[strongSwan] Assign VPN to specific core
Igor Lopez Orbe
igorlor at gmail.com
Mon Jul 9 16:56:16 CEST 2012
Hello,
I have realised that ipsec only uses one core of ,y multicore
processor. Trying to use more than one core I set up two tunnel with
same origin and destination (configuration below) and different
association but computers still uses only one core.
conn net-net
type=tunnel
left=192.168.1.93
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
right=192.168.1.118
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
conn net-net2
type=tunnel
left=192.168.1.93
leftsubnet=10.1.0.0/16
leftid=@mars.strongswan.org
right=192.168.1.118
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
# ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
000 %myid = '%any'
000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5
random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr
kernel-netlink resolve
000 debug options: none
000
Status of IKEv2 charon daemon (strongSwan 4.5.2):
uptime: 17 minutes, since Jul 09 16:36:31 2012
malloc: sbrk 393216, mmap 0, used 253552, free 139664
worker threads: 7 idle of 16, job queue load: 0, scheduled events: 6
loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp
agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve
socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc
eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
192.168.1.93
10.1.0.1
192.168.122.1
192.168.100.1
10.8.0.2
Connections:
net-net: 192.168.1.93...192.168.1.118
net-net: local: [moon.strongswan.org] uses pre-shared key authentication
net-net: remote: [sun.strongswan.org] uses any authentication
net-net: child: 10.1.0.0/16 === 10.2.0.0/16
net-net2: 192.168.1.93...192.168.1.118
net-net2: local: [mars.strongswan.org] uses pre-shared key authentication
net-net2: remote: [sun.strongswan.org] uses any authentication
net-net2: child: 10.1.0.0/16 === 10.2.0.0/16
Security Associations:
net-net[1]: ESTABLISHED 16 minutes ago,
192.168.1.93[moon.strongswan.org]...192.168.1.118[sun.strongswan.org]
net-net[1]: IKE SPIs: da6c86b1e5907bf2_i* 9a060f1ba89299df_r,
pre-shared key reauthentication in 35 minutes
net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
net-net{1}: INSTALLED, TUNNEL, ESP SPIs: cdb8ced8_i ccf8719b_o
net-net{1}: AES_CBC_128, 0 bytes_i, 0 bytes_o, rekeying in 12 minutes
net-net{1}: 10.1.0.0/16 === 10.2.0.0/16
net-net2[2]: ESTABLISHED 16 minutes ago,
192.168.1.93[mars.strongswan.org]...192.168.1.118[sun.strongswan.org]
net-net2[2]: IKE SPIs: e8d968745cb64df7_i* 806b88886e67785f_r,
pre-shared key reauthentication in 35 minutes
net-net2[2]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
net-net2{2}: INSTALLED, TUNNEL, ESP SPIs: c1d6cf35_i c8e45666_o
net-net2{2}: AES_CBC_128, 0 bytes_i, 0 bytes_o, rekeying in 11 minutes
net-net2{2}: 10.1.0.0/16 === 10.2.0.0/16
Is there any way to assign one core to each vpn? Is my computer using
always the same core because it doesn't do load-balancing by default
and always choose same tunnel to arrive to same destination?
Regards,
Igorlor
More information about the Users
mailing list