[strongSwan] Problem loading many private keys

Roberts Pakalns pakalns at gmail.com
Thu Apr 4 15:22:34 CEST 2019


Hi Tobias,

Ah, ok, you're suggesting to use a single private key and use it for the
CSRs/Certificates? Have not tried to use it before, but this is a test
environment, so that could work.

Thanks,
Roberts

On Thu, 4 Apr 2019 at 16:17, Roberts Pakalns <pakalns at gmail.com> wrote:

> Hi Tobias,
>
> Thank you! I guess this answers it.
>
> We're using Strongswan to simulate many unique ipsec peers to the same
> firewall which acts as the hub. It's not a real life scenario.
>
> Thanks,
> Roberts
>
>
> On Thu, 4 Apr 2019 at 15:28, Tobias Brunner <tobias at strongswan.org> wrote:
>
>> Hi Roberts,
>>
>> > Description: I want to set up 2000 IKEv2 cert based tunnels.
>>
>> And you need to use separate private keys for each tunnel to identify
>> your peer/host?
>>
>> > Problem: After applying the configuration, I see that load of private
>> > keys cannot finish as ipsec is restarting after 10s.
>>
>> That timeout is hardcoded in starter (invokecharon.c).  You could try
>> charon-systemd/swanctl as alternative (but there might be a timeout too
>> if the credentials are loaded via systemd unit).
>>
>> But again, why would you need to load that many private keys in the
>> first place?
>>
>> Regards,
>> Tobias
>>
>
>
> --
> Roberts
>


-- 
Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190404/be70d128/attachment.html>


More information about the Users mailing list