[strongSwan] Problem loading many private keys
Roberts Pakalns
pakalns at gmail.com
Thu Apr 4 15:17:28 CEST 2019
Hi Tobias,
Thank you! I guess this answers it.
We're using Strongswan to simulate many unique ipsec peers to the same
firewall which acts as the hub. It's not a real life scenario.
Thanks,
Roberts
On Thu, 4 Apr 2019 at 15:28, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Roberts,
>
> > Description: I want to set up 2000 IKEv2 cert based tunnels.
>
> And you need to use separate private keys for each tunnel to identify
> your peer/host?
>
> > Problem: After applying the configuration, I see that load of private
> > keys cannot finish as ipsec is restarting after 10s.
>
> That timeout is hardcoded in starter (invokecharon.c). You could try
> charon-systemd/swanctl as alternative (but there might be a timeout too
> if the credentials are loaded via systemd unit).
>
> But again, why would you need to load that many private keys in the
> first place?
>
> Regards,
> Tobias
>
--
Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190404/ea0a850e/attachment.html>
More information about the Users
mailing list