Community discussions

 
rexulX
just joined
Topic Author
Posts: 4
Joined: Thu Mar 21, 2019 12:26 pm

IKE2 RSA signature - identity not found for peer: DER DN:

Thu Mar 21, 2019 12:53 pm

I have configured IKE2. RouterOS 6.44.1

If I have just one ipsec identity, then it works fine. When I have two identities configured like below It doesnt work and end it up with error
"ipsec,error identity not found for peer: DER DN: client_win10cer

Certificaion creation:
/certificate
add common-name=ca name=CA days-valid=3650
sign CA ca-crl-host=MYSN.sn.mynetname.net

add common-name=MYSN.sn.mynetname.net subject-alt-name=DNS:MYSN.sn.mynetname.net key-usage=tls-server name=server1
sign server1 ca=CA

add common-name=client_win10cert key-usage=tls-client name=client_win10cert
sign client_win10cert ca=CA

add common-name=Client_AndroidPhoneCert key-usage=tls-client name=Client_AndroidPhoneCert
sign Client_AndroidPhoneCert ca=CA
Ipsec IKE2 conf:
/ip ipsec profile
add name=ike2-profile

/ip ipsec proposal
add name=ikev2-proposal pfs-group=none
/ip pool
add name=ikev2_dhcp_pool ranges=192.168.103.100-192.168.103.200

/ip ipsec mode-config
add address-pool=ikev2_dhcp_pool name=ikev2_mode_cfg1 system-dns=yes address-prefix-length=32

/ip ipsec policy group
add name=ikev2-policies

/ip ipsec policy
add dst-address=192.168.103.0/24 group=ikev2-policies proposal=ikev2-proposal src-address=0.0.0.0/0 template=yes

/ip ipsec peer
add exchange-mode=ike2 name=all_peers passive=yes profile=ike2-profile

/ip ipsec identity
add auth-method=rsa-signature certificate=server1 generate-policy=port-strict match-by=certificate \
mode-config=ikev2_mode_cfg1 peer=all_peers policy-template-group=ikev2-policies remote-certificate=client_win10cert

/ip ipsec identity
add auth-method=rsa-signature certificate=server1 generate-policy=port-strict match-by=certificate \
mode-config=ikev2_mode_cfg1 peer=all_peers policy-template-group=ikev2-policies remote-certificate=Client_AndroidPhoneCert
Any ideal please? Do i have anything wrongly configured?
Thanks
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 459
Joined: Thu Dec 11, 2014 8:53 am

Re: IKE2 RSA signature - identity not found for peer: DER DN:  [SOLVED]

Fri Mar 22, 2019 10:00 am

Try disabling and re-enabling the second identity (or both) and see whether it starts working then.
 
rexulX
just joined
Topic Author
Posts: 4
Joined: Thu Mar 21, 2019 12:26 pm

Re: IKE2 RSA signature - identity not found for peer: DER DN:

Fri Mar 22, 2019 12:37 pm

I tried it as you recommended (re-enabling both identities) and now it works fine. Problem solved then. Thanks!
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 459
Joined: Thu Dec 11, 2014 8:53 am

Re: IKE2 RSA signature - identity not found for peer: DER DN:

Fri Mar 22, 2019 12:41 pm

OK, thanks for reporting. We will fix the issue in next releases of RouterOS so disabling and enabling is not necessary.
 
theprojectgroup
just joined
Posts: 7
Joined: Tue Feb 21, 2017 11:40 pm

Re: IKE2 RSA signature - identity not found for peer: DER DN:

Fri Aug 16, 2019 12:22 am

Same here, disabling doesn't help.

The strange thing is, it works on iOS fine, but the windows client doesn't. Current RouterOS from today on CCR

Who is online

Users browsing this forum: No registered users and 76 guests