I successfully have IKEv2 working with
iked using RSA keys and X.509 certificates and CAs. However, when I try to use ECDSA keys instead of RSA, I get:
Code:
# iked -dvv
ca_key_serialize: unsupported key type 408
fatal: ca: failed to serialize private key
ikev2 exiting
ikev1 exiting
Looking at the offending source code in
/usr/src/sbin/iked/ca.c, the CA portion will only recognizes RSA keys.
Are there any plans to support ECDSA keys in
iked. Other daemons like
sshd already support ECDSA keys.
I'm currently running 5.2-stable, but 5.3-current has same issue.
Thanks.