Page 1 of 1

ipsec ikev2 - iOs 'User authentication failed'

Posted: Thu Jun 20, 2019 3:37 pm
by argif
Hello,

i have set up an ipsec ikev2 VPN.

A connection from Windows 10 works fine. But from iOs I get the error 'User authentication failed'. In Mikotik log i can see the following entry:
identity not found for server: xxxxx.xx peer: ADDR4: xxx.xxx.xxx.xxx
For the Remote ID I used the CN from the server server certificate.

Here is my configuration:
/ip ipsec policy group
add name=ike2-policies
/ip ipsec profile
add name=ike2
/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=\
    aes-256-cbc,aes-128-cbc,3des lifetime=8h
add name=ike2 pfs-group=none
/ip pool
add name=ike2-pool ranges=192.168.77.2-192.168.77.254
/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf \
    split-include=192.168.8.0/24
/ip ipsec identity
add auth-method=rsa-signature certificate=server_MT generate-policy=\
    port-strict mode-config=ike2-conf peer=ike2 policy-template-group=\
    ike2-policies
/ip ipsec policy
add dst-address=192.168.77.0/24 group=ike2-policies proposal=ike2 \
    src-address=0.0.0.0/0 template=yes

Re: ipsec ikev2 - iOs 'User authentication failed'

Posted: Thu Jun 20, 2019 5:40 pm
by McSee
What settings do you have for user auth on an iOS device ?
It shoud be set to none, for detailed instructions on how to set up iOS client look at https://wiki.mikrotik.com/wiki/Manual:I ... figuration

Re: ipsec ikev2 - iOs 'User authentication failed'

Posted: Thu Jun 20, 2019 10:23 pm
by argif
That's it - thank you for your quick support

Re: ipsec ikev2 - iOs 'User authentication failed'

Posted: Wed Oct 30, 2019 9:06 am
by stonerhash
Its working with SAN names