Hi,
As I understand, strongSwan supports scalability from 4.x onwards. I
am new to strongSwan and to VPN in general.
I have setup a strongSwan 5.3.5 installed on Ubuntu 16.04LTS.
Though I have read that strongSwan supports scalability, I couldn't
find stats to support it.
Before adopting strongSwan
Hi Varun,
we have customers who have successfully been running up to 60k
concurrent tunnels. In order to maximize performance please have
a look at the use of hash tables for IKE_SA lookup
https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
as well as job priority management
ht
Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
> Hi Varun,
>
> we have customers who have successfully been running up to 60k
> concurrent tunnels. In order to maximize performance please have
> a look at the use of hash tables for IKE_SA lookup
>
>https://wiki.strongswan.org/p
On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
> Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
>> Hi Varun,
>>
>> we have customers who have successfully been running up to 60k
>> concurrent tunnels. In order to maximize performance please have
>> a look at the use o
Am Montag, 16. Januar 2017, 18:09:00 schrieb Varun Singh:
> On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
> > Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
> >> Hi Varun,
> >>
> >> we have customers who have successfully been running up to 60k
> >> concurrent tunne
On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff wrote:
> Am Montag, 16. Januar 2017, 18:09:00 schrieb Varun Singh:
>> On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
>> > Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
>> >> Hi Varun,
>> >>
>> >> we have custome
Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff wrote:
> > Am Montag, 16. Januar 2017, 18:09:00 schrieb Varun Singh:
> >> On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff
> >> wrote:
> >> > Am Montag, 16. Januar 2017, 20:06
On Mon, Jan 16, 2017 at 6:32 PM, Michael Schwartzkopff wrote:
> Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
>> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff wrote:
>> > Am Montag, 16. Januar 2017, 18:09:00 schrieb Varun Singh:
>> >> On Mon, Jan 16, 2017 at 6:04 PM, Michael
Am Montag, 16. Januar 2017, 18:55:35 schrieben Sie:
> On Mon, Jan 16, 2017 at 6:32 PM, Michael Schwartzkopff wrote:
> > Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
> >> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff
> >> wrote:
> >> > Am Montag, 16. Januar 2017, 18:09:00 sc
On 16.01.2017 20:39, Varun Singh wrote:
On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
Hi Varun,
we have customers who have successfully been running up to 60k
concurrent tunnels. In order to maximize performance ple
On Mon, Jan 16, 2017 at 7:03 PM, Andreas Steffen
wrote:
> On 16.01.2017 20:39, Varun Singh wrote:
>>
>> On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
>>>
>>> Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
Hi Varun,
we have customers who have succ
On Mon, Jan 16, 2017 at 7:02 PM, Michael Schwartzkopff wrote:
> Am Montag, 16. Januar 2017, 18:55:35 schrieben Sie:
>> On Mon, Jan 16, 2017 at 6:32 PM, Michael Schwartzkopff wrote:
>> > Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
>> >> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwar
On Mon, Jan 16, 2017 at 7:24 PM, Varun Singh wrote:
> On Mon, Jan 16, 2017 at 7:02 PM, Michael Schwartzkopff wrote:
>> Am Montag, 16. Januar 2017, 18:55:35 schrieben Sie:
>>> On Mon, Jan 16, 2017 at 6:32 PM, Michael Schwartzkopff wrote:
>>> > Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Si
On 18.01.2017 18:11, Varun Singh wrote:
> Yet another concern related to this. From what I know, VPN server
> creates a new virtual network interface for every VPN client
> connected.
It doesn't.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60
On Wed, Jan 18, 2017 at 10:44 PM, Noel Kuntze wrote:
> On 18.01.2017 18:11, Varun Singh wrote:
>> Yet another concern related to this. From what I know, VPN server
>> creates a new virtual network interface for every VPN client
>> connected.
> It doesn't.
>
>
> --
>
> Mit freundlichen Grüßen/Kind
On 18.01.2017 18:23, Varun Singh wrote:
> Okay. Surprisingly I was told in a discussion with a networking expert
> that a new virtual network interface is created on server every time a
> VPN client connects. Is there is link or document which states in
> detail how server's network module function
On Wed, Jan 18, 2017 at 11:00 PM, Noel Kuntze wrote:
> On 18.01.2017 18:23, Varun Singh wrote:
>> Okay. Surprisingly I was told in a discussion with a networking expert
>> that a new virtual network interface is created on server every time a
>> VPN client connects. Is there is link or document wh
On 18.01.2017 18:37, Varun Singh wrote:
> Okay, so is 'not-creating-new-interfaces' a feature unique to
> strongSwan or is it common for all VPN servers? Reason I am asking is,
> may be I have misunderstood what the expert was saying. If not, I
> should discuss this with him.
Neither strongSwan, no
On Wed, Jan 18, 2017 at 11:08 PM, Noel Kuntze wrote:
> On 18.01.2017 18:37, Varun Singh wrote:
>> Okay, so is 'not-creating-new-interfaces' a feature unique to
>> strongSwan or is it common for all VPN servers? Reason I am asking is,
>> may be I have misunderstood what the expert was saying. If no
Am Mittwoch, 18. Januar 2017, 18:38:51 schrieb Noel Kuntze:
> On 18.01.2017 18:37, Varun Singh wrote:
> > Okay, so is 'not-creating-new-interfaces' a feature unique to
> > strongSwan or is it common for all VPN servers? Reason I am asking is,
> > may be I have misunderstood what the expert was sayi
On 18.01.2017 18:42, Michael Schwartzkopff wrote:
> Old versions of openswan / freeswan did create interfaces.
KLIPS, which libreswan also supports, right?
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Just a minor point. OpenVPN can create tun interfaces, although that one
interface is associated with all the clients connecting to that port
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.28.100.1 P-t-P:172.28.100.1 Mask:255.255.25
On 18.01.2017 19:23, Eric Germann wrote:
> Just a minor point. OpenVPN can create tun interfaces, although that one
> interface is associated with all the clients connecting to that port
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>
> On Jan 18, 2017, at 1:25 PM, Noel Kuntze wrote:
>
>
Show me how to get SNMP stats per connection definition so we don’t have to use
NetFlow and I’m all in.
> Unrelated to the topic: Please try to avoid using the old, unmaintained, bug
> ridden net-tools. Use iproute2 for everything (w
On 18.01.2017 19:27, Eric Germann wrote:
> Show me how to get SNMP stats per connection definition so we don’t have to
> use NetFlow and I’m all in.
What are SNMP stats for you? What `netstat` prints? iproute2 has `ss` for that.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID:
Am Mittwoch, 18. Januar 2017, 13:27:58 schrieb Eric Germann:
> > On Jan 18, 2017, at 1:25 PM, Noel Kuntze wrote:
>
>
>
>
> Show me how to get SNMP stats per connection definition so we don’t have to
> use NetFlow and I’m all in.
> > Unrelated to the topic: Please try to avoid using the old, un
26 matches
Mail list logo
