@Andreas I think the IKEv2-port to android is only one half of the solution. Because of the internal structure I need l2tp, too. And it would be some work to implement xl2tpd and pppd. Updating the phone should be easier ;-)
@Michael As far as I know the android does not support raw rsa keys as well. For the meantime I will use simple PSK (that works, tested yesterday) and patch the new 2.2 android firmware. If a colleague will leave the company, we will have to change the PSK. But I hope to patch the phones in the next month. Thanks a lot for your help! Regards, Martin Am 19.12.2010 19:08, schrieb Michael O Holstein: >> No, strongSwan requires the peer identity to by verified by a >> corresponding entry in the certificate. Certainly the Android >> VPN client can be configured to use the Subject Distinguished >> Name contained in the certificate as its identity. >> > I thought this was possible using raw rsa keys in ipsec.secrets? (the UML > docs seem to say so, as does the patch you committed from a list comment > about it, which seems to have made it into the upstream) .. that if the peer > ID wasn't known it would associate it with a raw rsa key. > > That said .. I tried it (finally got correct format for raw keys using > open/swan utilities) and still couldn't get it to work. > > I realize this is an "android is broken" sort of problem, but that answer > seldom works for the boss. > > Regards, > > Michael Holstein > Cleveland State University > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
