Search

Sunday, April 23, 2023

MikroTik ikev2 psk

 MikroTik is a powerful router operating system that offers a range of features for network administrators. One of the most popular features of MikroTik is its support for Internet Key Exchange version 2 (IKEv2) and Pre-Shared Key (PSK) authentication. This article will guide you through the configuration of MikroTik IKEv2 with PSK authentication.


What is IKEv2?


IKEv2 is a protocol used for secure communication over the internet. It is the successor to the original Internet Key Exchange (IKE) protocol and provides more security and flexibility than its predecessor. IKEv2 is widely used for virtual private networks (VPNs) because it offers faster connection speeds and greater stability.


What is PSK?


Pre-Shared Key (PSK) authentication is a simple form of authentication that uses a shared secret to establish a secure connection. This method of authentication is widely used because it is easy to set up and does not require the use of digital certificates.


Configuring MikroTik IKEv2 with PSK


To configure MikroTik IKEv2 with PSK authentication, follow these steps:


Step 1: Create a new user


The first step is to create a new user account on your MikroTik router. This account will be used for authentication when establishing a secure connection.


To create a new user, go to the "System" menu and click on "Users". Click the "Add New" button to create a new user. Enter a username and password for the new user, and then click the "OK" button to save the new user account.


Step 2: Configure IKEv2


The next step is to configure the IKEv2 settings on your MikroTik router. To do this, go to the "IP" menu and click on "IPsec". Click the "Proposals" tab and then click the "Add New" button.


Enter the following settings:


Proposal Name: ikev2-psk

Auth Algorithms: sha1, sha256, sha384, sha512

Encryption Algorithms: aes-128-cbc, aes-192-cbc, aes-256-cbc

DH Group: modp2048


Click the "OK" button to save the new proposal.


Step 3: Configure the IPsec policy


The next step is to configure the IPsec policy on your MikroTik router. To do this, go to the "IP" menu and click on "IPsec". Click the "Policies" tab and then click the "Add New" button.


Enter the following settings:


Src Address: 0.0.0.0/0

Dst Address: 0.0.0.0/0

Protocol: all

Proposal: ikev2-psk

Action: encrypt

Level: required

Comment: (optional)


Click the "OK" button to save the new policy.


Step 4: Configure the PSK


The final step is to configure the PSK on your MikroTik router. To do this, go to the "IP" menu and click on "IPsec". Click the "Peers" tab and then click the "Add New" button.


Enter the following settings:


Address: (IP address of the remote device)

Proposal: ikev2-psk

Authentication Method: pre-shared key

Pre-Shared Key: (shared secret)

Exchange Mode: main

Send Initial Contact: checked

NAT Traversal: checked

Comment: (optional)


Click the "OK" button to save the new peer.

No comments:

Post a Comment