[strongSwan-dev] load-tester plugin modification

Martin Willi martin at strongswan.org
Tue Aug 9 13:36:05 CEST 2011


Hi,

> What I see with load-tester is that TSr is by default the remote IP
> address (as it is defined in strongswan.conf).

Yes, it is currently limited to the responder address, so only
host-to-host tunnels are possible. You might change TSr at [1] and use
traffic_selector_create_from_subnet() or something. It's not supported
because I've never used it, and extending it properly for initiator and
responder support requires some work.

> In addition, the output of ipsec statusall indicates that there are no
> security associations established.

Probably because your responder configuration does not except a
host-to-host tunnel.

> So even if the tunnels created by load-tester can have traffic, for
> each one we need to have separate TSr in order to support concurrent
> traffic for all the established tunnels. Right?

If you want to test net-to-net/host-to-net tunnels, yes. But usually the
same TSr for all clients is fine as long as you have a different TSi.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_config.c;hb=HEAD#l277





More information about the Dev mailing list