[strongSwan] Getting started with Load Test Plugin

Sat, 01 Aug 2015 15:37:54 -0700
I'm trying to get familiar with the load test plugin. To start, I'm trying the self test [ https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests#Testing-against-self ] 


I'm obviously doing something wrong, I can't even get one (two total if 
I understand correctly) connection up.



I setup Ubuntu 14.04 LTS on Virtual Box, enabled the plugin via 
./configure, built and installed fresh 5.3 from tarball.  Made charon 
changes in strongswan.conf as suggested on the Wiki:


root@u1404vb:/usr/local/etc# cat strongswan.conf
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files

charon {
        #load_modular = yes


        # create a new IKE_SA for each CHILD_SA to simulate different 
clients

        reuse_ikesa = no
        # turn off denial of service protection
        dos_protection = no

        plugins {

        load-tester {
            # enable the plugin
            enable = yes
            # use 4 threads to initiate connections simultaneously
            #initiators = 4
            initiators = 1
            # each thread initiates 1000 connections
            #iterations = 1000
            iterations = 1
            # delay each initiation in each thread by 20ms
            delay = 20
            # fake the kernel interface to avoid SA conflicts
            fake_kernel = yes
        }

                include strongswan.d/charon/*.conf
        }
}

include strongswan.d/*.conf
root@u1404vb:/usr/local/etc#


There are not other changes made, e.g. ipsec.conf and other files are 
exactly as they are after "make install"


syslog shows:



Aug  1 18:31:42 u1404vb charon: 00[DMN] Starting IKE charon daemon 
(strongSwan 5.3.0, Linux 3.13.0-61-generic, x86_64)
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading ca certificates from 
'/usr/local/etc/ipsec.d/cacerts'
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading aa certificates from 
'/usr/local/etc/ipsec.d/aacerts'
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading ocsp signer certificates 
from '/usr/local/etc/ipsec.d/ocspcerts'
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading attribute certificates 
from '/usr/local/etc/ipsec.d/acerts'
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading crls from 
'/usr/local/etc/ipsec.d/crls'
Aug  1 18:31:42 u1404vb charon: 00[CFG] loading secrets from 
'/usr/local/etc/ipsec.secrets'
Aug  1 18:31:42 u1404vb charon: 00[CFG]   loaded RSA private key from 
'/usr/local/etc/ipsec.d/private/myKey.der'
Aug  1 18:31:42 u1404vb charon: 00[LIB] loaded plugins: charon aes des 
rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 
pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac 
attr load-tester kernel-netlink resolve socket-default stroke updown 
xauth-generic

Aug  1 18:31:42 u1404vb charon: 00[JOB] spawning 16 worker threads

Aug  1 18:31:42 u1404vb charon: 13[IKE] initiating IKE_SA load-test[1] 
to 127.0.0.1
Aug  1 18:31:42 u1404vb charon: 13[ENC] generating IKE_SA_INIT request 0 
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Aug  1 18:31:42 u1404vb charon: 13[NET] sending packet: from 
127.0.0.1[500] to 127.0.0.1[500] (288 bytes)
Aug  1 18:31:42 u1404vb charon: 12[NET] received packet: from 
127.0.0.1[500] to 127.0.0.1[500] (288 bytes)
Aug  1 18:31:42 u1404vb charon: 12[ENC] parsed IKE_SA_INIT request 0 [ 
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]

Aug  1 18:31:42 u1404vb charon: 12[IKE] 127.0.0.1 is initiating an IKE_SA

Aug  1 18:31:42 u1404vb charon: 12[IKE] sending cert request for 
"CN=srv, OU=load-test, O=strongSwan"
Aug  1 18:31:42 u1404vb charon: 12[ENC] generating IKE_SA_INIT response 
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug  1 18:31:42 u1404vb charon: 12[NET] sending packet: from 
127.0.0.1[500] to 127.0.0.1[500] (321 bytes)
Aug  1 18:31:42 u1404vb charon: 03[NET] received packet: from 
127.0.0.1[500] to 127.0.0.1[500] (321 bytes)
Aug  1 18:31:42 u1404vb charon: 03[ENC] parsed IKE_SA_INIT response 0 [ 
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug  1 18:31:42 u1404vb charon: 03[IKE] received IKE_SA_INIT response, 
but expected EXCHANGE_TYPE_UNDEFINED
Aug  1 18:31:46 u1404vb charon: 04[IKE] retransmit 1 of request with 
message ID 0
Aug  1 18:31:46 u1404vb charon: 04[NET] sending packet: from 
127.0.0.1[500] to 127.0.0.1[500] (288 bytes)
Aug  1 18:31:46 u1404vb charon: 06[NET] received packet: from 
127.0.0.1[500] to 127.0.0.1[500] (288 bytes)
Aug  1 18:31:46 u1404vb charon: 06[ENC] parsed IKE_SA_INIT request 0 [ 
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]

Aug  1 18:31:46 u1404vb charon: 06[IKE] 127.0.0.1 is initiating an IKE_SA

Aug  1 18:31:46 u1404vb charon: 06[IKE] sending cert request for 
"CN=srv, OU=load-test, O=strongSwan"
Aug  1 18:31:46 u1404vb charon: 06[ENC] generating IKE_SA_INIT response 
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug  1 18:31:46 u1404vb charon: 06[NET] sending packet: from 
127.0.0.1[500] to 127.0.0.1[500] (321 bytes)
Aug  1 18:31:46 u1404vb charon: 05[MGR] ignoring request with ID 0, 
already processing
Aug  1 18:32:12 u1404vb charon: 10[JOB] deleting half open IKE_SA after 
timeout
Aug  1 18:32:16 u1404vb charon: 07[JOB] deleting half open IKE_SA after 
timeout


root@u1404vb:/usr/local/etc# ipsec statusall

Status of IKE charon daemon (strongSwan 5.3.0, Linux 3.13.0-61-generic, 
x86_64):

  uptime: 2 minutes, since Aug 01 18:31:42 2015
  malloc: sbrk 2297856, mmap 0, used 263472, free 2034384

  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, 
scheduled: 0
  loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey 
pem fips-prf gmp xcbc cmac hmac attr load-tester kernel-netlink resolve 
socket-default stroke updown xauth-generic

Listening IP addresses:
  172.16.8.64
Connections:
   load-test:  127.0.0.1...0.0.0.0  IKEv1/2

   load-test:   local:  [CN=srv, OU=load-test, O=strongSwan] uses 
public key authentication
   load-test:   remote: [CN=*, OU=load-test, O=strongSwan] uses public 
key authentication

   load-test:   child:  dynamic === dynamic TUNNEL
Security Associations (0 up, 0 connecting):
  none
root@u1404vb:/usr/local/etc# ipsec --version
Linux strongSwan U5.3.0/K3.13.0-61-generic
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@u1404vb:/usr/local/etc#


I'm sure I'm missing something.

Any help appreciated

Thanks,
MikeC

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users














    











					Reply via email to