Thu Aug 11, 2022 1:52 am
My experience is that "peer does not exist and suggestion" will disappear once I close the ipsec window and reopen (provided there is no error window).
ROS v6.48.6.
-----
/ip ipsec mode-config
add address-pool="VPN Pool" address-prefix-length=32 name=cfg1 split-include=0.0.0.0/0 static-dns=10.0.88.1 system-dns=no
/ip ipsec policy group
add name=group1
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 hash-algorithm=sha256 name=profile1
/ip ipsec peer
add exchange-mode=ike2 local-address=192.168.86.52 name=peer1 passive=yes profile=profile1
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cb c,aes-256-ctr,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc\
,aes-128-ctr,aes-128-gcm" lifetime=8h name=proposal1 pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=CA03-VPNSVR generate-policy=port-strict match-by=certificate \
mode-config=cfg1 peer=peer1 policy-template-group=group1 remote-certificate=CA03-Client
add auth-method=digital-signature certificate=CA03-VPNSVR generate-policy=port-strict match-by=certificate \
mode-config=cfg1 peer=peer1 policy-template-group=group1 remote-certificate=CA03-Client-02
/ip ipsec policy
set 0 disabled=yes
add dst-address=10.0.88.0/24 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes
-----
10.0.88.0/24 is the vpn address pool.
10.0.88.1 is the bridge loopback address
192.168.86.52 is the "public" ip address of the router