[strongSwan-dev] load-tester plugin modification
Martin Willi
martin at strongswan.org
Tue Aug 9 13:36:05 CEST 2011
Hi,
> What I see with load-tester is that TSr is by default the remote IP
> address (as it is defined in strongswan.conf).
Yes, it is currently limited to the responder address, so only
host-to-host tunnels are possible. You might change TSr at [1] and use
traffic_selector_create_from_subnet() or something. It's not supported
because I've never used it, and extending it properly for initiator and
responder support requires some work.
> In addition, the output of ipsec statusall indicates that there are no
> security associations established.
Probably because your responder configuration does not except a
host-to-host tunnel.
> So even if the tunnels created by load-tester can have traffic, for
> each one we need to have separate TSr in order to support concurrent
> traffic for all the established tunnels. Right?
If you want to test net-to-net/host-to-net tunnels, yes. But usually the
same TSr for all clients is fine as long as you have a different TSi.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_config.c;hb=HEAD#l277
More information about the Dev
mailing list