Hello, Description: I want to set up 2000 IKEv2 cert based tunnels.
Problem: After applying the configuration, I see that load of private keys cannot finish as ipsec is restarting after 10s. Apr 4 02:23:13 debian charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-4-686-pae, i686) Apr 4 02:23:13 debian charon: 00[KNL] unable to create IPv4 routing table rule Apr 4 02:23:13 debian charon: 00[KNL] unable to create IPv6 routing table rule Apr 4 02:23:13 debian charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Apr 4 02:23:13 debian charon: 00[CFG] loaded ca certificate "C=XX, ST=XXXXX, L=XXXXX, O=XXXXX, OU=XXXX, CN=XXXXXXXXXX, E=XXXXXXXXXXX" from '/etc/ipsec.d/cacerts/cacert.pem' Apr 4 02:23:13 debian charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Apr 4 02:23:13 debian charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Apr 4 02:23:13 debian charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Apr 4 02:23:13 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Apr 4 02:23:13 debian charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Apr 4 02:23:13 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0000.pem' Apr 4 02:23:13 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0001.pem' Apr 4 02:23:13 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0002.pem' ... omitted ... Apr 4 02:23:23 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0442.pem' Apr 4 02:23:23 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0443.pem' Apr 4 02:23:23 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/private-0444.pem' Apr 4 02:23:28 debian charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-4-686-pae, i686) Apr 4 02:23:28 debian charon: 00[KNL] unable to create IPv4 routing table rule Apr 4 02:23:28 debian charon: 00[KNL] unable to create IPv6 routing table rule Apr 4 02:23:28 debian charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Question: Do you have some suggestions where can I lift this 10s limitation? Or any other ideas how could I reach loaded 2000 keys. Tried to search and went through charon.conf, but apparently, I'm still missing it. Thanks, Roberts
