I don't know what to write in this field.
Whatever I write in that field, the "peer's ID does not match certificate" error appears in the mikrotik log
This is the mikrotik conf.
Code: Select all
certificate print
Flags: K - PRIVATE-KEY; L - CRL; A - AUTHORITY; I, R - REVOKED; T - TRUSTED
Columns: NAME, COMMON-NAME, SUBJECT-ALT-NAME
# NAME COMMON-NAME SUBJECT-ALT-NAME
0 KLA T CA_ike2.xyz CA_ike2.xyz DNS:CA_ike2.xyz
1 K I SERVER_IKE2.xyz SERVER_IKE2.xyz DNS:SERVER_IKE2.xyz
2 K I management@abc.it management@abc.it email:management@abc.it
/ip ipsec mode-config
add address-pool=pool_IKE2 address-prefix-length=32 name=modeconf_ike2 split-include=0.0.0.0/0 static-dns=10.165.46.1 \
system-dns=no
/ip ipsec policy group
add name=group_ike
/ip ipsec profile
add dh-group=modp2048,modp1536 enc-algorithm=aes-256 hash-algorithm=sha256 name=peer_profile_ike2
/ip ipsec peer
add exchange-mode=ike2 local-address=1.2.3.4 name=peer1 passive=yes profile=peer_profile_ike2
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=proposal_ike2 pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=CA_ike2.xyz generate-policy=port-strict match-by=certificate mode-config=\
modeconf_ike2 peer=peer1 policy-template-group=group_ike remote-certificate=management@abc.it remote-id=\
fqdn:management@abc.it
/ip ipsec policy
add dst-address=10.165.46.0/24 group=group_ike src-address=0.0.0.0/0 template=yes