[strongSwan] charon RSA tunnel setup speed hints?

Tobias Brunner tobias at strongswan.org
Tue Aug 14 12:56:42 CEST 2012

Hi Richards,

> Having looked at the code. In backend_manager.c there appears to be a
> linear search through the peer table for candidates matching all the
> required criteria.
> Are there any alternative search implementations for larger peer sets?

No, currently not.  Even for gateways handling thousands of tunnels a
few of simple road-warrior configs (right=%any etc.) are usually enough,
making this lookup very fast.
The problem in your case is probably that you have a config for each
client with rightcert=<clientcert> because each client has a self-signed
certificate.  Issuing all these certificates from a common CA would
avoid this as only a single connection entry would be required to handle
all clients.


More information about the Users mailing list