summaryrefslogtreecommitdiff
path: root/conf/plugins/load-tester.conf
blob: e69c029d6263e78dd8850ca797ec93e486fb23b6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Section to configure the load-tester plugin, see LOAD TESTS in
# strongswan.conf(5) for details.
load-tester {

    # Whether to keep dynamic addresses even after the associated SA got
    # terminated.
    # addrs_keep = no

    # Network prefix length to use when installing dynamic addresses. If set to
    # -1 the full address is used (i.e. 32 or 128).
    # addrs_prefix = 16

    # Directory to load (intermediate) CA certificates from.
    # ca_dir =

    # Seconds to start CHILD_SA rekeying after setup.
    # child_rekey = 600

    # Delay between initiatons for each thread.
    # delay = 0

    # Delete an IKE_SA as soon as it has been established.
    # delete_after_established = no

    # Digest algorithm used when issuing certificates.
    # digest = sha1

    # DPD delay to use in load test.
    # dpd_delay = 0

    # Base port to be used for requests (each client uses a different port).
    # dynamic_port = 0

    # EAP secret to use in load test.
    # eap_password = default-pwd

    # Enable the load testing plugin. WARNING: Never enable this plugin on
    # productive systems. It provides preconfigured credentials and allows an
    # attacker to authenticate as any user.
    # enable = no

    # CHILD_SA proposal to use for load tests.
    # esp = aes128-sha1

    # Fake the kernel interface to allow load-testing against self.
    # fake_kernel = no

    # Seconds to start IKE_SA rekeying after setup.
    # ike_rekey = 0

    # Global limit of concurrently established SAs during load test.
    # init_limit = 0

    # Address to initiate from.
    # initiator = 0.0.0.0

    # Authentication method(s) the intiator uses.
    # initiator_auth = pubkey

    # Initiator ID used in load test.
    # initiator_id =

    # Initiator ID to match against as responder.
    # initiator_match =

    # Traffic selector on initiator side, as proposed by initiator.
    # initiator_tsi =

    # Traffic selector on responder side, as proposed by initiator.
    # initiator_tsr =

    # Number of concurrent initiator threads to use in load test.
    # initiators = 0

    # Path to the issuer certificate (if not configured a hard-coded default
    # value is used).
    # issuer_cert =

    # Path to private key that is used to issue certificates (if not configured
    # a hard-coded default value is used).
    # issuer_key =

    # Number of IKE_SAs to initiate by each initiator in load test.
    # iterations = 1

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

    # IPsec mode to use, one of tunnel, transport, or beet.
    # mode = tunnel

    # Provide INTERNAL_IPV4_ADDRs from a named pool.
    # pool =

    # Preshared key to use in load test.
    # preshared_key = <default-psk>

    # IKE proposal to use in load test.
    # proposal = aes128-sha1-modp768

    # Request an INTERNAL_IPV4_ADDR from the server.
    # request_virtual_ip = no

    # Address to initiation connections to.
    # responder = 127.0.0.1

    # Authentication method(s) the responder uses.
    # responder_auth = pubkey

    # Responder ID used in load test.
    # responder_id =

    # Traffic selector on initiator side, as narrowed by responder.
    # responder_tsi = initiator_tsi

    # Traffic selector on responder side, as narrowed by responder.
    # responder_tsr = initiator_tsr

    # Shutdown the daemon after all IKE_SAs have been established.
    # shutdown_when_complete = no

    # Socket provided by the load-tester plugin.
    # socket = unix://${piddir}/charon.ldt

    # IKE version to use (0 means use IKEv2 as initiator and accept any version
    # as responder).
    # version = 0

    # Section that contains key/value pairs with address pools (in CIDR
    # notation) to use for a specific network interface e.g. eth0 =
    # 10.10.0.0/16.
    addrs {

    }

}