Microtik IPSEC Ike2 VPN
/certificateadd common-name=ca name=casign “ca” ca-crl-host=x.x.x.xadd common-name=x.x.x.x subject-alt-name=IP:x.x.x.x key-usage=tls-server name=server1sign server1 ca=ca /ip ipsec profileadd name=ike2/ip ipsec proposaladd name=ike2 auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=none /ip pooladd name=ike2-pool ranges=y.y.y.10-y.y.y.90/ip ipsec mode-configadd address-pool=ike2-pool address-prefix-length=32 name=ike2-conf /ip ipsec policy groupadd name=ike2-policies/ip ipsec policyadd dst-address=y.y.y.0/24 group=ike2-policies proposal=ike2 src-address=0.0.0.0/0 template=yes /ip ipsec peeradd exchange-mode=ike2 name=ike2 passive=yes profile=ike2 /ip ipsec identityadd auth-method=digital-signature certificate=server1 generate-policy=port-strict mode-config=ike2-conf peer=ike2 policy-template-group=ike2-policies /certificateadd common-name=rw-client1 name=rw-client1 key-usage=tls-clientsign rw-client1 ca=ca /certificateexport-certificate rw-client1 export-passphrase=12345 type=pkcs12 /certificateexport-certificate ca type=pem /certificateexport-certificate caexport-certificate rw-client1 export-passphrase=12345