-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Meenakshi,
If you have problems with buffering space, then the charon worker threads obviously can not work on all the IKE messages faster than it receives them. Increasing the buffer space would only delay the point in time when the error occurs. I think you need to both increase the number of workers or segment the IKE SA table. Refer to [1] for the latter. Changing the number of worker threads is done by setting charon.threads in strongswan.conf. Consult the man page of strongswan.conf for the correct notation of the configuration of strongswan.conf. [1] https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 11.02.2015 um 22:46 schrieb meenakshi bangad: > I am trying to bring multiple clients up using ipsec.conf from a single > machine. I can bring upto 50 connections up specifying a new connection in > (conn) section of > ipsec.conf on the client. everything works fine until I try load test on > these IP's. After a fixed number of packets I get an error "No Buffer space > available". > > I changed the sysctl settings to allot more buffer space for reading and > writing of tcp, but nothing works. During this time the management interface > has no issues. > Seems like the 50 tunnels I created max out on memory etc. I have to wait > for about 10 minutes and the connections > are back to normal or restart ipsec. Can you please advise what can be done? > > Sample Config on the client > #Default for all the client connections > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=2m > keyingtries=1 > keyexchange=ikev1 > > > left=10.101.248.153 > leftsourceip=%config > leftauth=pubkey > leftauth2=xauth > leftfirewall=yes > right=10.101.248.152 > rightid="C=CH, O=strongSwan, CN=vpntest.x.com <http://vpntest.x.com>" > rightsubnet=0.0.0.0/0 <http://0.0.0.0/0> > rightauth=pubkey > conn P2UJjggrNxA8Vcx_119a1d > leftcert=P2UJjggrNxA8Vcx_119a1dCert.pem > leftid="C=CH, O=strongSwan, CN=P2UJjggrNxA8Vcx_119a1d" > xauth_identity=P2UJjggrNxA8Vcx_119a1d > auto=add > > conn P2UJjhgrNxA8Vcx_119a1d > leftcert=P2UJjhgrNxA8Vcx_119a1dCert.pem > leftid="C=CH, O=strongSwan, CN=P2UJjhgrNxA8Vcx_119a1d" > xauth_identity=P2UJjhgrNxA8Vcx_119a1d > auto=add > > thanks, > > M > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU29A0AAoJEDg5KY9j7GZY5yMP/07FBw+X3aeIWo3lmi+9KAXr n2X6P8u9SrtgoxPZDVPOlvd641FNuuJw1rzfuLpZgrADvDxBsCOB+dOsdZQJ2rXc /spPUjCRJi1MlAHW52VNwzQQdLVjQtt6waBm8lswhCaDbJZgjNGMvvd8Jk42fGgM E9XqnHaipt0xdZpojTU9TcyOyrgZ3Fv0d2fbwNbtyICq1xcPNKDbKet63AtmZc9Q aAqnkcP6i9mipox0sLIVTM3PXjAReNn3qskSwQROhxAJR+hr04fskcLJ2qn+ipa4 wANfiE4dFZO204kVK+hZyRfZjbfXnX8c79SH0P4k3vlJhrSzzrLebUdDBwmwsPR5 2nTz4QA1RpqPk1XmV9CCkOS7FnNF4q1jGCP5LfFgIaQVR0ZEMlMgFsLJz/WYI4oe x3Jg61XaNl8POgJkGIiUQEZ2xM6+a4eOFd0zjOVJl30p+znnTNxlJYCBqBDlTU5N 2cPIJQe54tPLEAtwaA20OL/s2HFx3YInlwn+gNPFcHZCI4UrtlqjD59wKg9Q6MAX 12xWQIXTlOQoBiOG+hohEhT+6QIfzaZFNqkbE5HAJ6/qIY/hviQM/QarLnV+89TS C+UbOKIMUbCOabczi1jr1dGNl1Xt1yHq0BCEGUaGqOEj2iJ/AVeCqU5cBh/g2j78 ewo2YjANbHEOTCn+DDa7 =oMo9 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
