===== Configure KeepSolid IKEv2 on Mikrotik hap ac2 (RouterOS v6.45 and up) =====

Go to KeepSolid cabinet and generate config IKEv2 for Windows.

{{:vpn:screenshot_20190919_142745.png?400|}}

Save certificate to your computer, remember you login/password and IP address.

{{:vpn:screenshot_20190919_142909.png?400|}}

Open Mikrotik webfig. 

Open Files and add certificate

{{:vpn:screenshot_20190919_170226.png?400|}}

Import your certificate: **System - Certificates - Import**

{{:vpn:screenshot_20190919_170428.png?400|}}

Next open **Ipsec - Profiles - Add New**

{{:vpn:screenshot_20190919_143414.png?400|}}

Next create proposal: **Ipsec - Proposals - Add New**

{{:vpn:screenshot_20190919_143934.png?400|}}

Create new group: **Ipsec - Groups - Add New**

{{:vpn:screenshot_20190919_164217.png?400|}}

Create ipsec policie: **Ipsec - Policies - Add New**

{{:vpn:screenshot_20190919_144210.png?400|}}

Add mode-config: **Ipsec - Mode Configs - Add New**

{{:vpn:screenshot_20190919_144251.png?400|}}

Create ipsec peer: **Ipsec - Peers - Add New**

{{:vpn:screenshot_20190919_144528.png?400|}}

Add ipsec identity: **Ipsec - Identities - Add New**

{{:vpn:screenshot_20190919_144749.png?400|}}

Established connections see in **Ipsec - Active peers and Ipsec - Installed SAs**

To send all traffic to the tunnel create address-list with your local network: **Firewall - Address Lists**

{{:vpn:screenshot_20190919_145004.png?400|}}

Assign this list to your mode-config: **Ipsec - Mode Configs - KeepSolid**

{{:vpn:screenshot_20190919_145024.png?400|}}

Don't forget to disable Fasttrack in Firewall.

That's all.


=== P.S. Send only needed traffic to the tunnel ===

Create connection-mark: **Ipsec - Mode Configs - Add/Edit**

{{:vpn:screenshot_20190919_195550.png?400|}}

Add needed ip to address list: **Firewall - Address Lists - Add New**

{{:vpn:screenshot_20190919_200016.png?400|}}

You can add different ip with the same Address List name.

Create mangle rule: **Firewall - Mangle - Add New**

{{:vpn:screenshot_20190919_150147.png?400|}}

{{:vpn:screenshot_20190919_150200.png?400|}}

If you have enabled **Fasttrack** edit the rule

{{:vpn:screenshot_20190919_201455.png?400|}}