[strongSwan] Problem loading many private keys

Roberts Pakalns pakalns at gmail.com
Fri Apr 5 10:25:12 CEST 2019


Thanks a lot for the tips!

Just wanted to update that I got it working with generating certificates
with one private key (as it's ok for this lab-only setup), so did not get
to load-tester or alternative ways how to load the keys, but will keep
those options in mind! :)


On Thu, 4 Apr 2019 at 21:49, Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:

> Hi,
> To keep this in a thread.
> "Just" either use swanctl or move your configs, keys and such into ipsec.d
> and subdirectories after strongSwan was already started.
> The variant using swanctl/vici is to just translate your config to use it
> instead.
> For VICI, you can just load new configs, keys and certificates into the
> daemon when you want to establish a new IKE_SA and CHILD_SA.
> I got a python script here doing that, albeit for another purpose. It's
> relatively simple. The best approach would be to just use the load-tester
> though, as Tobias suggested. It does exactly what you want.
> Am 04.04.19 um 17:03 schrieb Tobias Brunner:
> > Hi Roberts,
> >
> >> Ah, ok, you're suggesting to use a single private key and use it for the
> >> CSRs/Certificates?
> >
> > That's what our load-tester plugin does [1].
> >
> > Regards,
> > Tobias
> >
> > [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests
> >

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190405/3a849f5d/attachment.html>

More information about the Users mailing list