[strongSwan-dev] load-tester plugin modification

k8k awmn k8k.awmn at gmail.com
Wed Aug 10 14:11:32 CEST 2011


Hi,


On Tue, Aug 9, 2011 at 2:36 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi,
>
> > What I see with load-tester is that TSr is by default the remote IP
> > address (as it is defined in strongswan.conf).
>
> Yes, it is currently limited to the responder address, so only
> host-to-host tunnels are possible. You might change TSr at [1] and use
> traffic_selector_create_from_subnet() or something. It's not supported
> because I've never used it, and extending it properly for initiator and
> responder support requires some work.
>

So it is likely that adapting [1] is not enough?


>
> > In addition, the output of ipsec statusall indicates that there are no
> > security associations established.
>
> Probably because your responder configuration does not except a
> host-to-host tunnel.
>

What exactly do you mean? A possible missconfiguration on server-side?
Can you please elaborate?


>
> > So even if the tunnels created by load-tester can have traffic, for
> > each one we need to have separate TSr in order to support concurrent
> > traffic for all the established tunnels. Right?
>
> If you want to test net-to-net/host-to-net tunnels, yes. But usually the
> same TSr for all clients is fine as long as you have a different TSi.
>

This is in general correct for traffic initiated from B-side.
But when traffic is initiated from A-side and TSr is 0.0.0.0/0 for all
tunnels, then it will choose only one interface (most likely the one with
smaller IP). Unless, you can instruct any traffic generator tool to use a
specific IP.


>
> Regards
> Martin
>
> [1]
> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_config.c;hb=HEAD#l277
>
>
thanks and regards
Kostas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20110810/5f3c0968/attachment.html>


More information about the Dev mailing list