Community discussions

 
msatter
Forum Guru
Forum Guru
Posts: 1200
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.45beta [testing] is released!

Sat Jun 29, 2019 5:22 pm

Have a look at this page for NordVPN, if your provider has no specific certificate then you need the root cert from/for that provider

https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.2
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
ztx
just joined
Posts: 5
Joined: Sun Nov 05, 2017 4:46 am

Re: v6.45beta [testing] is released!

Sat Jun 29, 2019 9:00 pm

Have a look at this page for NordVPN, if your provider has no specific certificate then you need the root cert from/for that provider

https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
In windows, it needs username and password only.
I found a setup guide for strongswan:
1. launch the app and then tap on Add VPN profile.
2. Now you’ll need to enter a VPN server address.
3. Now choose the VPN type. Select Ikev2 EAP (username/password).
4. Next, enter PureVPN provided credentials in Username and Password fields.
5. Next, check the CA certificate.
6. Profile Name: PureVPN Ikev2 (you may type anything).
Now tap on show advanced settings and type in server identity: pointtoserver.com
Finally, hit save and then connect to the newly created Ikev2 profile.
How can I setup on routeros?
thanks!
 
ztx
just joined
Posts: 5
Joined: Sun Nov 05, 2017 4:46 am

Re: v6.45beta [testing] is released!

Sun Jun 30, 2019 9:36 am

msatter All EAP methods require at least the root CA certificate for IKEv2. On Windows, it is possible, that the CA certificate is already in the Trusted Windows Certificate store so you do not have to import anything. Either ask your provider for the CA certificate or try finding out which certificate is used on Windows and export it to RouterOS.

Also there is no wildcard support for remote-id fqdn field. I would suggest leaving the remote-id to auto.

mezzovide no, conntrack has nothing to do with it, however we have already fixes for your described issues in previous betas. Did you try the latest beta and can verify the issue is still present?
emils How can I find which certificate is used? thanks!
 
msatter
Forum Guru
Forum Guru
Posts: 1200
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.45beta [testing] is released!

Sun Jun 30, 2019 10:58 am

I am not Emils however I can answer your question.

You need the comodo-root.crt and import it in system-certificate. Stae that you ignore the check on it in the ipsec screen.

viewtopic.php?f=21&t=146087&p=731038&hi ... er#p731253
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.2
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
mattgorecki
just joined
Posts: 1
Joined: Sat Jun 01, 2019 12:17 am
Location: Helena, Montana
Contact:

Re: v6.45beta [testing] is released!

Sun Jun 30, 2019 10:28 pm

The current download of 6.45beta62 for MIPSBE is giving me a checksum error.

On my mac:
MD5 (routeros-mipsbe-6.45beta62.npk) = 637a0bbb58bb0a3012ae9289dc9e7cbc
The website says it should be:
MD5 routeros-mipsbe-6.45beta62.npk: d7b9284935f8123cbf4df0c735c995c3
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 481
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.45beta [testing] is released!

Mon Jul 01, 2019 10:15 am

New version 6.45.1 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=149786

Who is online

Users browsing this forum: No registered users and 4 guests