[strongSwan] Ipsec up/down(brining up one client up/down) is a trigger to bring back up A non-responsive server
noel at familie-kuntze.de
Mon Feb 23 21:55:42 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Did you check if the IPsec SAs are still there for the tunnels, when you
get timeouts? I would like to get some information on the state of the
ipsec stack when that happens. Stuff like the statistics of the policies
("ip -s x p") and the CPU usage. This is likely a problem with the IPsec stack of the
Linux kernel, as it does traffic processing.
Mit freundlichen Grüßen/Regards,
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 20.02.2015 um 23:22 schrieb meenakshi bangad:
> I am experiencing a very interesting behaviour with Strongswan server.
> Using the load tester plugin I can bring up multiple clients. I have set up about 200 clients on 2 machines (each running 100 Ipsec tunnels to the servers).
> I have my own traffic generator which is sending traffic across this multiple tunnels.
> Initially everything runs fine, but after some time I start getting time-outs in my traffic generator application. I have tried modifying the sysctl settings etc,
> but nothing has worked. If during that time I bring up another client everything starts to work back again. So the trigger to non -responsive server is brining a tunnels up and down. Since
> I have been doing this the generator on the other 200 tunnels never times out. It seems like the server is stuck somewhere and the a tunnel up or down breaks that loop.
> Has anyone else experiencing the same behaviour ?
> Users mailing list
> Users at lists.strongswan.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Users