[strongSwan] Multiple Ipsec connections thru one ipsec.conf
meenakshi bangad
mbangad at gmail.com
Wed Feb 11 22:46:02 CET 2015
I am trying to bring multiple clients up using ipsec.conf from a single
machine. I can bring upto 50 connections up specifying a new connection in
(conn) section of
ipsec.conf on the client. everything works fine until I try load test on
these IP's. After a fixed number of packets I get an error "No Buffer space
available".
I changed the sysctl settings to allot more buffer space for reading and
writing of tcp, but nothing works. During this time the management
interface has no issues.
Seems like the 50 tunnels I created max out on memory etc. I have to wait
for about 10 minutes and the connections
are back to normal or restart ipsec. Can you please advise what can be
done?
Sample Config on the client
#Default for all the client connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=2m
keyingtries=1
keyexchange=ikev1
left=10.101.248.153
leftsourceip=%config
leftauth=pubkey
leftauth2=xauth
leftfirewall=yes
right=10.101.248.152
rightid="C=CH, O=strongSwan, CN=vpntest.x.com"
rightsubnet=0.0.0.0/0
rightauth=pubkey
conn P2UJjggrNxA8Vcx_119a1d
leftcert=P2UJjggrNxA8Vcx_119a1dCert.pem
leftid="C=CH, O=strongSwan, CN=P2UJjggrNxA8Vcx_119a1d"
xauth_identity=P2UJjggrNxA8Vcx_119a1d
auto=add
conn P2UJjhgrNxA8Vcx_119a1d
leftcert=P2UJjhgrNxA8Vcx_119a1dCert.pem
leftid="C=CH, O=strongSwan, CN=P2UJjhgrNxA8Vcx_119a1d"
xauth_identity=P2UJjhgrNxA8Vcx_119a1d
auto=add
thanks,
M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150211/fa7e98e1/attachment.html>
More information about the Users
mailing list