Page 1 of 1

IKEV2 - problem to connect - identity not found for peer

Posted: Wed Jun 24, 2020 9:37 am
by cais

i set IKEv2 vpn server on mikrotik RB2011. But i cant connect with window or with mac.
Everytme i got error "Identity not foun for peer: FQDN:client.vpn.ikev2

Do you know where is my mistake? Thank you for help

# jun/24/2020 08:34:53 by RouterOS 6.46.4
# software id = 8DG7-UNSH
# model = 2011UiAS
# serial number = B9180AC59CAC
/ip ipsec mode-config
add address-pool=VPN-IKEv2-POOL address-prefix-length=32 name="VPN IKEv2" \
split-include= static-dns=x.x.x.x, system-dns=no
/ip ipsec policy group
add name="IKEv2 Group policy"
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name="IKEv2 Profile"
/ip ipsec peer
add exchange-mode=ike2 local-address=x.x.x.x name=IKEv2 passive=yes \
profile="IKEv2 Profile"
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr,a\
es-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
lifetime=8h name=ikev2-proposal pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=vpn.ikev2 generate-policy=\
port-strict match-by=certificate mode-config="VPN IKEv2" my-id=\
address:x.x.x.x peer=IKEv2 policy-template-group="IKEv2 Group policy" \
remote-certificate=client.vpn.ikev2 remote-id=user-fqdn:client.vpn.ikev2
/ip ipsec policy
add dst-address= group="IKEv2 Group policy" proposal=\
ikev2-proposal src-address= template=yes