Issue #3612

Load-test plugin swanctl -L output issue

Added by Ryan Farrell almost 2 years ago. Updated almost 2 years ago.

Affected version:


I'm using the load-tester plugin as the initiator. Given the following load-tester.conf included below, everything works fine. However "swanctl -L" has the initiator and responder addresses swapped in the output. When the tunnel is up, "swanctl -l" correctly shows the initiator and responder addresses.

# cat /etc/strongswan.d/charon/load-tester.conf
load-tester {
    load = yes
    enable = yes
    addrs_keep = no
    version = 2
    initiators = 1
    iterations = 1
    delay = 1000
    init_limit = 0
    ca_dir = /usr/local/etc/swanctl/x509ca
    issuer_cert = /usr/local/etc/swanctl/x509ca/enb-signing.crt
    issuer_key = /usr/local/etc/swanctl/private/enb-signing.key
    ike_rekey = 3600
    child_rekey = 1800
    crl =
    ens33 = 2001:a:b:4001:f::2/64
    addrs_keep = yes
    addrs_prefix = 64
    initiator = 2001:a:b:4001:f::1
    responder = 2001:a:b:7001:1::1
    initiator_auth = pubkey
    responder_auth = pubkey
    responder_id = C=US, CN=site1pair1
    initiator_id = CN=conn-%d, OU=load-test, O=strongSwan
    initiator_tsi = ::/0
    initiator_tsr = ::/0
    delete_after_established = no
    digest = sha256
    mode = tunnel
    proposal = aes256gcm16-sha256-modp2048
    esp = aes256gcm16-sha256
    request_virtual_ip = yes
    dpd_delay = 30
    shutdown_when_complete = no

The command output showing a loaded connection with the local & remote addrs. I would expect 2001:a:b:7001:1::1 to be the remote as it is the configured responder.

# swanctl -L
load-test: IKEv2, no reauthentication, rekeying every 3600s, dpd delay 30s
  local:  2001:a:b:7001:1::1
  remote: 2001:a:b:4001:f::1
  local public key authentication:
    id: C=US, CN=site1pair1
  remote public key authentication:
    id: CN=conn-0, OU=load-test, O=strongSwan
  load-test: TUNNEL, rekeying every 1800s, dpd action is clear
    local:  ::/0
    remote: ::/0

The command output showing the tunnel was successfully established with the expected local & remote addrs.

# swanctl -l
load-test: #1, ESTABLISHED, IKEv2, f725ca23e2d32694_i* 69b4fd6a52fb9f99_r
  local  'CN=conn-1, OU=load-test, O=strongSwan' @ 2001:a:b:4001:f::2[500] [2001:a:b:6ab1::293]
  remote 'C=US, CN=site1pair1' @ 2001:a:b:7001:1::1[500]
  established 5s ago, rekeying in 3595s
  load-test: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
    installed 5s ago, rekeying in 1795s, expires in 3595s
    in  ca5f9062,      0 bytes,     0 packets
    out c0c62073,      0 bytes,     0 packets
    local  2001:a:b:6ab1::293/128
    remote ::/0


#1 Updated by Ryan Farrell almost 2 years ago

Sorry - submitted with the title incomplete. Should be something like "Load-test plugin swanctl -L output issue", if it matters.

#2 Updated by Tobias Brunner almost 2 years ago

  • Subject changed from Load-test loaded to Load-test plugin swanctl -L output issue
  • Category set to testing
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner

That's normal because the connections generated by the load-tester plugin for enumeration via config backend manager (that's what you get via -L) are intended to be used as responder (i.e. to test against itself). You'll never see the config(s) used for initiation there, as these are generated on the fly and are never made available via config backend.

#3 Updated by Ryan Farrell almost 2 years ago

Ah, I get what you are saying. Thanks for the clarification.
When using the load-tester as an initiator only, the loaded connection (via swanctl -L) can be safely ignored as it is not used.

Also available in: Atom PDF