[strongSwan] "verify_cert off" (racoon) possible in StrongSwan?

Michael Holstein michael.holstein at csuohio.edu
Wed Jul 6 20:43:10 CEST 2011

Racoon has a proposal directive of "verify_cert off" (ignore the peer
identity, but still must be signed by a CA in the directory) .. this is
the only way to make borked Android devices connect (since they send
ID_IPV4 as their IKE identity).

Is there a similar directive to make Strongswan do this?

Yes, I realize all the reasons why you wouldn't want to do that, since
Strongswan was built for its certificate support.


Michael Holstein
Cleveland State University

More information about the Users mailing list