1. can the same identity be shared among several peer configurations? I read somewhere that it can, but from what I see the peer=xxx field is mandatory in identity.
2. How Mikrotik selects the identity when working as INITIATOR?
My understanding is that if Mikrotik is working as initiator, than the flow is as follows:
1. Mikrotik periodically scans the /ip/ipsec/peer table and detects that it has a peer with passive=no, so it will try to establish connection. Let's assume it is
Code: Select all
/ip/ipsec/peer add name=test passive=no etc....
Now the question:
- will it just find the first matching identity and will try to use it?
- or will it place all matching identities somehow together in the IKE_AUTH packet?
- or will it send paralelly IKE_AUTH packets for each matchin identity possibly creating parallel connections?
- or will it try all matching identity members one by one until it will find one that will succesfully connect?