Hello,
I’ve been trying to configure IKEv2 on my OpenWRT router using StrongSwan, but I keep encountering an issue where the connection fails due to "no trusted RSA public key found" for the VPN server. Here is an overview of what I’ve done so far:
-
System and Software:
- Router: OpenWRT
- VPN Protocol: IKEv2 using StrongSwan
- Configured following IVPN’s Linux IPSec IKEv2 guide (https://www.ivpn.net/setup/linux-ipsec-with-ikev2/)
-
Certificates:
- Downloaded and installed all the required certificates as per IVPN's guide:
isrgrootx1.pemlets-encrypt-r3.pemlets-encrypt-x3-cross-signed.pemletsencryptauthorityx3.pem
- Combined the certificates into one file and pointed
rightcato that file in my configuration. - Verified the certificates using
ipsec listcacerts, and they appear to be installed correctly.
- Downloaded and installed all the required certificates as per IVPN's guide:
-
Configuration:
Here’s the relevant section of my configuration file:conn ivpn keyexchange=ikev2 keyingtries=%forever dpdaction=restart dpddelay=300s inactivity=36000s rekey=no forceencaps=yes authby=secret ike=aes256-sha256-modp2048 esp=aes256-sha256 leftfirewall=yes left=192.168.1.1 leftsourceip=%config leftsendcert=always leftauth=eap-mschapv2 rightfirewall=yes rightauth=pubkey right=se1.gw.ivpn.net rightid=se1.gw.ivpn.net rightsubnet=0.0.0.0/0 rightsendcert=always eap_identity="i-XXXX-XXXX-XXXX" type=tunnel auto=add -
Issues:
When attempting to establish the connection, I receive the following error message:no trusted RSA public key found for '80.67.10.138'Despite downloading and installing the certificates properly, the VPN server does not seem to trust the certificate or there is some other issue with the authentication process.
-
Tried Solutions:
- Tried adjusting the
leftidandrightidto ensure they match the server’s identity. - Verified certificates and the chain, all seem correct.
- Attempted to switch to
swanctlas recommended, but the issue persists.
- Tried adjusting the