Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

EAP+PSK ipsec VPN

Post Reply
 
Philippe57
just joined
Topic Author
Posts: 10
Joined: Fri Feb 09, 2024 4:22 pm

EAP+PSK ipsec VPN

Fri Feb 09, 2024 4:48 pm

Hello everyone

I currently have a VPN server that is configured with this programming:
Code: Select all
/ip ipsec mode-config
add address-pool=Pool-VPN-OXO name=OXO-vpn-connect system-dns=no
/ip ipsec policy group
add name=OXO-VPN-GRP
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=VPN-OXO-PH1
/ip ipsec peer
add exchange-mode=ike2 name=IN-VPN-OXO passive=yes profile=VPN-OXO-PH1 send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm name=VPN_OXO pfs-group=modp2048
/ip ipsec identity
add generate-policy=port-override mode-config=OXO-vpn-connect my-id=fqdn:XX.XX.XX.XX notrack-chain=output peer=IN-VPN-OXO policy-template-group=OXO-VPN-GRP remote-id=ignore
a/ip ipsec policy
add group=OXO-VPN-GRP proposal=VPN_OXO template=yes
customer rating:
Capture d'écran 2024-02-09 153748.png
Now I would like to switch the VPN to EAP+PSK mode, on the client side here is what it asks:
Capture d'écran 2024-02-09 151637.png
how to create a certificate configure side mikrotik the VPN for authentication with certificate


Thank you for your help
You do not have the required permissions to view the files attached to this post.
Top
 
IlKa
newbie
Posts: 38
Joined: Sun Jan 03, 2021 11:42 pm

Re: EAP+PSK ipsec VPN

Sun Feb 11, 2024 5:08 am

You can create CA on Mikrotik itself, then create certificate for server (and sign it using CA), then create client certificate (and sign it using CA), export client certificate (protected by password, because RouterOS doesn't export private key without password) and configure IPSec identity based on this certificate.

viewtopic.php?t=175656
or this
https://mum.mikrotik.com/presentations/ ... 543676.pdf
Top
Post Reply
  4. RouterOS
  5. Beginner Basics