[strongSwan] Problem loading many private keys
pakalns at gmail.com
Thu Apr 4 15:17:28 CEST 2019
Thank you! I guess this answers it.
We're using Strongswan to simulate many unique ipsec peers to the same
firewall which acts as the hub. It's not a real life scenario.
On Thu, 4 Apr 2019 at 15:28, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Roberts,
> > Description: I want to set up 2000 IKEv2 cert based tunnels.
> And you need to use separate private keys for each tunnel to identify
> your peer/host?
> > Problem: After applying the configuration, I see that load of private
> > keys cannot finish as ipsec is restarting after 10s.
> That timeout is hardcoded in starter (invokecharon.c). You could try
> charon-systemd/swanctl as alternative (but there might be a timeout too
> if the credentials are loaded via systemd unit).
> But again, why would you need to load that many private keys in the
> first place?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users