[strongSwan] Problem loading many private keys

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Apr 4 20:49:02 CEST 2019


To keep this in a thread.

"Just" either use swanctl or move your configs, keys and such into ipsec.d and subdirectories after strongSwan was already started.
The variant using swanctl/vici is to just translate your config to use it instead.
For VICI, you can just load new configs, keys and certificates into the daemon when you want to establish a new IKE_SA and CHILD_SA.
I got a python script here doing that, albeit for another purpose. It's relatively simple. The best approach would be to just use the load-tester though, as Tobias suggested. It does exactly what you want.

Am 04.04.19 um 17:03 schrieb Tobias Brunner:
> Hi Roberts,
>> Ah, ok, you're suggesting to use a single private key and use it for the
>> CSRs/Certificates?
> That's what our load-tester plugin does [1].
> Regards,
> Tobias
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190404/b0402eba/attachment-0001.sig>

More information about the Users mailing list