Community discussions

MUM Europe 2020
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Wed Nov 25, 2015 9:54 pm

Ipsec Site to Site with certificate

Mon Dec 10, 2018 9:59 pm

Hi
I try to configure a connection between two ccr1009 and encrypt this with ipsec.
If I try to use psk everything works fine. But I wanna use instead certificates. I search for some time but I didn't found any tutorial how to do this.

So I wanna ask would this be possible?
Thanks
 
anwlab
just joined
Posts: 2
Joined: Tue Dec 11, 2018 11:10 pm

Re: Ipsec Site to Site with certificate

Tue Dec 11, 2018 11:17 pm

Same to me.
Trying to connect RB951G with SonicWall NSA2400. IKEv2 PSK mode works fine, certificate - no. Sonicwall says "IKEv2 Unable to find IKE SA" and "IKEv2 Payload processing error".
Mikrotik says - "remote peer connection established" and resets connection in 30-40 sec.
 
anwlab
just joined
Posts: 2
Joined: Tue Dec 11, 2018 11:10 pm

Re: Ipsec Site to Site with certificate

Wed Dec 12, 2018 12:38 am

Found weird issue. My-id been set as WAN IP address, not auto. But as I can see in ipsec log, mikrotik did not set address there. It replaced with DN. RouterOS 6.43.7.
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Wed Nov 25, 2015 9:54 pm

Re: Ipsec Site to Site with certificate

Tue Dec 18, 2018 9:55 pm

Any news about that? Still trying around but no chance to get it working.

Only Log-Entry shown is: Can't get private key.
So what is wrong there?

I created a certificate for server (tls-server) and another one for the client (tls-client) installed on the client the certificate and configured the peer with rsa-signature and only the client-certificate.
On Server i used both certificates.

Also i tryed to play arrond with fqdn and address without success.

Would be fine if anybody can help here.
IPSec with Certificate is really needed!

thanks
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Wed Nov 25, 2015 9:54 pm

Re: Ipsec Site to Site with certificate

Thu Dec 20, 2018 8:31 pm

Nobody with an idea?
 
User avatar
JohnTRIVOLTA
Member Candidate
Member Candidate
Posts: 208
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: Ipsec Site to Site with certificate

Thu Dec 20, 2018 10:19 pm

Hi
I try to configure a connection between two ccr1009 and encrypt this with ipsec.
If I try to use psk everything works fine. But I wanna use instead certificates. I search for some time but I didn't found any tutorial how to do this.

So I wanna ask would this be possible?
Thanks
Just try , use IKE2 with auth. method RSA Signature with check off certs key usage ipsec tunnel, user, end system!

Who is online

Users browsing this forum: Google [Bot] and 62 guests