[strongSwan] "no RSA public key known" but ID is correct / even with "rightcert"
develop at imagmbh.de
Sun Dec 19 20:12:01 CET 2010
I think the IKEv2-port to android is only one half of the solution.
Because of the internal structure I need l2tp, too. And it would be some
work to implement xl2tpd and pppd. Updating the phone should be easier ;-)
As far as I know the android does not support raw rsa keys as well. For
the meantime I will use simple PSK (that works, tested yesterday) and
patch the new 2.2 android firmware. If a colleague will leave the
company, we will have to change the PSK. But I hope to patch the phones
in the next month.
Thanks a lot for your help!
Am 19.12.2010 19:08, schrieb Michael O Holstein:
>> No, strongSwan requires the peer identity to by verified by a
>> corresponding entry in the certificate. Certainly the Android
>> VPN client can be configured to use the Subject Distinguished
>> Name contained in the certificate as its identity.
> I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key.
> That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work.
> I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss.
> Michael Holstein
> Cleveland State University
More information about the Users