I’d like to ask for supporting raw RSA public keys with IKEv2. Right now configuring any IPsec peer with exchange-mode=ikev2 and auth-method=rsa-key fails with error message “Unsupported auth method by IKEv2”, but that needn’t be the case: there is a well-defined way of using raw RSA keys in IKEv2.

In fact, there are two well-defined ways: the deprecated Certificate Encoding type 11 (introduced in RFC 4306, present in RFC 5996, deprecated in the current RFC 7926) which admits only RSA keys (internally transmitting a DER-encoded RSAPublicKey structure as the Certificate Data), and the new Certificate Encoding type 15 (defined in RFC 7670) which admits any public keys (internally transmitting a DER-encoded SubjectPublicKeyInfo structure as the Certificate Data). As far as I can see, strongSwan only supports the former for now, so that is what I’d prefer, but that’s your choice. Supporting both shouldn’t be difficult, though, because, as RFC 7670 discusses, there’s actually only a small amount of ASN.1 to do there.