Hi, Thanks a lot for the tips!
Just wanted to update that I got it working with generating certificates with one private key (as it's ok for this lab-only setup), so did not get to load-tester or alternative ways how to load the keys, but will keep those options in mind! :) Roberts On Thu, 4 Apr 2019 at 21:49, Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: > Hi, > > To keep this in a thread. > > "Just" either use swanctl or move your configs, keys and such into ipsec.d > and subdirectories after strongSwan was already started. > The variant using swanctl/vici is to just translate your config to use it > instead. > For VICI, you can just load new configs, keys and certificates into the > daemon when you want to establish a new IKE_SA and CHILD_SA. > I got a python script here doing that, albeit for another purpose. It's > relatively simple. The best approach would be to just use the load-tester > though, as Tobias suggested. It does exactly what you want. > > > Am 04.04.19 um 17:03 schrieb Tobias Brunner: > > Hi Roberts, > > > >> Ah, ok, you're suggesting to use a single private key and use it for the > >> CSRs/Certificates? > > > > That's what our load-tester plugin does [1]. > > > > Regards, > > Tobias > > > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests > > > > -- Roberts