when I try RUT950 (cellular Internet, not-fixed-IP) and Mikrotik RB760 (public-fixed-IP) => mikrotik always complains about “identity not found for peer: ADDR4: 192.168.46.1”. Tried all “MyID” options: address, auto, fqdn. user fqdn … none works!?
I’ve changed the settings to ikev1 in teltonika and main in mikrotik. Result: no errors about identities, BUT:
it seems that phase1 passed (ISAKMP-SA established but immediately is purged);
checked all settings in both routers …
not sure about using SHA256-gcm (mikrotik) and SHA256-gcm16 (teltonika) - are equivalent?
not sure about NAT-Traversal for teltonika (there’s no settings regarding this feature but required as tektonika uses a cellular SIM-card without public-ip).
No, you cannot use Wireguard with RouterOS 6.x
I have no specific experience with IPsec between Teltonika and MikroTik, but I recognize the problem you see with the identities and it does not happen with IKEv1.
No idea why it does not work, I use IPsec between MikroTik routers and between MikroTik and generic Linux machines (both with racoon and *swan) and it works OK.
Also with IKEv2 but in that case you have to be able to configure an acceptable identity that remains constant.
Do you know if Mikrotik RB760iGS supports ROS7 without problems?
BTW. I’ve tried to install v7 on a 2years old CAP and I’ve got problems (no WiFi interfaces…) then I downgraded back to 6.x
However, this is the wrong Community here to discuss this.
I suggest you invest a bit of time to bring your hEX S to ROS7 and read into Wireguard.
Once you successfully configured it (and it’s really easy) I promise you, you’ll never look back to IPSec (except very special usecases of course).
But for S2S and mobile connections, nothing better than that!
As for wireless, Mikrotik is c***p.
I don’t know your usecase.
Go for something easy to manage like Aruba Instant On, TP-Link Omada, Ubiquiti UniFi, etc.