[strongSwan] Assign VPN to specific core

Igor Lopez Orbe igorlor at gmail.com
Mon Jul 9 16:56:16 CEST 2012


Hello,

I have realised that ipsec only uses one core of ,y multicore
processor. Trying to use more than one core I set up two tunnel with
same origin and destination (configuration below) and different
association but computers still uses only one core.

conn net-net
     type=tunnel
     left=192.168.1.93
     leftsubnet=10.1.0.0/16
     leftid=@moon.strongswan.org
     right=192.168.1.118
     rightsubnet=10.2.0.0/16
     rightid=@sun.strongswan.org
     auto=add

conn net-net2
     type=tunnel
     left=192.168.1.93
     leftsubnet=10.1.0.0/16
     leftid=@mars.strongswan.org
     right=192.168.1.118
     rightsubnet=10.2.0.0/16
     rightid=@sun.strongswan.org
     auto=add


# ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
000 %myid = '%any'
000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5
random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr
kernel-netlink resolve
000 debug options: none
000
Status of IKEv2 charon daemon (strongSwan 4.5.2):
  uptime: 17 minutes, since Jul 09 16:36:31 2012
  malloc: sbrk 393216, mmap 0, used 253552, free 139664
  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 6
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp
agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve
socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc
eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
  192.168.1.93
  10.1.0.1
  192.168.122.1
  192.168.100.1
  10.8.0.2
Connections:
     net-net:  192.168.1.93...192.168.1.118
     net-net:   local:  [moon.strongswan.org] uses pre-shared key authentication
     net-net:   remote: [sun.strongswan.org] uses any authentication
     net-net:   child:  10.1.0.0/16 === 10.2.0.0/16
    net-net2:  192.168.1.93...192.168.1.118
    net-net2:   local:  [mars.strongswan.org] uses pre-shared key authentication
    net-net2:   remote: [sun.strongswan.org] uses any authentication
    net-net2:   child:  10.1.0.0/16 === 10.2.0.0/16
Security Associations:
     net-net[1]: ESTABLISHED 16 minutes ago,
192.168.1.93[moon.strongswan.org]...192.168.1.118[sun.strongswan.org]
     net-net[1]: IKE SPIs: da6c86b1e5907bf2_i* 9a060f1ba89299df_r,
pre-shared key reauthentication in 35 minutes
     net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
     net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: cdb8ced8_i ccf8719b_o
     net-net{1}:  AES_CBC_128, 0 bytes_i, 0 bytes_o, rekeying in 12 minutes
     net-net{1}:   10.1.0.0/16 === 10.2.0.0/16
    net-net2[2]: ESTABLISHED 16 minutes ago,
192.168.1.93[mars.strongswan.org]...192.168.1.118[sun.strongswan.org]
    net-net2[2]: IKE SPIs: e8d968745cb64df7_i* 806b88886e67785f_r,
pre-shared key reauthentication in 35 minutes
    net-net2[2]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    net-net2{2}:  INSTALLED, TUNNEL, ESP SPIs: c1d6cf35_i c8e45666_o
    net-net2{2}:  AES_CBC_128, 0 bytes_i, 0 bytes_o, rekeying in 11 minutes
    net-net2{2}:   10.1.0.0/16 === 10.2.0.0/16



Is there any way to assign one core to each vpn? Is my computer using
always the same core because it doesn't do load-balancing by default
and always choose same tunnel to arrive to same destination?


Regards,

Igorlor




More information about the Users mailing list