Hi, > 2) On increasing the number of connections (entries in ipsec.conf > file) to 4000, charon crashes and respawns randomly during tunnel > creations:
> 3) On increasing the number of connections further to 10,000, Charon > process crashes during loading of the ipsec.conf file itself > (ipsec.conf file has 10,000 conn <xx> entries), with out of memory > error: > Apr 12 15:22:29 femtoslave3 charon: 71[CFG] received stroke: add > connection 'host_5896' > Apr 12 12:52:29 femtoslave3 out of memory [5196] > Apr 12 12:52:29 femtoslave3 out of memory [5196] At least in the second case this looks like you are really running out of memory, and probably the OOM killer just kills charon? > If there is any known limitation for charon to establish/initiate huge > number of IPSec connections ? Except from memory, probably not. But please be aware that the ipsec.conf configuration backend is not really designed to scale well with thousands of connection entries (you can handle several thousand responder tunnels just fine with a few ipsec.conf entries, though). To test scalability, we use our load-tester plugin [1] that has written just for that purpose. It is somewhat limited when using custom credentials, but should be easy to extend for your purposes. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
