I'm not sure where to submit this issue. I hope somebody who has access to the wiki will read this.
There is a mistake here:
https://wiki.mikrotik.com/wiki/Manual:I ... figuration
In the example, first we create a profile and a proposal:
Then later we create a peer, but forgot to set the profile:It is advised to create a separate Phase 1 profile and Phase 2 proposal configurations to not interfere with any existing IPsec configuration.
Code: Select all
/ip ipsec profile add name=ike2-rw /ip ipsec proposal add name=ike2-rw pfs-group=none
If you try the given example then it may work, because the profile was created with default options. But it is a mistake, because the peer is not assigned to the profile, and any option set on the profile won't affect the peer. I think it would be benefical to add "profile=ike2-rw" to the peer config. (But I don't have access to the wiki.)Lastly, create peer and identity configurations.Code: Select all
/ip ipsec peer add address=126.96.36.199/32 exchange-mode=ike2 name=ike2-rw-client