[strongSwan-dev] strongswan 4.6.2: charon unstable/crashes when establishing a lot of connections

Martin Willi martin at strongswan.org
Mon Apr 16 11:34:49 CEST 2012


> The load-tester plugin looks like uses a fixed set of credentials
> (mainly used for stress testing with some sample credentials).

It uses a CA certificate and issues client certificates to use on
demand. Replacing the CA and issuing certificates for your needs should
be a trivial extension. Using your already issued certs requires a
little more work, though.

> In our test, we have thousands of terminals simulated in a Linux
> machine running charon, and each terminal or initiator is having a
> unique IP address with a different certificate.

I don't know how you simulate unique IP addresses, but in my experience
adding thousands of IPs to an interface scales very bad on Linux and is
not really a practical solution for load testing.

We don't use different IPs in our plugin, as it is not a factor that
influences setup rate. Using unique IDs is sufficient, unless you need
this IP to test the established IPsec tunnels themselves with traffic.

> Is there a way to fix the Charon crashes/unstability in this scenario,
> or is the load-tester plugin the only way to proceed ?

While your approach doesn't scale well, it shouldn't crash. Have you
verified that you don't run into any memory limit?


More information about the Dev mailing list