Hi Tobias, Thank you! I guess this answers it.
We're using Strongswan to simulate many unique ipsec peers to the same firewall which acts as the hub. It's not a real life scenario. Thanks, Roberts On Thu, 4 Apr 2019 at 15:28, Tobias Brunner <[email protected]> wrote: > Hi Roberts, > > > Description: I want to set up 2000 IKEv2 cert based tunnels. > > And you need to use separate private keys for each tunnel to identify > your peer/host? > > > Problem: After applying the configuration, I see that load of private > > keys cannot finish as ipsec is restarting after 10s. > > That timeout is hardcoded in starter (invokecharon.c). You could try > charon-systemd/swanctl as alternative (but there might be a timeout too > if the credentials are loaded via systemd unit). > > But again, why would you need to load that many private keys in the > first place? > > Regards, > Tobias > -- Roberts
