[strongSwan] "no RSA public key known" but ID is correct / even with "rightcert"

Michael O Holstein michael.holstein at csuohio.edu
Sun Dec 19 19:08:22 CET 2010


>No, strongSwan requires the peer identity to by verified by a
>corresponding entry in the certificate. Certainly the Android
>VPN client can be configured to use the Subject Distinguished
>Name contained in the certificate as its identity.

I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key.

That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work.

I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss.

Regards,

Michael Holstein
Cleveland State University




More information about the Users mailing list