[strongSwan] Problem loading many private keys

Roberts Pakalns pakalns at gmail.com
Thu Apr 4 15:17:28 CEST 2019

Hi Tobias,

Thank you! I guess this answers it.

We're using Strongswan to simulate many unique ipsec peers to the same
firewall which acts as the hub. It's not a real life scenario.


On Thu, 4 Apr 2019 at 15:28, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Roberts,
> > Description: I want to set up 2000 IKEv2 cert based tunnels.
> And you need to use separate private keys for each tunnel to identify
> your peer/host?
> > Problem: After applying the configuration, I see that load of private
> > keys cannot finish as ipsec is restarting after 10s.
> That timeout is hardcoded in starter (invokecharon.c).  You could try
> charon-systemd/swanctl as alternative (but there might be a timeout too
> if the credentials are loaded via systemd unit).
> But again, why would you need to load that many private keys in the
> first place?
> Regards,
> Tobias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190404/ea0a850e/attachment.html>

More information about the Users mailing list