Это старая версия документа!
Configure KeepSolid IKEv2 on Mikrotik hap ac2 (RouterOS v6.45 and up)
Go to KeepSolid cabinet and generate config IKEv2 for Windows.
Save certificate to your computer, remember you login/password and IP address.
Open Mikrotik webfig.
Open Files and add certificate
Import your certificate: System - Certificates - Import
Next open Ipsec - Profiles - Add New
Next create proposal: Ipsec - Proposals - Add New
Create new group: Ipsec - Groups - Add New
Create ipsec policie: Ipsec - Policies - Add New
Add mode-config: Ipsec - Mode Configs - Add New
Create ipsec peer: Ipsec - Peers - Add New
Add ipsec identity: Ipsec - Identities - Add New
Established connections see in Ipsec - Active peers and Ipsec - Installed SAs
To send all traffic to the tunnel create address-list with your local network: Firewall - Address Lists
Assign this list to your mode-config: Ipsec - Mode Configs - KeepSolid
Don't forget to disable Fasttrack in Firewall.
That's all.
P.S. Send only needed traffic to the tunnel
Create connection-mark: Ipsec - Mode Configs - Add/Edit
Add needed ip to address list: Firewall - Address Lists - Add New
You can add different ip with the same Address List name.
Create mangle rule: Firewall - Mangle - Add New
If you have enabled Fasttrack, add next rule
