[strongSwan] Problem loading many private keys

Tobias Brunner tobias at strongswan.org
Thu Apr 4 14:28:14 CEST 2019

Hi Roberts,

> Description: I want to set up 2000 IKEv2 cert based tunnels.

And you need to use separate private keys for each tunnel to identify
your peer/host?

> Problem: After applying the configuration, I see that load of private
> keys cannot finish as ipsec is restarting after 10s.

That timeout is hardcoded in starter (invokecharon.c).  You could try
charon-systemd/swanctl as alternative (but there might be a timeout too
if the credentials are loaded via systemd unit).

But again, why would you need to load that many private keys in the
first place?


More information about the Users mailing list