Community discussions

MikroTik App
 
mike6715b
newbie
Topic Author
Posts: 34
Joined: Wed Feb 17, 2021 9:07 pm

IKEV2 IPsec VPN not connecting

Mon Jul 19, 2021 11:39 pm

Hello,

I have been following this guide on creating a site to site encrypted connection with 2 mikrotiks.
https://mum.mikrotik.com/presentations/ ... 420263.pdf

Server is made to give out locally: 10.20.1.0/24
Client is made to give locally: 10.20.2.0/24

VPN pool is: 10.20.10.0/24

Server Mikrotik IP: 10.20.0.210/24
Client Mikrotik IP: 10.20.0.220/24

I have setup 2 mikrotiks in VMs. Both have 2 interfaces. First is a External Network interface and the other is Private Network Interface (Running in Hyper-V)
I wanted to make so the External Interface would be something like internet and Private interface would be the network only between virtual machines.
I also setup 2 Windows 10 VMs where each is connected to one mikrotik over the Private Network Interface. I have internet on both Windows VMs.

I followed the guide and watched the presentation and am just wondering what step am i missing or what am i doing wrong. In the logs of server mikrotik it constantly says:
new ike2 SA (R): 10.20.0.210[4500]-10.20.0.220[4500] 
killing ike2 SA: 10.20.0.210[4500]-10.20.0.220[4500] 
On client mikrotik no logs are printed.

Note that this is a test environment on my PC to first learn how to do this before deploying it.

Mikrotik exports included:
server.cfg.rsc
client.cfg.rsc
You do not have the required permissions to view the files attached to this post.
 
tangent
Forum Guru
Forum Guru
Posts: 1330
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: IKEV2 IPsec VPN not connecting

Tue Jul 20, 2021 2:34 am

Since it seems to be getting stuck in Phase 1, I'd look to the certificates on both sides.

Did you export as PKCS12 as recommended, not the default PEM format? You can make it work both ways, but PEM lets you export only the public half of the key, which will fail here since the client needs both halves of the key generated by the server, if you're following the presentation as given.

Also, since you're using Hyper-V, I'd double-check that both VMs are peers on the same virtual network. Hyper-V bridging is a royal PITA in my experience. Getting it configured properly and then keeping it configured while you use the machine on various real networks is fiddly and easily broken. I've found pretty much every other desktop-oriented VM system (VMware, Parallels, VirtualBox...) easier to manage in this regard.
 
mike6715b
newbie
Topic Author
Posts: 34
Joined: Wed Feb 17, 2021 9:07 pm

Re: IKEV2 IPsec VPN not connecting

Tue Jul 20, 2021 9:23 am

Yes i have exported the client certificate in pkcs12 format and the CA in pem and succesfully imported them both.
Both mikrotiks can ping each other so they do see each other.

Seems im gonna look stupid but i turned on my PC this morning and went to check if Mikrotiks can ping each other for this post and i noticed that the connectin established...
I just dont know what was the problem :/
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: IKEV2 IPsec VPN not connecting

Wed Jul 21, 2021 6:47 pm

I've written a guide here. See if it helps. Might be not perfect, but it worked perfectly fine for me. :)

Who is online

Users browsing this forum: ccrsxx, rplant and 31 guests