Hello.
I have windows cisco systems vpn-client with username/password auth to remote network. Via this client IPSec-tunnel is working correctly. I need to create tunnel from mikrotik rb1100 router.
I cant find info this from wiki. Plesse let me know, where I should set login/password parameters. In ipsec-peers I cant find these fields.
Thank you.
Regards, Mar
Hello,
IPsec Server Config
At first we need a pool from which RoadWarrior will will get an address. Typically in office you set up DHCP server for local workstations, the same DHCP pool can be used.
/ip pool add name=ipsec-RW ranges=192.168.77.2-192.168.77.254
Next we need to set up what settings to send to the client using Mode Conf.
/ip ipsec mode-config add address-pool=ipsec-RW name=RW-cfg split-include=10.5.8.0/24,192.168.55.0/24
As you can see we specified from which pool to give out address and two allowed subnets.
Now to allow only specific source/destination address in generated policies we will use policy group and create policy templates:
/ip ipsec policy group add name=RoadWarrior
/ip ipsec policy add dst-address=192.168.77.0/24 group=RoadWarrior src-address=10.5.8.0/24 template=yes
add dst-address=192.168.77.0/24 group=RoadWarrior src-address=192.168.55.0/24 template=yes
Now we just add xauth users and peer with enabled Mode Conf and policy group.
/ip ipsec user
add name=user1 password=123
add name=user2 password=234
/ip ipsec peer add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg policy-template-group=RoadWarrior secret=123 passive=yes
Thank you for detail info. I’l try to realized it the next week.