Community discussions

MikroTik App
 
Biker111
newbie
Topic Author
Posts: 37
Joined: Thu Aug 11, 2016 1:21 am
Location: Denmark

More detaled ipsec wiki

Tue Feb 12, 2019 4:49 pm

Hi

Does anyone know where to find detailed explanations regarding ipsec with rsa certificates?
I need some explanations and examples using rsa key, rsa signature and rsa signature hybrid ... site-to-site and self-signed.
I'm tired of using Google, Youtube and guessing.

Cheers
Biker
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: More detaled ipsec wiki

Wed Feb 13, 2019 9:50 am

There is already example how to use RSA and also how to generate certificates:
https://wiki.mikrotik.com/wiki/Manual:I ... entication

Everything else is not RouterOS specific and there are a lot of resources around the internet about RSA keys certificates and how they work.
 
Biker111
newbie
Topic Author
Posts: 37
Joined: Thu Aug 11, 2016 1:21 am
Location: Denmark

Re: More detaled ipsec wiki

Mon Feb 18, 2019 11:53 am

Hi

Thanks for your answer.

I thought I understood that page, but I give it a second look :)
I'm trying to figure out how to make a ipsec tunnel between 2 Mikrotik's, hub-spoke, but only with the client certificate on the spoke site.

It runs fine with both ends having both certificates, but it's a little "unsafe".

Cheers
Biker
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: More detaled ipsec wiki

Mon Feb 18, 2019 1:06 pm

When you specify local and remote certificates in ipsec configuration, it means that server will very client and client will verify if server certificate is valid, which is more secure than what you want when only client is verifying server certificate.
If you really wan this, then configuration example from provided link in previous post is exactly what you need.

Who is online

Users browsing this forum: mgrlobo, uxertxo and 92 guests