IPSec IKEv2 VPN won't connect

I am attempting to connect to our VPN from an RV50 to a Mikrotik router using IKEv2. It looks like the newer OSes support this but I continually get “Error Connecting” as my status.

In the VPN tab, I have IPSec Implementation set as standard, local termination as LAN, and FIPS enabled.
Split tunnel has everything enabled right now so that I don’t lock myself out.
Failover is all set to none since I will only be using one VPN.

VPN is set as IPSec, mode is client, Internet key exchange is IKEv2 and all other features in general are disabled.
In network, It is set to use the host’s subnet and exempt ALMS and AMM traffic.

In authentication, I have tried loading the same exact certificates that I use on my phone to connect to our VPN, which require a passphrase, and that did not work so I have also exported the certificates again with no passphrase and got the same result. I also extracted a key file and used that for the key but I also tried using the client certificate, which of course has the key anyway, and I also get the same result.

Security on the router and the modem are both set to the same encryption, authentication, and key groups.

When I watch the exchange on the router, I see the initial request from the modem and then it just kills the connection after about 10 seconds, it looks like it is at the request of the modem too.

I set VPN logging to debug so that I could see the exchange on the modem side and it all looks very normal and then just says ALEOS_VPN_SwanMgr: CHILD_SA config ‘tunnel1’ not found. I’m fairly confident that everything is setup the same on both sides. Does anything jump out to anyone? I would upload the logs but it won’t let me because I am new.

I think that the RV50 cannot read the key from the p12 file. It is definitely in X509 format. I tried exporting the client cert from the Mikrotik router in PEM format but that doesn’t seem to include the key and openSSL just gives the certificate with no key when I do p12 in and crt(PEM) out. Does anyone have any experience with what exact format the RV50 wants for certs and keys? The documentation just says x509 which everything from Mikrotik already is.


Have you resolved the problem?
Please make sure that the common name (should be IP address) in RV50’s certificate is the same as the gateway’s WAN IP address. You also need to check if Mikrotik requires identity certificate from VPN client.
Could you help to share your network topology (diagram would be good) and the configuration template on RV50?