You're running into two pretty common IKEv2 issues:
- "no policy found/generated"
This usually means the router can't generate a matching IPsec policy. Check your peer, identity, and proposal settings. Make sure remote-id and my-id on the Mikrotik match what's coming from the StrongSwan client.
- "unable to get local issuer certificate..."
This means the router can't verify the client certificate because it's missing the issuer (CA). Make sure you've imported the full certificate chain (Root + any intermediate certs) and that they're marked as trusted.
Also, double-check that your IPsec policy template exists and is valid.
- "no policy found/generated"
This usually means the router can't generate a matching IPsec policy. Check your peer, identity, and proposal settings. Make sure remote-id and my-id on the Mikrotik match what's coming from the StrongSwan client.
- "unable to get local issuer certificate..."
This means the router can't verify the client certificate because it's missing the issuer (CA). Make sure you've imported the full certificate chain (Root + any intermediate certs) and that they're marked as trusted.
Also, double-check that your IPsec policy template exists and is valid.
Statistics: Posted by Larsa — Sun Apr 06, 2025 12:57 pm