My question is if StrongSwan supports a simple RSA authentication based solely on RSA private/public key pairs without signed certificates? (as in the case of Racoon)
In an attempt to setup a simple strongswan VPN using RSA authentication I followed the example found here: http://www.strongswan.org/uml/testresults/ikev2/net2net-rsa/moon.ipsec.conf The only difference being server names, key content, auto=start, no CERTs and the fact that the setup is host2host and not net2net. The private key for each host is /etc/ipsec.d/private/<leftid>.pem and the public key is entered as text (RFC 3110 DNSKEY format) in the left|rightrsasigkey. Upon starting strongswan I received the following messages: loaded RSA private key from '/etc/ipsec.d/private/<leftid>.pem' ... charon: 13[LIB] building CRED_PUBLIC_KEY - RSA failed, tried 3 builders charon: 13[CFG] loading RSA public key for "<leftid>" failed charon: 13[LIB] building CRED_PUBLIC_KEY - RSA failed, tried 3 builders charon: 13[CFG] loading RSA public key for "<rightid>" failed charon: 04[IKE] no private key found for '<leftid>' ... Even though StrongSwan is able to load the private key it is not able find it later when it goes to use it. I would have assumed having: <leftid> : RSA <leftid>.pem would solve this but this only works after having build the entire PKI infrastructure with all involved certificates for each host. The loading of the public keys fails and I can only assume this is because certificates containing these keys are required in order to be able to use them as the same setup worked with a PKI infrastructure. thank you in advance for shedding some light on this question, James _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
