Hi,
On Tue, Aug 9, 2011 at 2:36 PM, Martin Willi <[email protected]> wrote: > Hi, > > > What I see with load-tester is that TSr is by default the remote IP > > address (as it is defined in strongswan.conf). > > Yes, it is currently limited to the responder address, so only > host-to-host tunnels are possible. You might change TSr at [1] and use > traffic_selector_create_from_subnet() or something. It's not supported > because I've never used it, and extending it properly for initiator and > responder support requires some work. > So it is likely that adapting [1] is not enough? > > > In addition, the output of ipsec statusall indicates that there are no > > security associations established. > > Probably because your responder configuration does not except a > host-to-host tunnel. > What exactly do you mean? A possible missconfiguration on server-side? Can you please elaborate? > > > So even if the tunnels created by load-tester can have traffic, for > > each one we need to have separate TSr in order to support concurrent > > traffic for all the established tunnels. Right? > > If you want to test net-to-net/host-to-net tunnels, yes. But usually the > same TSr for all clients is fine as long as you have a different TSi. > This is in general correct for traffic initiated from B-side. But when traffic is initiated from A-side and TSr is 0.0.0.0/0 for all tunnels, then it will choose only one interface (most likely the one with smaller IP). Unless, you can instruct any traffic generator tool to use a specific IP. > > Regards > Martin > > [1] > http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_config.c;hb=HEAD#l277 > > thanks and regards Kostas
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
