<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div></div><span id="yui_3_16_0_1_1432094129614_103115"><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">Hi Martin,</font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">Thank you
for this information. </font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">We have modified
the strongswan (5.2.2) code to bypass the strongSwan's IPsec Linux kernel
interface. We do have on our own SPD and SAD table. As per the implementation,
an SPD entry would contain the destination IP as selector field and uses the
same as a key to search the SPD table. In install() function (src/libcharon/sa/child_sa.c),
we populate the SPD based upon the dst_ts->get_from_address(dst_ts). </font></span></div><div><font face="Times New Roman">
</font></div><div id="yui_3_16_0_1_1432094129614_103124" style="margin: 0in 0in 10pt;"><span id="yui_3_16_0_1_1432094129614_103123" style="line-height: 115%; font-size: 12pt;"><font id="yui_3_16_0_1_1432094129614_103122" face="Calibri">At IKE Initiator
end, it will have same destination IP address for all the Child SAs. It results into one
SPD entry. </font></span></div><div><font face="Times New Roman">
</font></div><div id="yui_3_16_0_1_1432094129614_103121" style="margin: 0in 0in 10pt;"><span id="yui_3_16_0_1_1432094129614_103120" style="line-height: 115%; font-size: 12pt;"><font id="yui_3_16_0_1_1432094129614_103119" face="Calibri">11[IKE]
<load-test|1> CHILD_SA load-test{1} established with SPIs cb8db1db_i
6e4c2042_o and TS 50.0.0.1/32 === <span style="color: red;">40.0.0.0/8</span></font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">12[IKE]
<load-test|2> CHILD_SA load-test{2} established with SPIs cc0db1dc_i
6b4c2043_o and TS 50.0.0.2/32 === <span style="color: red;">40.0.0.0/8 <span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span></span></font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">We need different
IP address of the same subnet to be populated in SPD (using load tester plugin)
as follows</font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">11[IKE]
<load-test|1> CHILD_SA load-test{1} established with SPIs cb8db1db_i
6e4c2042_o and TS 50.0.0.1/32 === <span style="color: red;">40.0.0.1/8</span></font></span></div><div><font face="Times New Roman">
</font></div><div id="yui_3_16_0_1_1432094129614_103114" style="margin: 0in 0in 10pt;"><span id="yui_3_16_0_1_1432094129614_103113" style="line-height: 115%; font-size: 12pt;"><font id="yui_3_16_0_1_1432094129614_103112" face="Calibri">12[IKE]
<load-test|2> CHILD_SA load-test{2} established with SPIs cc0db1dc_i
6b4c2043_o and TS 50.0.0.2/32 === <span style="color: red;">40.0.0.2/8 <span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span></span></font></span></div><div><font face="Times New Roman">
</font></div><div id="yui_3_16_0_1_1432094129614_103118" style="margin: 0in 0in 10pt;"><span id="yui_3_16_0_1_1432094129614_103117" style="line-height: 115%; font-size: 12pt;"><font id="yui_3_16_0_1_1432094129614_103116" face="Calibri">Would it
solve our issue if I do appropriate modification in add_ts() function from load_tester_config.c?
If not, pls suggest what should be done to accomplish the same.</font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">Thanks in advance.</font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><span style="mso-spacerun: yes;"><font face="Calibri"> </font></span></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">Regards,</font></span></div><div><font face="Times New Roman">
</font></div><div style="margin: 0in 0in 10pt;" dir="ltr"><span style="line-height: 115%; font-size: 12pt;"><font face="Calibri">Chinmaya</font></span></div><div><font face="Times New Roman">
</font></div></span><div></div> <br><div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font face="Arial" size="2"> On Wednesday, May 20, 2015 12:52 PM, Martin Willi <martin@strongswan.org> wrote:<br> </font> </div> <br><br> <div class="y_msg_container">Hi,<br><br>> all CHILD SAs will have the same traffic selector (i.e., 40.0.0.1/8)<br>> on responder side, as proposed by initiator. Is there any way to<br>> specify/configure different initiator_tsr for each initiator?<br><br>Currently all initiators use the same subnet as defined with<br>initiator_tsr. So no, there is currently no way to define individual<br>subnets for each client.<br><br>There is, however, a %unique port option you can use, such as<br>initiator_tsr=40.0.0.1/8[udp/%unique]. This selects a single port for<br>each initiator TSr, starting at 1025. This at least results in unique<br>policies on your gateway under test, but not sure what you intend to<br>test.<br><br>If that is not sufficient, have a look at the add_ts() function from<br>load_tester_config.c. It shouldn't be too hard to use a distinct subnet<br>for each initiator, similar to what we do with these %unique ports.<br><br>Regards<br>Martin<br><br><br><br><br></div> </div> </div> </div></div></body></html>