[strongSwan] VPN Establishment
Tobias Brunner
tobias at strongswan.org
Tue Apr 10 10:38:52 CEST 2012
Hi Daniel,
> I was surprised when I realized that the time of establishment of the
> VPN was raising as the amount of tunnels where numerous.
>
> A question for developers is: Is it a normal behavior that strongSwan
> would take more time to establish a VPN when is is loaded, lets say,
> almost 1 second when 1000 tunnels are established?
Since the IKE_SAs are stored in a linked list by default the performance
could degrade as the number of SAs increases. Please have a look at [1]
which explains how to configure charon to use a hash table instead.
Other performance relevant options can be found at [2], where job
priorities and IKE_SA_INIT dropping are explained.
Logging can also be quite the bottleneck as the number of log messages
naturally increases with the number of SAs (see [3]).
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
[2] http://wiki.strongswan.org/projects/strongswan/wiki/JobPriority
[3] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
More information about the Users
mailing list