Tag Archives: ikev2

MikroTik IKEv2 setup with FastestVPN.com

These instructions are based on the tutorial written by MikroTik here.

First, download the UserTrust RootCA which fastestvpn servers use. The Mikrotik routes likes its certificates in .der file so if you could not get it, download one in .pem and simply rename the file to .der and upload it to the router using the Files button. Once it is uploaded, you can use this to import it:

**You can get the .pem certificate from here.

/certificate import file-name=NameOfTheCertFile.DER

Allow incoming connections to udp 500 and 4500 on your firewall
Make sure to add it before your explicit drop in the list if you have one set.

/ip firewall filter
add action=accept chain=input dst-port=500,4500 protocol=udp

Add an addresslist with the ips which are desired to be routed on this vpn. For me I wanted one whole subnet.

/ip firewall address-list
add address=192.168.234.0/24 list=vpn_hosts

Now configure the IPSec vpn

/ip ipsec mode-config
add name=FastVPN responder=no src-address-list=vpn_hosts use-responder-dns=yes
/ip ipsec policy group
add name=FastVPN
/ip ipsec profile
add name=FastVPN
/ip ipsec peer
add address=SERVER-HOSTNAME exchange-mode=ike2 name=FastVPN profile=FastVPN
/ip ipsec proposal
add name=FastVPN pfs-group=none
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=FastVPN peer=FastVPN policy-template-group=FastVPN username=FASTESTVPN.COM_USERNAME password=FASTESTVPN.COM_PASSWORD
/ip ipsec policy
add dst-address=0.0.0.0/0 group=FastVPN proposal=FastVPN src-address=0.0.0.0/0 template=yes

**Now you should be able to see the SAs under here:

/ip/ipsec/installed-sa/print

Congratulations, you are connected to the IPSec VPN

**If you do not see the 2 SAs then you might need to look at the log. If it is saying that it failed to authorise or just keep on disconnecting, then check your password again and try another server location.