[strongSwan] "no RSA public key known" but ID is correct / even with "rightcert"
Michael O Holstein
michael.holstein at csuohio.edu
Sun Dec 19 19:08:22 CET 2010
>No, strongSwan requires the peer identity to by verified by a
>corresponding entry in the certificate. Certainly the Android
>VPN client can be configured to use the Subject Distinguished
>Name contained in the certificate as its identity.
I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key.
That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work.
I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss.
Cleveland State University
More information about the Users