General • Got stuck building IKEv2 w/ MFA for remote client

Hello,

i'm quite new to MikroTik.
Upto now: i did build a site-2-site IKEv2 tunnel with routing between networks, took some effort but works great now.
So i thought i'd use the same router (HexS) to create IKEv2 connection for remote clients.
I did study docs and forum a lot, the following was the resulting idea :
- MikroTik IPsec/IKEv2 behind a NAT-router/fw
- Radius server on the MikroTik on 127.0.0.1 to get the 2FA/MFA working (timebased authenticator app)
- Windows native VPN client via PowerShell config

But, .... after some weeks of learning and experimenting ...
I am rather stuck. Too many problems at once, too many variables, too little logging to tell me what is wrong.
I excluded the 2FA/MFA problem for now.
The router and the client both are interal networks. The forwarding (NAT) works.

The windows client needs certificates. Cant get that right. Help ?
I cannot seem to get much log (ipsec) from the MikroTik nor from the windows client. Anyone ?
Any ideas or config-examples ?
Any help would be greatly appreciated!

Statistics: Posted by MB123456 — Wed Feb 05, 2025 1:00 pm

---