[BACK]Return to load-tester.conf CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins / load-tester.conf
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Mar 17 00:20:08 2021 UTC (4 years, 9 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, HEAD
strongswan 5.9.2

    1: # Section to configure the load-tester plugin, see LOAD TESTS in
    2: # strongswan.conf(5) for details.
    3: load-tester {
    4: 
    5:     # Whether to keep dynamic addresses even after the associated SA got
    6:     # terminated.
    7:     # addrs_keep = no
    8: 
    9:     # Network prefix length to use when installing dynamic addresses. If set to
   10:     # -1 the full address is used (i.e. 32 or 128).
   11:     # addrs_prefix = 16
   12: 
   13:     # Directory to load (intermediate) CA certificates from.
   14:     # ca_dir =
   15: 
   16:     # Seconds to start CHILD_SA rekeying after setup.
   17:     # child_rekey = 600
   18: 
   19:     # URI to a CRL to include as certificate distribution point in generated
   20:     # certificates.
   21:     # crl =
   22: 
   23:     # Delay between initiations for each thread.
   24:     # delay = 0
   25: 
   26:     # Delete an IKE_SA as soon as it has been established.
   27:     # delete_after_established = no
   28: 
   29:     # Digest algorithm used when issuing certificates.
   30:     # digest = sha1
   31: 
   32:     # DPD delay to use in load test.
   33:     # dpd_delay = 0
   34: 
   35:     # Base port to be used for requests (each client uses a different port).
   36:     # dynamic_port = 0
   37: 
   38:     # EAP secret to use in load test.
   39:     # eap_password = default-pwd
   40: 
   41:     # Enable the load testing plugin. WARNING: Never enable this plugin on
   42:     # productive systems. It provides preconfigured credentials and allows an
   43:     # attacker to authenticate as any user.
   44:     # enable = no
   45: 
   46:     # CHILD_SA proposal to use for load tests.
   47:     # esp = aes128-sha1
   48: 
   49:     # Fake the kernel interface to allow load-testing against self.
   50:     # fake_kernel = no
   51: 
   52:     # Seconds to start IKE_SA rekeying after setup.
   53:     # ike_rekey = 0
   54: 
   55:     # Global limit of concurrently established SAs during load test.
   56:     # init_limit = 0
   57: 
   58:     # Address to initiate from.
   59:     # initiator = 0.0.0.0
   60: 
   61:     # Authentication method(s) the initiator uses.
   62:     # initiator_auth = pubkey
   63: 
   64:     # Initiator ID used in load test.
   65:     # initiator_id =
   66: 
   67:     # Initiator ID to match against as responder.
   68:     # initiator_match =
   69: 
   70:     # Traffic selector on initiator side, as proposed by initiator.
   71:     # initiator_tsi =
   72: 
   73:     # Traffic selector on responder side, as proposed by initiator.
   74:     # initiator_tsr =
   75: 
   76:     # Number of concurrent initiator threads to use in load test.
   77:     # initiators = 0
   78: 
   79:     # Path to the issuer certificate (if not configured a hard-coded default
   80:     # value is used).
   81:     # issuer_cert =
   82: 
   83:     # Path to private key that is used to issue certificates (if not configured
   84:     # a hard-coded default value is used).
   85:     # issuer_key =
   86: 
   87:     # Number of IKE_SAs to initiate by each initiator in load test.
   88:     # iterations = 1
   89: 
   90:     # Whether to load the plugin. Can also be an integer to increase the
   91:     # priority of this plugin.
   92:     load = yes
   93: 
   94:     # IPsec mode to use, one of tunnel, transport, or beet.
   95:     # mode = tunnel
   96: 
   97:     # Provide INTERNAL_IPV4_ADDRs from a named pool.
   98:     # pool =
   99: 
  100:     # Preshared key to use in load test.
  101:     # preshared_key = <default-psk>
  102: 
  103:     # IKE proposal to use in load test.
  104:     # proposal = aes128-sha1-modp768
  105: 
  106:     # Request an INTERNAL_IPV4_ADDR and INTERNAL_IPV6_ADDR from the server.
  107:     # request_virtual_ip = no
  108: 
  109:     # Address to initiation connections to.
  110:     # responder = 127.0.0.1
  111: 
  112:     # Authentication method(s) the responder uses.
  113:     # responder_auth = pubkey
  114: 
  115:     # Responder ID used in load test.
  116:     # responder_id =
  117: 
  118:     # Traffic selector on initiator side, as narrowed by responder.
  119:     # responder_tsi = initiator_tsi
  120: 
  121:     # Traffic selector on responder side, as narrowed by responder.
  122:     # responder_tsr = initiator_tsr
  123: 
  124:     # Shutdown the daemon after all IKE_SAs have been established.
  125:     # shutdown_when_complete = no
  126: 
  127:     # Socket provided by the load-tester plugin.
  128:     # socket = unix://${piddir}/charon.ldt
  129: 
  130:     # IKE version to use (0 means use IKEv2 as initiator and accept any version
  131:     # as responder).
  132:     # version = 0
  133: 
  134:     # Section that contains key/value pairs with address pools (in CIDR
  135:     # notation) to use for a specific network interface e.g. eth0 =
  136:     # 10.10.0.0/16.
  137:     addrs {
  138: 
  139:     }
  140: 
  141: }
  142:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>