[strongSwan] "no RSA public key known" but ID is correct / even with "rightcert"

Develop develop at imagmbh.de
Sun Dec 19 20:12:01 CET 2010

I think the IKEv2-port to android is only one half of the solution. 
Because of the internal structure I need l2tp, too. And it would be some 
work to implement xl2tpd and pppd. Updating the phone should be easier ;-)

As far as I know the android does not support raw rsa keys as well. For 
the meantime I will use simple PSK (that works, tested yesterday) and 
patch the new 2.2 android firmware. If a colleague will leave the 
company, we will have to change the PSK. But I hope to patch the phones 
in the next month.

Thanks a lot for your help!



Am 19.12.2010 19:08, schrieb Michael O Holstein:
>> No, strongSwan requires the peer identity to by verified by a
>> corresponding entry in the certificate. Certainly the Android
>> VPN client can be configured to use the Subject Distinguished
>> Name contained in the certificate as its identity.
> I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key.
> That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work.
> I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss.
> Regards,
> Michael Holstein
> Cleveland State University

More information about the Users mailing list