>No, strongSwan requires the peer identity to by verified by a >corresponding entry in the certificate. Certainly the Android >VPN client can be configured to use the Subject Distinguished >Name contained in the certificate as its identity.
I thought this was possible using raw rsa keys in ipsec.secrets? (the UML docs seem to say so, as does the patch you committed from a list comment about it, which seems to have made it into the upstream) .. that if the peer ID wasn't known it would associate it with a raw rsa key. That said .. I tried it (finally got correct format for raw keys using open/swan utilities) and still couldn't get it to work. I realize this is an "android is broken" sort of problem, but that answer seldom works for the boss. Regards, Michael Holstein Cleveland State University _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
