For a couple of days I'm struggling to make my android phone to connect to a IKEv2 vpn
Setup: MIKROTIK ROS 6.47.9 LTS
4 windows machines ( certificated create + imported on each machine ) => ALL of them can establish connection.
/certificate pr detail
Code: Select all
K I name="xena@local.cz" digest-algorithm=sha256 key-type=rsa country="CZ" state="S.Moravi" locality="Brno"
common-name="xena@local.cz" key-size=2048 subject-alt-name=email:xena@local.cz days-valid=3650 trusted=no
key-usage=tls-client ca=RootCAEx serial-number="5C151F90DA7F9BEF"
fingerprint="526d0e0334d0b9237c80f2d9fce7a1b81282bbf4bf20caa3d2829e47cc71e94d" akid=b463b2c9a4d366b17434f99c051bb7a6b66a2e72
skid=c7d5472597d8cfc1eef530c85fdb2af5b992ec16 invalid-before=apr/24/2021 22:48:04 invalid-after=apr/22/2031 22:48:04
expires-after=521w2d21h55m52s
ip ipsec peer export
/ip ipsec peer
add exchange-mode=ike2 name=xena@local.cz passive=yes profile=profile.ike2
[admin@core-router] > ip ipsec identity export
/ip ipsec identity
add auth-method=digital-signature certificate=vpn_ike2 generate-policy=port-strict match-by=certificate mode-config=cfg1 my-id=\
fqdn:xena@local.cz peer=xena@local.cz policy-template-group=ike2 remote-certificate=xena@local.cz
I HAVE tried all possible combinations for : ID Type/Remote ID type and EVERY time I get to the logs:
Code: Select all
got CERT: CN=xena@local.cz,C=CZ,ST=S.Moravi,L=Brno,O=,OU=,SN=
identity not found for peer: DER DN: CN=xena@local.cz,C=CZ,ST=S.Moravi,L=Brno,O=,OU=,SN=