Annotation of embedaddon/strongswan/conf/plugins/load-tester.conf, revision 1.1.1.1
1.1 misho 1: # Section to configure the load-tester plugin, see LOAD TESTS in
2: # strongswan.conf(5) for details.
3: load-tester {
4:
5: # Whether to keep dynamic addresses even after the associated SA got
6: # terminated.
7: # addrs_keep = no
8:
9: # Network prefix length to use when installing dynamic addresses. If set to
10: # -1 the full address is used (i.e. 32 or 128).
11: # addrs_prefix = 16
12:
13: # Directory to load (intermediate) CA certificates from.
14: # ca_dir =
15:
16: # Seconds to start CHILD_SA rekeying after setup.
17: # child_rekey = 600
18:
19: # URI to a CRL to include as certificate distribution point in generated
20: # certificates.
21: # crl =
22:
23: # Delay between initiations for each thread.
24: # delay = 0
25:
26: # Delete an IKE_SA as soon as it has been established.
27: # delete_after_established = no
28:
29: # Digest algorithm used when issuing certificates.
30: # digest = sha1
31:
32: # DPD delay to use in load test.
33: # dpd_delay = 0
34:
35: # Base port to be used for requests (each client uses a different port).
36: # dynamic_port = 0
37:
38: # EAP secret to use in load test.
39: # eap_password = default-pwd
40:
41: # Enable the load testing plugin. WARNING: Never enable this plugin on
42: # productive systems. It provides preconfigured credentials and allows an
43: # attacker to authenticate as any user.
44: # enable = no
45:
46: # CHILD_SA proposal to use for load tests.
47: # esp = aes128-sha1
48:
49: # Fake the kernel interface to allow load-testing against self.
50: # fake_kernel = no
51:
52: # Seconds to start IKE_SA rekeying after setup.
53: # ike_rekey = 0
54:
55: # Global limit of concurrently established SAs during load test.
56: # init_limit = 0
57:
58: # Address to initiate from.
59: # initiator = 0.0.0.0
60:
61: # Authentication method(s) the initiator uses.
62: # initiator_auth = pubkey
63:
64: # Initiator ID used in load test.
65: # initiator_id =
66:
67: # Initiator ID to match against as responder.
68: # initiator_match =
69:
70: # Traffic selector on initiator side, as proposed by initiator.
71: # initiator_tsi =
72:
73: # Traffic selector on responder side, as proposed by initiator.
74: # initiator_tsr =
75:
76: # Number of concurrent initiator threads to use in load test.
77: # initiators = 0
78:
79: # Path to the issuer certificate (if not configured a hard-coded default
80: # value is used).
81: # issuer_cert =
82:
83: # Path to private key that is used to issue certificates (if not configured
84: # a hard-coded default value is used).
85: # issuer_key =
86:
87: # Number of IKE_SAs to initiate by each initiator in load test.
88: # iterations = 1
89:
90: # Whether to load the plugin. Can also be an integer to increase the
91: # priority of this plugin.
92: load = yes
93:
94: # IPsec mode to use, one of tunnel, transport, or beet.
95: # mode = tunnel
96:
97: # Provide INTERNAL_IPV4_ADDRs from a named pool.
98: # pool =
99:
100: # Preshared key to use in load test.
101: # preshared_key = <default-psk>
102:
103: # IKE proposal to use in load test.
104: # proposal = aes128-sha1-modp768
105:
106: # Request an INTERNAL_IPV4_ADDR from the server.
107: # request_virtual_ip = no
108:
109: # Address to initiation connections to.
110: # responder = 127.0.0.1
111:
112: # Authentication method(s) the responder uses.
113: # responder_auth = pubkey
114:
115: # Responder ID used in load test.
116: # responder_id =
117:
118: # Traffic selector on initiator side, as narrowed by responder.
119: # responder_tsi = initiator_tsi
120:
121: # Traffic selector on responder side, as narrowed by responder.
122: # responder_tsr = initiator_tsr
123:
124: # Shutdown the daemon after all IKE_SAs have been established.
125: # shutdown_when_complete = no
126:
127: # Socket provided by the load-tester plugin.
128: # socket = unix://${piddir}/charon.ldt
129:
130: # IKE version to use (0 means use IKEv2 as initiator and accept any version
131: # as responder).
132: # version = 0
133:
134: # Section that contains key/value pairs with address pools (in CIDR
135: # notation) to use for a specific network interface e.g. eth0 =
136: # 10.10.0.0/16.
137: addrs {
138:
139: }
140:
141: }
142:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>