Hi,

I'm trying to set up a RouterOS VPN client for an IPSec VPN that uses PSK Authentication for the Client -> Server path, and Certificate auth for the Server -> Client direction. Is it possible with RouterOS?

The Server Certificate is installed in System/Certificates, NTP is sync and the certificate is trusted and valid.

I configured PSK AuthType in Ipsec-Identities, but the Server is trying to do an RSA Auth and it fails because the RouterOS client is expecting also a PSK Auth from the server.

I have following logs at the Client:
ipsec requested auth method: RSA
ipsec,error requested auth method does not match config

Server Side:
received packet: from {$IP_CLIENT}[4500] to {$VPNGW}[4500] (288 bytes)
parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]


I have a lot of StrongSwan clients do work with following config:
root@vpnclient:~# cat /etc/ipsec.conf
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
auto=route
auto=start
compress=no
type=tunnel
fragmentation=yes
forceencaps=yes
ike=aes128-sha256-ecp256!
esp=aes256gcm128!
dpdaction=restart
dpddelay=30s
dpdtimeout=150s
closeaction=restart

conn asdf
leftsourceip=%config
right={$VPNGW}
rightsubnet=10.2.0.0/16
rightcert=/etc/ipsec.d/server.pem
leftauth=secret
leftid=@{$MY_ID}
esp=aes256gcm128!

The Complete logs and IPSec config are attached to this post.

Thank you!