This is the glue that tells the IPSec Peer what IP pool to use. Here is the IP pool I added… /ip pool add name=vpn ranges=192.168.89.0/24 You can reuse the existing pool or create a new one just for IKEv2 VPN clients. This is a file format that iOS understands.Ĭonfigure IKEv2 in RouterOS Create an IP PoolĬheck first you may already have one if you have an existing PPTP, LT2P, or SSTP VPN setup. Note: If you were curious, pkcs12 is a bundle that contains the private key and signed certificate. Your exported client key pair is now in Files with the filename cert_export_12 Your exported CA certificate is now in Files with the filename cert_export_my.ca.crtĮxport the Client to a file w/ a Passphrase (required for iOS import) /certificate export-certificate vpn.client export-passphrase=12345678 type=pkcs12 certificate add name=vpn.client common-name=vpn.clientĮxport the CA certificate to a file /certificate export
Generate a certificate for the vpn client (your phone) and sign it. certificate add name=vpn.server common-name=vpn.server Generate a certificate for the vpn server (the router), sign it and trust it. certificate add name=my.ca common-name=my.ca key-usage=key-cert-sign,crl-sign trusted=yes
