I am attempting to configure IKEv2 following the road warrior config in the wiki.
Here is my config:
Code: Select all
/ip pool
add name=VPN ranges=192.168.71.0/24
/ip ipsec mode-config
add address-pool=VPN address-prefix-length=24 name=vpn
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=vpn pfs-group=modp2048
/ip ipsec peer
add address=0.0.0.0/0 auth-method=rsa-signature certificate=server1 dh-group=modp2048 enc-algorithm=aes-256 exchange-mode=ike2 \
generate-policy=port-strict hash-algorithm=sha256 mode-config=vpn my-id=address:x.x.x.x passive=yes
/ip ipsec policy
set 0 dst-address=192.167.71.0/24 proposal=vpn src-address=0.0.0.0/0
When connecting, I get the following messages in the log:
Code: Select all
new ike2 SA (R): x.x.x.x[500]-x.x.x.x[1011] spi:96afff1c45f978d5:eee52cf155d61186
EAP not configured
killing ike2 SA: x.x.x.x[4500]-x.x.x.x[64916] spi:96afff1c45f978d5:eee52cf155d61186