I've got a working IKEv2 vpn with RSA authentication on my new Mikrotik after following their wiki guideIt wasn't documented as part of the guide but I had some fun figuring out that I needed to add a couple of Filter rules to enable this to work. Namely: 1 ;;; allow L2TP VPN (500,4500,1701/udp)chain=input action=accept protocol=udp in-interface=pppoe-out1 dst-port=500,1701,4500 log=yes log-prefix="vpn"2 ;;; allow L2TP VPN (ipsec-esp)chain=input action=accept protocol=ipsec-esp in-interface=pppoe-out1 log=yes log-prefix="vpn" Windows 10 clients are connecting and working fine with Certificate Authentication so I've assumed VPN is setup correctly. Not so with my iPhone (IOS 11). Filter log indicates:jul/26 07:00:18 ipsec,info new ike2 SA (R): public.ip.address[500]-my.iphone.public.address[44774] spi:f3ac03c95c285edd:0b7eaa5b9a4d8b2djul/26 07:00:18 ipsec,error EAP not configuredjul/26 07:00:18 ipsec,info killing ike2 SA: public.ip.address[4500]-my.iphone.public.address[40931] spi:f3ac03c95c285edd:0b7eaa5b9a4d8b2d But I'm not using EAP - at least I don't think I am. I found some info online about older IOS versions having a bug requiring EAP with certs. My iPhone VPN connection specifies Certificate Authentication. I have both Root cert and Client certs loaded, verified and trusted.Has anyone encountered this? I'll play some more tonight but fallback plan may be to try a L2TP/IpSec connection instead.
↧