Mikrotik - IKEv2

Step 1

Get your VPN Credentials and CA certificate.
How to get the VPN Credentials and the CA certificate:
  • Ask your GoodAccess admin to provide you with your credentials and the CA certificate.
  • Or become a GoodAccess admin by activating your own team.

Step 2

Make sure that your Mikrotik's firmware is RouterOS 6.46 or higher.
Upload the CA Certificate to the Mikrotik files (you can drag & drop the file or use the upload button).
Optionally, define your local network (DHCP server).

‍Step 3

Open the Mikrotik Terminal and download the following script using the fetch tool:
/tool fetch url=

Step 4

Run the script:
/import ga-setup.rsc

‍Step 5

Enter your VPN username ([email protected]):
Then VPN password:
GoodAccess VPN password value: •••••••••••••

‍Step 6

Add your Gateway address (hostname):
GoodAccess address (hostname):

Step 7

‍In the next two steps, you will be asked for your local network and the name of the certificate.
Check if the information in the brackets is correct and press Enter. Alternatively, make adjustments and confirm when done.
What is your local network []
value:What is CA certificate name [ca.crt]
You will be connected to GoodAccess GW in few seconds
Script file loaded and executed successfully

Step 8

Congratulations! Now you are connected to GoodAccess and can securely access your protected systems.
You can manage the connection in IP -> IPSec -> Peers by enabling / disabling the peer and check connection status in IP -> IPSec -> Active peers.