[strongSwan] charon RSA tunnel setup speed hints?
Tobias Brunner
tobias at strongswan.org
Tue Aug 14 12:56:42 CEST 2012
Hi Richards,
> Having looked at the code. In backend_manager.c there appears to be a
> linear search through the peer table for candidates matching all the
> required criteria.
>
> Are there any alternative search implementations for larger peer sets?
No, currently not. Even for gateways handling thousands of tunnels a
few of simple road-warrior configs (right=%any etc.) are usually enough,
making this lookup very fast.
The problem in your case is probably that you have a config for each
client with rightcert=<clientcert> because each client has a self-signed
certificate. Issuing all these certificates from a common CA would
avoid this as only a single connection entry would be required to handle
all clients.
Regards,
Tobias
More information about the Users
mailing list