Community discussions

 
argif
just joined
Topic Author
Posts: 4
Joined: Thu Mar 24, 2016 10:38 am

ipsec ikev2 - iOs 'User authentication failed'

Thu Jun 20, 2019 3:37 pm

Hello,

i have set up an ipsec ikev2 VPN.

A connection from Windows 10 works fine. But from iOs I get the error 'User authentication failed'. In Mikotik log i can see the following entry:
identity not found for server: xxxxx.xx peer: ADDR4: xxx.xxx.xxx.xxx
For the Remote ID I used the CN from the server server certificate.

Here is my configuration:
/ip ipsec policy group
add name=ike2-policies
/ip ipsec profile
add name=ike2
/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=\
    aes-256-cbc,aes-128-cbc,3des lifetime=8h
add name=ike2 pfs-group=none
/ip pool
add name=ike2-pool ranges=192.168.77.2-192.168.77.254
/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf \
    split-include=192.168.8.0/24
/ip ipsec identity
add auth-method=rsa-signature certificate=server_MT generate-policy=\
    port-strict mode-config=ike2-conf peer=ike2 policy-template-group=\
    ike2-policies
/ip ipsec policy
add dst-address=192.168.77.0/24 group=ike2-policies proposal=ike2 \
    src-address=0.0.0.0/0 template=yes
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue Feb 26, 2019 12:49 pm

Re: ipsec ikev2 - iOs 'User authentication failed'

Thu Jun 20, 2019 5:40 pm

What settings do you have for user auth on an iOS device ?
It shoud be set to none, for detailed instructions on how to set up iOS client look at https://wiki.mikrotik.com/wiki/Manual:I ... figuration
 
argif
just joined
Topic Author
Posts: 4
Joined: Thu Mar 24, 2016 10:38 am

Re: ipsec ikev2 - iOs 'User authentication failed'

Thu Jun 20, 2019 10:23 pm

That's it - thank you for your quick support
 
stonerhash
just joined
Posts: 5
Joined: Mon Oct 21, 2019 4:37 pm

Re: ipsec ikev2 - iOs 'User authentication failed'

Wed Oct 30, 2019 9:06 am

Its working with SAN names

Who is online

Users browsing this forum: Google [Bot] and 47 guests