IPSec Local Certificate Key, include certs or not?

I have a Mikrotik router with an IKEV2 VPN set up. I exported the CA and client certs as PEM and imported them to an RV50. I exported the client cert as P12 so that it would include the key and, since the guide for the RV50 says that you need to have the key in PEM, I used OpenSSl to extract the key for the client. It included the cert for the CA and client as well as the client key. Is that correct?

I am having an issue connecting to the VPN. The router shows the connection start but the peer does not have a name and it does not assign it an IP so I am wondering if I did something wrong with the local cert and key.

Hi makangribe,
Yes, you should add cert/key in PEM file.
The peer does not have a name, because there is a mismatch between server and device’s configuration.
Make sure that you add correct cert/key to device.
Besides that, other parameters ( such as ike version, dpd information, mobike, left/right subnet, authentication…) must be correct. Please refer document “41113547_ALEOS 4.13.0 Software Configuration User Guide for AirLink RV50_r1”


1 Like