[strongSwan] "no RSA public key known" but ID is correct / even with "rightcert"

Michael O Holstein michael.holstein at csuohio.edu
Sun Dec 19 19:08:22 CET 2010

>No, strongSwan requires the peer identity to by verified by a
>corresponding entry in the certificate. Certainly the Android
>VPN client can be configured to use the Subject Distinguished
>Name contained in the certificate as its identity.

I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key.

That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work.

I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss.


Michael Holstein
Cleveland State University

More information about the Users mailing list