Hi Leonid,
the 160M are just virtual memory due to charon's 16 worker threads.
Actual resident memory use is only 2M. If virtual memory space is
an issue then you could reduce the number of threads to about 10 by
setting
charon {
threads = 10
}
in /etc/strongswan.conf.
Best regards
Andreas
Hello, I have some "top" util results from charon running on my box ...
Its shows DATA size == 160M,
which is way too much for me...
Is there any way to reduce that size ...
I would be happy with 10M :-)
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ CODE DATA
COMMAND
31484 root
If you intend to use Modeconfig to assign virtual IP addresses to
clients then a Cisco gateway usually employs Modeconfig push mode.
Therefore define
leftsourceip=%modeconfig
modeconfig=push
as in the following sample scenario:
http://www.strongswan.org/uml/testresults42/ikev1/mode-config-
The IPsec stack does not care about outgoing packets but uses the
SPI of incoming packets to look up the context in the SAD.
If a packet replay-window is set then restrictions on the ESP
packet sequence numbers apply.
Andreas
Jianqing Zhang wrote:
> When I configured SPD and SAD manually, I find
I'm not very familiar with any of the cisco vpn equipment, but I do have
a VPN setup with another hospital that uses a Cisco 3000. I am going to
guess that in the cisco world that setting up a vpn would be mostly the
same all the way around.
For the most part, It's straight forward, and the setup
Hello,
I am not familiar with StrongSwan, or it abilities and have had a request
that I hope I can get some help with. We currently use Cisco 72xx VXR's
(12.3) for our VPN devices. We need to setup a tunnel to a StrongSwan
2.8.1. Are there any issues with connecting these two up that we should
When I configured SPD and SAD manually, I find that SPIs for the
outgoing packets could be same but those for incoming packets must be
unique. Why?
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
