steroid Posted October 4 Share Posted October 4 Возможно ли такое? ключ psk пытаюсь подключится - выдает со стороны микротика ошибки: got fatal error: AUTHENTICATION_FAILED killing ike2 SA: peer vpn.ike2.keenetic xx.xx.xx.xx[4500]-yyy.yyyy.yyy.yyy[4500] spi:4c47618963d37e27: new ike2 SA (I): peer vpn.ike2.keenetic xx.xx.xx.xx[4500]-yyy.yyy.yyy.yyy[4500] spi:eafe7aa2e909c359: на кинетике видно такое: Sep 26 16:17:18 ipsec: 07[IKE] authentication of 'xx.xx.xx.xx' with pre-shared key successful Sep 26 16:17:18 ipsec: 07[CFG] constraint check failed: EAP identity '%any' required Sep 26 16:17:18 ipsec: 07[CFG] selected peer config 'VirtualIPServerIKE2' unacceptable: non-matching authentication done Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted October 8 Share Posted October 8 Имеется в виду обычный site-to-site ikev2 psk? А зачем тогда вы EAP включили на M? Quote Link to comment Share on other sites More sharing options...
steroid Posted October 9 Author Share Posted October 9 нет, на М у меня стоит в Auth.Method - Pre Shared Key а так да, обычный site-to-site Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted October 9 Share Posted October 9 Тогда нужно выключить IKEv2-сервер на Keenetic, или в качестве ID с обоих сторон задать email например, а не IP-адреса. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.