<html><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:12pt"><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Hi All,<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"> </div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><div class="MsoNormal" style="margin: 0in 0in 10pt;"><font face="Times New Roman" size="3">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>I am using the load tester plugin (strongswan
5.0.4) to create 10,000 IPsec tunnels (without traffic) successfully. In order
to accomplish 10k IPsec tunnels, changed the
“/proc/sys/net/core/xfrm_acq_expires” from 165 to 9000 seconds. I have disabled
the logging by configuring the default to -1 in filelog section of
strongswan.conf at both ends. But I observed very slow IPsec tunnel setup rate
(about 5-6 tunnels per second). I found from the following web link i.e., <a href="https://lists.strongswan.org/pipermail/users/2009-December/004184.html">https://lists.strongswan.org/pipermail/users/2009-December/004184.html</a>
that, Mr. Martin has measured 200+ tunnel negotiations/second (1 IKE + 1
CHILD_SA). Any suggestions are greatly appreciated.</span></div></span><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Here goes my configuration for IKE Initiator as
well as IKE Responder.</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'></span> </div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='color: black; line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>IKE Initiator</span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>strongswan.conf<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>threads = 16</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>replay_window =
32</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>dos_protection = no</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>block_threshold=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>cookie_threshold=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>init_limit_half_open=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>retransmit_timeout=60</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>retransmit_tries=60</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>install_virtual_ip=no</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>install_routes=no</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>close_ike_on_child_failure=yes</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>ikesa_table_size
= 1024</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>ikesa_table_segments = 16</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>reuse_ikesa = no<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>ipsec.secrets<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>@srv.strongswan.org %any : PSK "strongSwan"<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>load-tester {<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>enable = yes</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>initiators = 100</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>iterations = 100</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>delay
= 20</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>responder = 30.30.30.21</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>initiator_tsr =40.0.0.1</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>proposal = aes128-sha1-modp1024</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>initiator_auth = psk</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>responder_auth = psk</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>request_virtual_ip = yes</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>ike_rekey = 0</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>child_rekey = 0</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>delete_after_established = no</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>shutdown_when_complete = no<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>}<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>IKE<span style="mso-spacerun: yes;"> </span>Responder<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>strongswan.conf<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>threads = 16</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>replay_window = 32</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>block_threshold=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>cookie_threshold=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span
style="mso-spacerun: yes;"> </span>init_limit_half_open=9000</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'></span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"><span class="tab"> </span></span>half_open_timeout=9000<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>dos_protection =
no<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>close_ike_on_child_failure=yes<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>ikesa_table_size
= 512<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>ikesa_table_segments = 16<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>reuse_ikesa = no<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p> </o:p></span></div><div><font face="Times New Roman">
</font></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>ipsec.conf<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>conn %default<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>ikelifetime=24h</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>keylife=23h</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>rekeymargin=5m</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>keyingtries=1</span></div><div class="MsoNormal" style="margin: 0in 0in
10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>keyexchange=ikev2</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>ike=aes128-sha1-modp1024!</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>mobike=no</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p> </o:p></span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p></o:p></span><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>conn host-host</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>left=30.30.30.21</span></div><div
class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span>leftsubnet=40.0.0.1/8</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>rightid=%any</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>leftauth=psk</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>leftfirewall=yes<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>rightsourceip=10.0.0.0/8<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;">
</span><a href="mailto:leftid=@srv.strongswan.org">leftid=@srv.strongswan.org</a></span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>rightauth=psk</span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>type=tunnel<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>authby=secret<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>rekey=no<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>reauth=no<o:p></o:p></span></div><div><font face="Times New Roman">
</font><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><span style="mso-spacerun: yes;"> </span>auto=add<o:p></o:p></span></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"> </div><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><div class="MsoNormal" style="margin: 0in 0in 10pt;"> </div><o:p><div class="MsoNormal" style="margin: 0in 0in 10pt;"> <font face="Times New Roman" size="3">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Regards,<o:p></o:p></span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><font face="Times New Roman" size="3">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'>Chinmaya<o:p></o:p></span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><font face="Times New Roman" size="3">
</font></div></o:p><div class="MsoNormal" style="margin: 0in 0in 10pt;"></div></span><div class="MsoNormal" style="margin: 0in 0in 10pt;"></div><div><font face="Times New Roman">
</font></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style='line-height: 115%; font-family: "Comic Sans MS"; font-size: 10pt;'><o:p> </o:p></span></div><div><font face="Times New Roman">
</font></div></div></body></html>