[strongSwan] IPsec/IKEv2 tunnels scalability issue with load-tester plugin (using strongSwan 5.0.4)
Martin Willi
martin at strongswan.org
Wed Aug 7 09:09:41 CEST 2013
Hi,
> But in this case, since I have disabled the rekeying, the kernel
> should not send XFRM_MSG_EXPIRE event to charon daemon.
I'd guess that the kernel sends expires for the allocated SPIs, and then
the SA for this SPI can't get updated.
You may try to change the hard-coded SPI allocation expiration timeout
at [1]. It gets set to the default retransmission timeout, but in this
special case you might have to adjust it for your needs.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=b34fa149;hb=HEAD#l2668
More information about the Users
mailing list