Microtik IPSEC Ike2 VPN

Microtik IPSEC Ike2 VPN

/certificate
add common-name=ca name=ca
sign “ca” ca-crl-host=x.x.x.x
add common-name=x.x.x.x subject-alt-name=IP:x.x.x.x key-usage=tls-server name=server1
sign server1 ca=ca

/ip ipsec profile
add name=ike2
/ip ipsec proposal
add name=ike2 auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=none

/ip pool
add name=ike2-pool ranges=y.y.y.10-y.y.y.90
/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf

/ip ipsec policy group
add name=ike2-policies
/ip ipsec policy
add dst-address=y.y.y.0/24 group=ike2-policies proposal=ike2 src-address=0.0.0.0/0 template=yes

/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2

/ip ipsec identity
add auth-method=digital-signature certificate=server1 generate-policy=port-strict mode-config=ike2-conf peer=ike2 policy-template-group=ike2-policies

/certificate
add common-name=rw-client1 name=rw-client1 key-usage=tls-client
sign rw-client1 ca=ca

/certificate
export-certificate rw-client1 export-passphrase=12345 type=pkcs12

/certificate
export-certificate ca type=pem

/certificate
export-certificate ca
export-certificate rw-client1 export-passphrase=12345

Comments are closed.