Update ikev2-howto.md (#1191)

2025-02-07 15:59:25 +03:00 · 2022-07-02 18:30:01 +03:00 · 2022-07-02 18:30:01 +03:00 · 92a68aa4f5
commit 92a68aa4f5
parent 12ea6f46c2
1 changed files with 33 additions and 16 deletions
--- a/docs/ikev2-howto.md
+++ b/docs/ikev2-howto.md
@ -368,6 +368,8 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti

 **Note:** These steps were contributed by [@Unix-User](https://github.com/Unix-User).

+It is recommended to use terminal command via SSH connection, eg via Putty.
+
 1. Securely transfer the generated `.p12` file to your computer.

   <details>
@ -380,6 +382,29 @@ If you get an error when trying to connect, see [Troubleshooting](#troubleshooti

 2. In WinBox, go to System > certificates > import. Import the `.p12` certificate file twice (yes, import the same file two times!). Verify in your certificates panel. You will see 2 files, the one that is marked KT is the key.

+   Or you can use terminal instead (empty passphrase):
+   ```bash
+   [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
+   passphrase:
+   
+     certificates-imported: 2
+     private-keys-imported: 0
+            files-imported: 1
+       decryption-failures: 0
+     keys-with-no-certificate: 0
+
+   [admin@MikroTik] > /certificate/import file-name=mikrotik.p12
+   passphrase:
+   
+        certificates-imported: 0
+        private-keys-imported: 1
+               files-imported: 1
+          decryption-failures: 0
+     keys-with-no-certificate: 0
+
+   ```
+   
+
   <details>
   <summary>
   Click to see screencast.
@ -397,23 +422,15 @@ Assuming that your local network behind RouterOS is `192.168.0.0/24`, you can us
 for the entire network, or use `192.168.0.10` for just one device, and so on.

   ```bash
-   /ip firewall address-list
-   add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
-   /ip ipsec mode-config
-   add name=ike2-rw responder=no src-address-list=local
-   /ip ipsec policy group
-   add name=ike2-rw
-   /ip ipsec profile
-   add name=ike2-rw
-   /ip ipsec peer
-   add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
-   /ip ipsec proposal
-   add name=ike2-rw pfs-group=none
-   /ip ipsec identity
-   add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
+   /ip firewall address-list add address=THESE_ADDRESSES_GO_THROUGH_VPN list=local
+   /ip ipsec mode-config add name=ike2-rw responder=no src-address-list=local
+   /ip ipsec policy group add name=ike2-rw
+   /ip ipsec profile add name=ike2-rw
+   /ip ipsec peer add address=YOUR_VPN_SERVER_IP_OR_DNS_NAME exchange-mode=ike2 name=ike2-rw-client profile=ike2-rw
+   /ip ipsec proposal add name=ike2-rw pfs-group=none
+   /ip ipsec identity add auth-method=digital-signature certificate=IMPORTED_CERTIFICATE generate-policy=port-strict mode-config=ike2-rw \
       peer=ike2-rw-client policy-template-group=ike2-rw
-   /ip ipsec policy
-   add group=ike2-rw proposal=ike2-rw template=yes
+   /ip ipsec policy add group=ike2-rw proposal=ike2-rw template=yes
   ```
 4. For more information, see [#1112](https://github.com/hwdsl2/setup-ipsec-vpn/issues/1112#issuecomment-1059628623).