[strongSwan] IPsec/IKEv2 tunnels scalability issue with load-tester plugin (using strongSwan 5.0.4)

Martin Willi martin at strongswan.org
Wed Aug 7 09:09:41 CEST 2013


> But in this case,  since I have disabled the rekeying,  the kernel
> should not send XFRM_MSG_EXPIRE event to charon daemon.

I'd guess that the kernel sends expires for the allocated SPIs, and then
the SA for this SPI can't get updated.

You may try to change the hard-coded SPI allocation expiration timeout
at [1]. It gets set to the default retransmission timeout, but in this
special case you might have to adjust it for your needs.



More information about the Users mailing list