nvm, my understanding of local and remote was reversed.
> On Nov 5, 2019, at 12:28 AM, Glen Huang <[email protected]> wrote:
>
> From rfc7296 it says
>
>> There is no requirement that the initiator and responder sign with the same
>> cryptographic algorithms. The choice of cryptographic algorithms depends on
>> the type of key each has. In particular, the initiator may be using a
>> shared key while the responder may have a public signature key and
>> certificate.
>
> But I tried a local pubkey with remote psk config on a strongswan server, it
> complained with "constraint requires pre-shared key authentication, but
> public key was used”.
>
> The packets sent by clients just contained a RSA Digital Signature
> Authentication payload followed by the Certificate payload. Nothing in the
> packets said it demanded the server to authenticate itself with public key
> AFAIK.
>
> All the pubkey config examples on site use symmetrical pubkey authentications.
>
> I wonder does strongswan require symmetrical pubkey authentications?
