Различия

Показаны различия между двумя версиями страницы.

--- vpn:mikrotik_ikev2 [2019/09/19 14:12] – bers
+++ vpn:mikrotik_ikev2 [2019/09/19 17:17] (текущий) – bers
@@ Строка 1: / Строка 1: @@
-===== Configure KeepSolid ikev2 on Mikrotik hap ac2 =====
+===== Configure KeepSolid IKEv2 on Mikrotik hap ac2 (RouterOS v6.45 and up) =====
 Go to KeepSolid cabinet and generate config IKEv2 for Windows.
@@ Строка 15: / Строка 15: @@
 {{:vpn:screenshot_20190919_170226.png?400|}}
-Import your certificate: System - Certificates - Import
+Import your certificate: **System - Certificates - Import**
 {{:vpn:screenshot_20190919_170428.png?400|}}
-Next open Ipsec - Profiles - Add New
+Next open **Ipsec - Profiles - Add New**
 {{:vpn:screenshot_20190919_143414.png?400|}}
-Next create proposal: Ipsec - Proposals - Add New
+Next create proposal: **Ipsec - Proposals - Add New**
 {{:vpn:screenshot_20190919_143934.png?400|}}
-Create new group: Ipsec - Groups - Add New
+Create new group: **Ipsec - Groups - Add New**
 {{:vpn:screenshot_20190919_164217.png?400|}}
-Create ipsec policie: Ipsec - Policies - Add New
+Create ipsec policie: **Ipsec - Policies - Add New**
 {{:vpn:screenshot_20190919_144210.png?400|}}
-Add mode-config: Ipsec - Mode Configs - Add New
+Add mode-config: **Ipsec - Mode Configs - Add New**
 {{:vpn:screenshot_20190919_144251.png?400|}}
-Create ipsec peer: Ipsec - Peers - Add New
+Create ipsec peer: **Ipsec - Peers - Add New**
 {{:vpn:screenshot_20190919_144528.png?400|}}
-Add ipsec identity: Ipsec - Identities - Add New
+Add ipsec identity: **Ipsec - Identities - Add New**
 {{:vpn:screenshot_20190919_144749.png?400|}}
-Established connections see in Ipsec - Active peers and Ipsec - Installed SAs
+Established connections see in **Ipsec - Active peers and Ipsec - Installed SAs**
-To send all traffic to the tunnel create address-list with your local network: Firewall - Address Lists
+To send all traffic to the tunnel create address-list with your local network: **Firewall - Address Lists**
 {{:vpn:screenshot_20190919_145004.png?400|}}
-Assign this list to your mode-config: Ipsec - Mode Configs - KeepSolid
+Assign this list to your mode-config: **Ipsec - Mode Configs - KeepSolid**
 {{:vpn:screenshot_20190919_145024.png?400|}}
+Don't forget to disable Fasttrack in Firewall.
+That's all.
+=== P.S. Send only needed traffic to the tunnel ===
+Create connection-mark: **Ipsec - Mode Configs - Add/Edit**
+{{:vpn:screenshot_20190919_195550.png?400|}}
+Add needed ip to address list: **Firewall - Address Lists - Add New**
+{{:vpn:screenshot_20190919_200016.png?400|}}
+You can add different ip with the same Address List name.
+Create mangle rule: **Firewall - Mangle - Add New**
+{{:vpn:screenshot_20190919_150147.png?400|}}
+{{:vpn:screenshot_20190919_150200.png?400|}}
+If you have enabled **Fasttrack** edit the rule
+{{:vpn:screenshot_20190919_201455.png?400|}}