RouterOS as client

[alicetails]

Hi! Thanks for good server setup.

I have a question about RouerOS setup as client for this server.
Here is my config:

/ip ipsec policy group
add name=ikev2
/ip ipsec policy
add dst-address=<my_server> peer=IKEv2-1 proposal=ikev2 src-address=\
    0.0.0.0/0 tunnel=yes

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 pfs-group=ecp384
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm name=ikev2 \
    pfs-group=ecp384

/ip ipsec peer
add address=<my_server> disabled=yes exchange-mode=ike2 name=IKEv2-1 \
    profile=ikev2
    
/ip ipsec identity
add auth-method=eap certificate="" disabled=no eap-methods=eap-mschapv2 peer=\
    IKEv2-1 policy-template-group=group1 remote-certificate=ikev2 username=\
    <myuser>
    
 
/ip ipsec profile
set [ find default=yes ] dh-group=ecp256,ecp384,modp2048 enc-algorithm=\
    aes-256,aes-192,aes-128
add dh-group=ecp384 enc-algorithm=aes-256 hash-algorithm=sha384 name=ikev2 \
    prf-algorithm=sha384

remote-certificate=ikev2 is /etc/ipsec.d/cacerts/chain.pem from server

But connection is not establing, in logs got:

killing ike2 SA:::ffff:<my_ip> <->::ffff:<my_server>

What am I doing wrong?

Router model is RB2011UiAS, RouterOS 7.5

[jawj]

Try sudo tail -f /var/log/syslog on the server before and while connecting. This will usually give you a clue why a connection is not being established.