Hi,
I tried the "quite" new IKEv2 feature in ROS. I followed this guide https://wiki.mikrotik.com/wiki/Manual:I ... 2_RSA_auth and it works great if I import the genereated pfx cert to local computers cert store. It does not work (windows claims it cannot find IKE computer cert during connect) if I store it to users store.
I know this problem is not MikroTik related, but I wonder what´s best practice for this.
After importing it to local computer, every user of the computer can use it to authorize to the VPN server. In windows VPN client I can select "Use machine certificates" but not "Use user certificates".
I guess usually you would do two way auth with EAP (cert and userlogin data) but as mentioned in the wiki, EAP is not implemtened at the moment (although there is EAP Radius in the peer config).
So what do you suggest how to use it best way?
Best Regards
Martin

EAP with radius is implemented and working only with cert installed in User Store (in this mode Windows searching for certificate only in user store).