[strongSwan] max number of SAs

Miroslav Kubiczek miroslav.kubiczek at adaptivemobile.com
Thu May 22 13:28:09 CEST 2014


Hi Martin,

Thanks for info. I’ll go through this.
I have one more things which is not clear to me: I started VPN gateway and three clients. Then after few minutes I see this stats (simultaneously):

GW:
Security Associations (5354 up, 2053 connecting)

3 CLIENTS:
Security Associations (5744 up, 0 connecting)
Security Associations (4014 up, 0 connecting)
Security Associations (2938 up, 0 connecting)

I’d expect sum of SAs on clients should equal SAs on the GW. Any idea what the numbers don’t match?

Thanks,
Miro



On May 22, 2014, at 12:43 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi Miro,
> 
>> Security Associations (4595 up, 587 connecting)
>> 
>> Is there a way to get more? What's the main blocker?
> 
> There is no hard limit for the number of SAs in strongSwan. Most likely
> you are initiating just too many connections simultaneously, and your
> responder can't handle that load.
> 
> To properly configure strongSwan to handle many tunnels, refer to [1]
> and [2]. Usually public key cryptography is the limiting factor
> regarding tunnel setup rate, [3] has some numbers.
> 
> Regards
> Martin
> 
> [1]http://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
> [2]http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration#Performance-consideration
> [3]http://wiki.strongswan.org/projects/strongswan/wiki/PublicKeySpeed
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140522/f2715725/attachment.pgp>
-------------- next part --------------
*****************************************This email and any files transmitted with are confidential and intended solely for the use of the individual or entity to whom they are addressed.  If you have received this email in error then please delete it and notify the sender. Do not make a copy or forward it to anyone.  This footnote also confirms that this email message has been swept for the presence of computer viruses. Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK). Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140522/f2715725/attachment.html>


More information about the Users mailing list