[strongSwan] IKEv1 - Authentication Methods - RFC 2409 Public Key Encryption support in Strongswan

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 28 11:20:40 CEST 2011

Hello Emil,

to my best knowledge nobody implemented IKEv1 public key encryption
and therefore strongSwan didn't either. Everyone is using digital

Best regards


On 06/28/2011 02:38 AM, Emil Salib wrote:
> Hello,
> My question is to do with IKEv1 Phase 1 Authentication. RFC 2409 specifies 4
> different Authentications: A shared secret, A digital signature, Public key
> encryption and Revised public key encryption. Using StrongSwan 4.4.0, I was able
> to set up net2net PSK , net2net digital signature using both RAW RSA and X.509
> certificates.  Is there a way to set up a net2net with the 2409 public key
> encryption authentication method (where the ID and Nonce in the second and third
> ISKAMP (main mode) messages are encrypted) using StrongSwan?
> Thanks
> Emil 

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list