[strongSwan] Tuning number of threads etc.

[kgardenia42]

Hi,

I am using AWS high-cpu medium instance and I find that when I reach
around 1000 users I get backlogged connection attempts and users start
to complain about slow/backlogged connection attempts.  "ipsec status"
 seems to confirm this.

Any suggestions on ways to tune this?  Is the number of threads
significant to this?   The default number of threads is 16.  Is this a
good number for a quad-core machine?  Is maybe less threads better if
I only have 4 cores?  I realize I can experiment I just would
appreciate some "accepted wisdom".

Am I correct in thinking that when selecting a server that CPU is the
main factor (rather than memory)?  i.e. the more and faster CPUs the
better?  I am using AWS high-cpu medium instance I had hoped to get
more users per instance than 1000.  What are the key things I should
look at here?

I had read in the past that setting "esp" to a cheaper cipher may be
helpful but since I am using IOS devices it seems that they don't want
to connect if I set a cheaper cipher.  I experimentally set it to the
NULL cipher "null-sha1!".  is there any logging I can enable to see
what cipher's a client device supports?

Any other obvious areas I should look at?

Thanks.