Hi,
I am using the load tester plugin (strongswan 5.0.4) to create 20K IPsec
tunnels (without data traffic). I have disabled the logging and used
pre-shared key authentication mechanism. What I understand, tunnel setup rate
depends on how fast Diffie-Hellman exchange can be done and the group used
because I think, IKEv2 spends most of its time (more than 80%) in DH exchange.
I am using the least expensive modp768. Still I'm hitting a bottleneck in
tunnel setup speed. I am only getting about 5 tunnels per second. Did profiling
with perf (on Wind River Linux), but the call stack did not find any hotspot in
strongswan codebase.
To increase the tunnel establishment rate, do I need to accelerate the
generation of the public DH factor
by configuring the strongswan.conf setting (in strongswan.conf file at both the
ends) as below? As of now it is under comment.
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
Please point me to right direction, if I have misunderstood or missing anything.
Regards,
Chinmaya
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
