Mikrotik Setup
Certificate Setup
IPSEC Setup
Client Setup
Android
Certificate Import
Native v14 client
dosent like DNS server names for what ever reason
StrongSWAN Client
Windows
Certificate Import
place in Personal Machine Store, Move CA to trusted
Regedit required to setr DH2048 with AES256
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD (32bit) NegotiateDH2048_AES256 value of 2
References
https://mum.mikrotik.com/presentations/MY19/presentation_7008_1560543676.pdf
https://forum.mikrotik.com/viewtopic.php?t=151259
https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html