Community discussions

MikroTik App
 
User avatar
YuriS
just joined
Topic Author
Posts: 6
Joined: Thu Jul 13, 2017 2:29 pm
Location: Europe

Road Warrior (Remote Access) using IPSec IKEv2 with cert authorization for multiple users

Wed Feb 27, 2019 4:02 pm

Good day.
Mikrotik RB3011UiaS with RouterOS 6.43.12. in use.

Just introduced IPSec IKeV2 Remote Access with certificate authority for one test user.
Everything work fine, kindly obtain configuration settings
/ip ipsec peer profile
add dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=8h name=phase1_ra_win10
/ip ipsec policy group
add name=remote_access
/ip ipsec proposal
add enc-algorithms=aes-256-cbc lifetime=1h name=phase2_ra_win10 pfs-group=none
/ip pool
add name=Adv-RemoteAccess-pool ranges=192.168.20.2-192.168.20.62
ip ipsec mode-config
add address-pool=Adv-RemoteAccess-pool address-prefix-length=26 name=r_access_cfg split-include=192.168.40.0/26
/ip ipsec peer
add address=0.0.0.0/0 auth-method=rsa-signature certificate=vpn.server \
    comment="Remote Acces - Yuri S" exchange-mode=ike2 generate-policy=\
    port-strict mode-config=r_access_cfg passive=yes policy-template-group=\
    remote_access profile=phase1_ra_win10 remote-certificate=yuri.s \
    send-initial-contact=no
/ip ipsec policy
set 0 comment="Remote Access (Road Warrior)" dst-address=192.168.20.0/26 \
    group=remote_access proposal=phase2_ra_win10 src-address=0.0.0.0/0
but got error "This entry is unreachable" when trued to setup another user for Remote Access.
peers.png
Even if I ignore this error Remote Access stop working
ike error.PNG
Looking in Mikrotik Wiki and Google but no luck.

My mail goal is to setup Remote Access based on IPSec IKeV2 with certificate authorization for multiple (may users). Each user must has own personal certificate. Is it possible create this configuration on Mikrotik?
Where is my mistake?

Best regards.
You do not have the required permissions to view the files attached to this post.
Best regards,
Yuri.
 
User avatar
YuriS
just joined
Topic Author
Posts: 6
Joined: Thu Jul 13, 2017 2:29 pm
Location: Europe

Re: Road Warrior (Remote Access) using IPSec IKEv2 with cert authorization for multiple users

Mon Mar 04, 2019 10:38 am

Good day.

I found where issue was. I updated my Miktorik to 6.44. and configured Remote Access according this article
https://wiki.mikrotik.com/wiki/Manual:I ... entication

Everything works fine.

Thanks
Best regards,
Yuri.

Who is online

Users browsing this forum: No registered users and 103 guests