacks information about this)
At the moment we have some clients with VPN using PSK, we want to change it to use certificates, but we still have some questions that I hope some of you can answer:
-
Can users to authenticate with his own data, so that when an user leaves, it can be deleted (by deleting its authentication information) without other users data need to be adjusted? (With PSK if one user leaves, we need to change the PSK and adjust it in everyuser)
-
In case XAuth only works with PSK, is possible to build a VPN connection only with PSK? Would this have security issues?
-
Is it possible to use XAuth with Windows or we need a VPN-Client?
-
Is it possible to specify different IPSec parameters, depending on the used terminal (mode-cfg)? For example an iphone needs different encryption algorithms than Windows.
-
Is there a way to import in Mikrotik PKCS12 certificates? Or to export it? I was able to export certificates from mikrotik and import them in XCA application in windows. But I couldn’t export them in PKCS12, (when I create certificates in XCA I can export them as PKCS12)
thanks,
have a nice day