Samizdat's VPN is based on StrongSwan.

A StrongSwan RSA key is encoded as an OpenPGP subkey with a notation "usage@=ipsec".

Currently, Samizdat edits the StrongSwan configuration file to add support for the key. In the future, Samizdat will use IPSECKEY records in the DNS to distribute these keys without having to edit configuration files.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718298