I'm trying to get IPsec connections from dynamic IP Adresses to work, but I have some issues with that.
First of all I can't get it to succesfully establish Phase One if the Identety for the peer with Address 0.0.0.0/0 has any local ID or Remote ID then auto set.
The Log says:
22:14:42 ipsec,error 192.168.88.2 failed to get valid proposal.
22:14:42 ipsec,error 192.168.88.2 failed to pre-process ph1 packet (side: 1, statu
22:14:42 ipsec,error 192.168.88.2 phase1 negotiation failed.
As soon as i set the Address in the Peer it straight works without any changes on the Identity.
However if i set the Local and Remote ID on auto it works.
The second issue i have, is that i have many peers that come from a dynamic IP and for every of those i would need different policies.
Is there any Way to identify a peer by it's ID instead of using the address.
Before Mikrotik i used a Bintec router and that one allways used the remote id to identify the peer.
As far as i understood it with Mikrotik I can only have one peer with no address and therefore also only one profile but multiple Identetys for that peer then.
That would also mean i can't assign different policies then.
Is there any way to get multiple peers with dynamic IP addresses to work?