Hi Richards, > Having looked at the code. In backend_manager.c there appears to be a > linear search through the peer table for candidates matching all the > required criteria. > > Are there any alternative search implementations for larger peer sets?
No, currently not. Even for gateways handling thousands of tunnels a few of simple road-warrior configs (right=%any etc.) are usually enough, making this lookup very fast. The problem in your case is probably that you have a config for each client with rightcert=<clientcert> because each client has a self-signed certificate. Issuing all these certificates from a common CA would avoid this as only a single connection entry would be required to handle all clients. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
