[strongSwan] How to configure the different proposal for different IPsec and measure the tunnel setup and teardown rate
Martin Willi
martin at strongswan.org
Mon Sep 2 10:03:03 CEST 2013
Hi,
> Is there any option available to configure the different proposal for
> different IPsec tunnels at the initiator host (in its strongswan.conf
> file) and responder host (in its ipsec.conf file)?
With load-tester, you can use the "proposal" and "esp" keywords in
strongswan.conf to configure IKE- and ESP-proposals, respectively. These
settings apply to all tunnels initiated with load-tester.
On the responder, assuming you are using an ipsec.conf based
configuration, you can use the "ike" and "esp" keywords in the
appropriate connection entries. Here you can append an "!" to the
proposal to omit the default proposal appended by default. man
ipsec.conf for details.
> In addition, is there any means provided by strongswan to
> measure the tunnel setup and teardown rate?
No, there is currently no automated mechanism for that.
Regards
Martin
More information about the Users
mailing list