Hi, > What I see with load-tester is that TSr is by default the remote IP > address (as it is defined in strongswan.conf).
Yes, it is currently limited to the responder address, so only host-to-host tunnels are possible. You might change TSr at [1] and use traffic_selector_create_from_subnet() or something. It's not supported because I've never used it, and extending it properly for initiator and responder support requires some work. > In addition, the output of ipsec statusall indicates that there are no > security associations established. Probably because your responder configuration does not except a host-to-host tunnel. > So even if the tunnels created by load-tester can have traffic, for > each one we need to have separate TSr in order to support concurrent > traffic for all the established tunnels. Right? If you want to test net-to-net/host-to-net tunnels, yes. But usually the same TSr for all clients is fine as long as you have a different TSi. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_config.c;hb=HEAD#l277 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
