Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hello Martin, all Firstly, Thanks for all your help in using the load-tester plugin. I finally set it up to work using pubkey/rsasig with the Certs provided in the file: http://wiki.strongswan.org/projects/strongswan/repository/entry/src/libcharon/plugins/load_tester/load_tester_creds.c Used

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

15[CFG] looking for peer configs matching 172.17.10.10[srv.strongswan.org]...172.17.10.253[c5-1.strongswan.org] 15[CFG] no matching peer config found 15[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] conn rw-server left=172.17.10.10 leftsubnet=192.168.20.0/24

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi The problem is not the secret, but that no config matches on your responder. leftid defaults to left (172.17.10.10), but actually is srv.strongswan.org. Try leftid=srv.strongswan.org, or even leftid=%any. I did just that, i used leftid=%any on the rw-server. But when i start the ipsec (ipsec

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi One more followup info. On the m/c enabled with load-tester plugin and simulating multiple rw-clients, i have the following strongswan.conf config file: --- # strongswan.conf - strongSwan configuration file charon

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

and for your help with regards rajiv fromMartin Willi mar...@strongswan.org toRajiv Kulkarni rajivkulkarn...@gmail.com ccus...@lists.strongswan.org dateFri, Jul 29, 2011 at 5:34 PM subjectRe: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA) Important

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi Tobias Thanks for the reply. No, i did not know of the load-tester plugin till you told me about it. I followed your advice and started setting up the load-tester plugin with strongswan-4.5.2 on Linux-Fedora servers - As mentioned in one of the mail-list on Load-Tester plugin, I have

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi, - What is the meaning of initiators=10 and iterations=100. i would think that for simulating establishment of 1000 simultaneous tunnels i would want 1000 initiators to be running right? Why only 10 and running them 100 times? initiators defines the number of threads. Each thread

[strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi I need some help from you all on the following issue: 1. I have a setup using Racoon (ikev1 only) between 2 Peer Gws (Linux servers) and i needed to have about 1000 ipsec tunnels between them (i.e it would come to 2000 ipsec/esp SAs with 1 IKE SA between the peer gws). I did this using the

Re: [strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Hi Rajiv, - is there a better way and a simple and elegant way to simulate 1000 tunnels (2000 SAs)? Did you already have a look at the load-tester plugin [1]? Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests ___