# Add these 2 rules before "fasttrack" rule in FORWARD chain ip firewall filter add action=accept chain=input comment="Allow IPSEC/IKE2 connections" dst-port=500,4500 protocol=udp
# Add this rule before action=drop rule in INPUT chain certificate export-certificate "Home client1" file-name="Home client1" type=pkcs12 export-passphrase=1234567890 certificate sign "Home client1" ca="Home CA" certificate add name="Home client1" common-name="Home client1" key-size=4096 days-valid=3650 key-usage=tls-client # Create client certificate, sign it and export it as PKCS12 keystore (contains client certificate, client private key and CA) certificate sign "Home server" ca="Home CA"
certificate add name="Home server" common-name="Home server" subject-alt-name="DNS:XXXXXXXXXXX.sn." key-size=4096 days-valid=3650 key-usage=tls-server # Create server certificate and sign it (Replace "XXXXXXXXXXX.sn." with your DNS from "/ip cloud" otherwise some IKE2 clients would fail to connect) certificate add name="Home CA" common-name="Home CA" key-size=4096 days-valid=7300 key-usage=key-cert-sign,crl-sign Code: Select all # Create CA certificate and sign it
0 kommentar(er)
