How to set up IPSec Xauth RSA client on Mikrotik/RouterOS

ipsecmikrotikvpn

I would need to configure IPSec Xauth RSA client on Microrik. I have such client working on Android. I have all necessary certificates provided along with Username/Password.

Is it ever possible?

If so – what would be the related auth-method for Mikrotik setup?

RouterBOARD 750G r3, fw 6.41.1

Best Answer

It is possible, yes. The only limit is that you can only authenticate using CHAP; none of the EAP authentication methods are currently available. It works by changing the auth-method to rsa-signature-hybrid (certificates + xauth). Here's an example configuration:

/ip ipsec peer
add address=172.16.0.2 auth-method=rsa-signature-hybrid certificate=cert.p12
    mode-config=request-only exchange-mode=ike2 generate-policy=port-strict
    xauth-login=username xauth-password=password

Best Answer

Related Solutions

Ubuntu – How to start setting up a VPN server for smart phone clients

Openvpn – VPN connection between Endian firewall and Android phones

Related Topic