Hi, > The load-tester plugin looks like uses a fixed set of credentials > (mainly used for stress testing with some sample credentials).
It uses a CA certificate and issues client certificates to use on demand. Replacing the CA and issuing certificates for your needs should be a trivial extension. Using your already issued certs requires a little more work, though. > In our test, we have thousands of terminals simulated in a Linux > machine running charon, and each terminal or initiator is having a > unique IP address with a different certificate. I don't know how you simulate unique IP addresses, but in my experience adding thousands of IPs to an interface scales very bad on Linux and is not really a practical solution for load testing. We don't use different IPs in our plugin, as it is not a factor that influences setup rate. Using unique IDs is sufficient, unless you need this IP to test the established IPsec tunnels themselves with traffic. > Is there a way to fix the Charon crashes/unstability in this scenario, > or is the load-tester plugin the only way to proceed ? While your approach doesn't scale well, it shouldn't crash. Have you verified that you don't run into any memory limit? Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
