Hi,
so before resorting to using the beta of routeros, I wanted to give IPsec a try.
@erkexzcx
Thank your very much for writing your guides.
They are very good.
I sort of frankensteined them together.
I used this one to setup RouterOS in the cloud and then connect my router at home to that CHR:
http://forum.mikrotik.com/t/mikrotik-behind-nat-to-mikrotik-ipsec-ike2-with-certs-tunnel-eoip/144952/1
I also used the steps from that guide to generate the config for another client (my notebook).
Then I looked into this guide, to setup strongswan on Linux:
http://forum.mikrotik.com/t/mikrotik-behind-nat-to-mikrotik-ipsec-ike2-with-certs-tunnel-eoip/144952/1
And that is where I am failing right now.
My notebook does not want to connect to the vpn. My router at home connects just fine and can reach the CHR via the VPN-IPs.
The log of network-manager gives me the following error:
11[IKE] failed to establish CHILD_SA, keeping IKE_SA
This happens after the authentication is successful.
In the logs of the CHR I can see this:
ipsec,error no policy found/generated
Any idea what is going wrong there?