I am trying to setup ikev2 with strongswan using a wildcard certificate.
The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa public key found '$IP'
did anyone face this issue ? if i understood correctly the public rsa key is the crt file which is the certs chain. I've added it but no luck.
The strongSwan Android app enforces that the configured server address/hostname is contained in the certificate as subjectAltName. If that's not the case you have to configure the server identity manually in the VPN profile, either to a subjectAltName that's actually contained in the certificate (if the server finds a config with that identity) or to the full subject DN of the server certificate (again the server has to find a config for that identity).
Generally, strongSwan doesn't support wildcard certificates (see e.g. #794). For instance, if the certificate contains *.example.com as subjectAltName strongSwan won't match vpn.example.com against that.
