IKEv2 - Win10 Select Certificate Multiple VPN tunels

huntah · Wed Jun 13, 2018 4:18 pm

Hi,

I have IKEv2 with cert up and running. Everrthig is working as it should but I have a problem on Win10 1803 machines (maybe also other Win versions).
The config is based on:
https://wiki.mikrotik.com/wiki/Manual:I ... entication

I manage multiple clients and all of the have IKEv2 VPN with certs.
My Win10 client sends the wrong certificate to different VPN Servers. How can I select which cert to use (like on IPAD od Strongswan).
The certs are imported in machine store.. But How can I select which one to use.
Anybody else expirienced and solved this problem?

Regards
Huntah

huntah · Fri Jun 15, 2018 9:00 pm

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.

Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'

Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

akarpas · Wed Jun 12, 2019 1:35 pm

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Code: Select all
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

Could you or someone explain more as this is didnt work for me

huntah · Wed Jun 12, 2019 1:58 pm

What was the error?
You need PowerShell and not CMD.
It wont work if you have the same CA. I havent tried to specify which cert to use with the same CA (Certificate Authority).

This is useful if you have multiple IKEv2 VPN clients on different locations. And all the servers have different CA.

akarpas · Wed Jun 12, 2019 2:31 pm

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Code: Select all
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!
Could you or someone explain more as this is didnt work for me

sorted out all works thank you

greek · Fri Aug 02, 2019 1:30 am

Tell me please, how to do it for Win7 Pro ?

Retral · Thu Feb 13, 2020 7:45 pm

Hi,

I have found the solution if someone should came accros the same problem.
So the solution is to use powerShell and specify the CA to use:
here is the example.
Code: Select all
Set-VpnConnection -Name "My VPN Connection" -MachineCertificateIssuerFilter 'C:\mycerts\cert_export_MikrotikIKEv2-CA.crt'
Now I can have multiple IKEv2 VPN Clients on my Windows Machine.
Maybe an WiKi Update would not be also good because lots of people are using IKEv2 More and More!

Thank you sir. That works very well.

mrkacg · Sun May 16, 2021 3:47 pm

Tell me please, how to do it for Win7 Pro ?

Hello, I have the same question

IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

IKEv2 - Win10 Select Certificate Multiple VPN tunels

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED] [SOLVED]

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels [SOLVED]

Re: IKEv2 - Win10 Select Certificate Multiple VPN tunels

Who is online