<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
I think you are on the wrong list. Charon = Strongswan, pluto =
Libreswan/Openswan.<br>
<br>
<div class="moz-cite-prefix">On 17/11/2020 23:02, Liam Schönberg
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:AM7PR09MB3704809DD7D49AB474240314F0E20@AM7PR09MB3704.eurprd09.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Hi,</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
I'm encountering the situation where Charon crashes after trying
to initiate 990+ IKE SAs. What we're trying to do here is a
stress test against our VPN server.</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: 13[IKE]
IKE_SA CONN00988[988] established between
100.84.217.47[INIT00988]...1.2.3.4[1.2.3.4]
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 13[ENC]
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 13[NET]
sending packet: from 100.84.217.47[10988] to 1.2.3.4[4500]
(108 bytes)</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 13[ENC]
generating QUICK_MODE request 4075658581 [ HASH SA No KE ID ID
]</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 13[NET]
sending packet: from 100.84.217.47[10988] to 1.2.3.4[4500]
(316 bytes)</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 05[IKE]
initiating Aggressive Mode IKE_SA CONN00997[997] to 1.2.3.4</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 05[ENC]
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 05[NET]
sending packet: from 100.84.217.47[10997] to 1.2.3.4[4500]
(367 bytes)</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 06[CFG]
received stroke: add connection 'CONN00998'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 06[CFG] added
configuration 'CONN00998'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: 13[IK***
buffer overflow detected ***: /usr/lib/ipsec/charon terminated</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 charon: 10[CFG]
received stroke: initiate '10_akei00998'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: reading
stroke response failed</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]:
connecting to 'unix:///var/run/charon.ctl' failed: Connection
refused</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: failed
to connect to stroke socket 'unix:///var/run/charon.ctl'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]:
connecting to 'unix:///var/run/charon.ctl' failed: Connection
refused</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: failed
to connect to stroke socket 'unix:///var/run/charon.ctl'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]:
connecting to 'unix:///var/run/charon.ctl' failed: Connection
refused</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: failed
to connect to stroke socket 'unix:///var/run/charon.ctl'</div>
<div>> Nov 17 21:54:24 ip-100-84-217-47 ipsec[2175]: charon
has died -- restart scheduled (5sec)</div>
<div>> Nov 17 21:54:25 ip-100-84-217-47 systemd[1]: Started
Session 4 of user ubuntu.</div>
<div>> Nov 17 21:54:29 ip-100-84-217-47 charon: 00[DMN]
Starting IKE charon daemon (strongSwan 5.6.2, Linux
5.4.0-1029-aws, x86_64)</div>
</div>
<br>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);">Could anybody tell me
what I should do differently, so that it can initiate up to
20,000 IKE SAs? Here's the config I'm using on the initiator
side...</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);"><br>
</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);">> config setup
<div>> conn %default</div>
<div>> right=1.2.3.4</div>
<div>> ikelifetime=3600s</div>
<div>> keylife=28800s</div>
<div>> rekeymargin=3m</div>
<div>> keyingtries=1</div>
<div>> keyexchange=ikev1</div>
<div>> leftauth=psk</div>
<div>> rightauth=psk</div>
<div>> ike=aes128-sha1-modp1024!</div>
<div>> esp=aes128-sha1-modp1024!</div>
<div>> authby=secret</div>
<div>> aggressive=yes</div>
<div>> rightsubnet=100.110.171.0/24</div>
<div>> auto=add</div>
<div>> conn CONN00001</div>
<div>> leftid=@INIT00001</div>
<div>> leftsubnet=10.1.1.0/24</div>
<div>> leftikeport=10001</div>
> rightikeport=4500<br>
</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);"><br>
</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);">Any suggestions or
comments would be greatly appreciated.</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);"><br>
</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);">Best regards,</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);"><br>
</span></font></div>
<div><font face="Calibri, Helvetica, sans-serif" color="#000000"><span
style="caret-color: rgb(0, 0, 0);">jellybeanshiba</span></font></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
</body>
</html>