MikroTik

good afternoon, I have a mikrotik, how can I connect it as an ikev2 client?

in windows I just create a new vpn connection, specify the remote address, username and password. on my iphone I also create a new vpn connection, specify the remote address, username and password.

how can I also connect my mikrotik?

If the VPN provider is the one you've posted, then you're out of luck because IKEv2 with username and password means that they're using an EAP method of authentication, which means that you neeed the whole certificate chain of trust. If you kindly ask them which are their root CA and intermediate certifcates, you can either extract them from a Windows/macOS machine or again kindly ask them to send them to you. After that we could continue our discussion on how to connect a MikroTik to IKEv2 EAP

are used there free certificates letsencrypt https://letsencrypt.org/certificates/ CN=R10 or R11

are used there free certificates letsencrypt https://letsencrypt.org/certificates/ CN=R10 or R11

So where is the issue?

Ok, for starters you would have to download ISRG ROOT X1 and R10 and R11 as .pem, add them to the router's files ajd import them
After that, you would create an IPsec profile and proposal:
Next, you would configure a policy group and a policy template for the traffic to be sent over the tunnel:
Following, you add a mode configuration which would be later set to forward the desired traffic through the VPN:
Further, you would add a peer and an identity - the most important parts; because in peer you add the address/DNS of the server you connect to and in identity the username and password:
Lastly, after all this is done, you would need to consider traffic from which subnets should be sent over the tunnel by adding them in a firewall address list and adding the list itself in the mode-config settings:
FYI, the structure of my answer is based on the following article from the MikroTik Docs where there are more detailed explanations but for another VPN vendor:

https://help.mikrotik.com/docs/spaces/R ... d+RouterOS

thanks for the answer TheCat12, first I focused on installing Phase 1 and turned on logging, so i saw that i need to enable sha256, for that created a new profile:
/ip ipsec profile add enc-algorithm=aes-256,aes-128,3des hash-algorithm=sha256 name=profile1
after that i imported R10 and R11 certificates, and Phase 1 was successfully installed, I think my mistake at this stage was related to the fact that I did not specify eap-methods=eap-mschapv2 and excessive selection of certificates

after 5-10 seconds Phase 1 is canceled because no policy was created, but then I created the necessary settings and everything worked

now everything works, but I see that on the local computer that gets access to the Internet through this tunnel, it takes a very long time to open pages, although I see that ping and nslookip are working fine. perhaps I still need to check the local network settings.

yes, that's MTU, added
/ip firewall mangle add chain=forward connection-mark=mark1 action=change-mss new-mss=1380 protocol=tcp tcp-flags=syn passthrough=yes

and it worked. thanks again for the help!