Project

General

Profile

Issue #3433

Not able to connect ipsec server using actual client while load testing

Added by Diwakar Bhardwaj 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.6.0
Resolution:

Description

Hi team,
I am using strongswan with eap-radius. I'm using strongswan load testing tool to generate a load on the server. Both client and server are running on two different VM. I started with small, load with 10 requests only, but in between if I want to connect to the server using actual client, it's not able to connect, keeps retrying, once load testing done, it gets connected. So I'm wondering why this is happening, is there any limitations with load test tool or something else causing the problem.

server conf
strongswan.conf

  charon {
        load_modular = yes
        proposal = aes256-sha1-modp2048
        dos_protection=no
        dns1 = 8.8.8.8
        dns2 = 8.8.4.4
        ikesa_limit=1024
        threads = 256
         ikesa_table_size = 1024
         ikesa_table_segments = 64
         keep_alive = 5

    processor {
        priority_threads {
            high = 2
            medium = 4
        }
    }
        half_open_timeout = 60
        filelog {
               /var/log/strongswan.charon.log {
                   time_format = %b %e %T
                   default = 1
                   append = no
                   flush_line = yes
               }
       }
        plugins {
         eap-radius {
               #retransmit_tries=1
               accounting = yes
               servers {
                  radiusServer {
                       secret = test
                       address = 127.0.0.1
                       auth_port = 1812   # default
                       acct_port = 1813   # default
                       retransmit_tries = 1
                   }
               }
               dae {
                  enable = yes      # enable DAE extension
                  listen = 0.0.0.0  # listen address, default to all
                  port = 3799       # port to listen for requests, default
                  secret = testdatami      # shared secret to verify/sign DAE messages
               }
          }
                include strongswan.d/charon/*.conf
        }
}

include strongswan.d/*.conf

ipsec.conf

conn testing2
    auto=add
    ike=aes128-sha1-modp768!
    keyexchange=ikev2
    dpdaction=clear
    leftauth=pubkey
    esp=aes128-sha256-sha1!
    leftcert=server.cert.pem
    #leftsendcert=never
    left=%any
    leftid=********
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-radius
    rightsourceip=10.99.0.0/16
    #rightikeport=8043
    mobike=yes

History

#1 Updated by Tobias Brunner about 2 months ago

  • Status changed from New to Feedback
  • Priority changed from Urgent to Normal

If you are overloading the server's capacity, clients will have a difficult time connecting. Read the logs for details.

Also available in: Atom PDF