[strongSwan] Load tester for xauth

Kimi Chen kchen at appannie.com
Tue Jan 27 03:46:31 CET 2015


Hi All,

I want to do load test for xauth, but I don't know how to configure load
tester correctly. Please help me, thanks a lot.

Here is my server's configuration:
conn IKEv1_Xauth_RSA
keyexchange=ikev1
leftauth=pubkey
leftcert=ios.crt
rightsourceip=172.16.0.0/20
rightauth=pubkey
rightauth2=xauth-eap
auto=add

My load-tester's configuration is like below.
plugins {
load-tester { # enable the plugin
enable = yes # 10000 connections, ten in parallel
version = 1
initiators = 1
iterations = 1 # use a delay of 100ms, overall time is: iterations * delay
= 100s
delay = 100 # address of the gateway (releases before 5.0.2 used the
"remote" keyword!)
responder = 10.0.0.174 # IKE-proposal to use
proposal = aes128-sha1-modp1024 # use faster PSK authentication instead of
1024bit RSA
initiator_auth = pubkey
issuer_cert = /etc/ipsec.d/cacerts/ca.crt
issuer_key = /etc/ipsec.d/private/ca.key
initiator_id = conn-%d-round-%d at VPN Defender.org
responder_id = "O=VPN Defender Staging, CN=vpn-stg.vpndefender.com" #
request a virtual IP using configuration payloads
request_virtual_ip = yes # disable IKE_SA rekeying (default)
ike_rekey = 0 # enable CHILD_SA every 60s
child_rekey = 60 # do not delete the IKE_SA after it has been established
(default)
delete_after_established = no # do not shut down the daemon if all IKE_SAs
established
shutdown_when_complete = no
}
}

If I comment rightauth2 at server side, "#rightauth2=xauth-eap",
load-tester works well. If I enable rightauth2, the load-tester cannot
work, even if I change the initiator_auth, "initiator_auth= pubkey|xauth",
or "initiator_auth= pubkey|eap-md5". The load-tester's log is like below:
"Jan 26 15:01:44 24[IKE] <load-test|2> initiating Main Mode IKE_SA load-test
2 <https://wiki.strongswan.org/issues/835#fn2> to 10.0.0.174
Jan 26 15:01:44 24[CFG] <load-test|2> configuration uses unsupported
authentication
Jan 26 15:01:44 24[MGR] <load-test|2> tried to check-in and delete
nonexisting IKE_SA"

Anyone who knows how to configure load-tester to support xauth, please help
me. Really appreciated.

-- 
*This email may contain or reference confidential information and is 
intended only for the individual to whom it is addressed.  Please refrain 
from distributing, disclosing or copying this email and the information 
contained within unless you are the intended recipient.  If you received 
this email in error, please notify us at legal at appannie.com 
<legal at appannie.com>** immediately and remove it from your system.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150127/591b69a4/attachment.html>


More information about the Users mailing list