[Openswan Users] ipsec restart slow with many certs

ted leslie tleslie at tcn.net
Fri Jul 21 21:48:35 CEST 2006

i just added certs (500 x.509 based connections) to my  open swan
and it took 4.5 minutes to reset, and read in and do whatever it does with the
ipsec.conf that contained those 500 entries.

Thats a fairly long time,
its only a single cpu 2.0GHZ intel and it was at 95%-100% load  the entire 4.5 minutes,
i am a bit conserned now, but when i want to add 20,000 certs, i am starting to 
see that this will be an issue! like a day to resstart openswan!

any one have any thoughts.

and to add a new cert, who want to have the ipsec down for 5 minutes while you add one
and restart if you just even have only 500 x.509 certs in it.

at least crl is usefull to nuke one without having to reset the server but ....


More information about the Users mailing list