1 .SH LOGGER CONFIGURATION
3 .BR strongswan.conf (5)
4 provide a much more flexible way to configure loggers for the IKE daemon charon
11 If any loggers are specified in strongswan.conf,
13 does not have any effect.
15 There are currently two types of loggers:
18 Log directly to a file and are defined by specifying the full path to the
19 file as subsection in the
21 section. To log to the console the two special filenames
22 .BR stdout " and " stderr
26 Log into a syslog facility and are defined by specifying the facility to log to
27 as the name of a subsection in the
29 section. The following facilities are currently supported:
30 .BR daemon " and " auth .
32 Multiple loggers can be defined for each type with different log verbosity for
33 the different subsystems of the daemon.
38 Main daemon setup/cleanup/signal handling
41 IKE_SA manager, handling synchronization for IKE_SA access
50 Jobs queueing/processing and thread pool management
53 Configuration management and plugins
56 IPsec/Networking kernel interface
59 IKE network communication
62 Low-level encoding/decoding (ASN.1, X.509 etc.)
65 Packet encoding/decoding encryption/decryption operations
68 libtls library messages
71 libipsec library messages
74 libstrongwan library messages
77 Trusted Network Connect
80 Integrity Measurement Collector
83 Integrity Measurement Verifier
86 Platform Trust Service
93 Very basic auditing logs, (e.g. SA up/SA down)
96 Generic control flow with errors, a good default to see whats going on
99 More detailed debugging control flow
102 Including RAW data dumps in Hex
105 Also include sensitive material in dumps, e.g. keys
111 /var/log/charon.log {
112 time_format = %b %e %T
123 # enable logging to LOG_DAEMON, use defaults
126 # minimalistic IKE auditing logging to LOG_AUTHPRIV
135 .SH JOB PRIORITY MANAGEMENT
136 Some operations in the IKEv2 daemon charon are currently implemented
137 synchronously and blocking. Two examples for such operations are communication
138 with a RADIUS server via EAP-RADIUS, or fetching CRL/OCSP information during
139 certificate chain verification. Under high load conditions, the thread pool may
140 run out of available threads, and some more important jobs, such as liveness
141 checking, may not get executed in time.
143 To prevent thread starvation in such situations job priorities were introduced.
144 The job processor will reserve some threads for higher priority jobs, these
145 threads are not available for lower priority, locking jobs.
147 Currently 4 priorities have been defined, and they are used in charon as
151 Priority for long-running dispatcher jobs.
154 INFORMATIONAL exchanges, as used by liveness checking (DPD).
157 Everything not HIGH/LOW, including IKE_SA_INIT processing.
160 IKE_AUTH message processing. RADIUS and CRL fetching block here
162 Although IKE_SA_INIT processing is computationally expensive, it is explicitly
163 assigned to the MEDIUM class. This allows charon to do the DH exchange while
164 other threads are blocked in IKE_AUTH. To prevent the daemon from accepting more
165 IKE_SA_INIT requests than it can handle, use IKE_SA_INIT DROPPING.
167 The thread pool processes jobs strictly by priority, meaning it will consume all
168 higher priority jobs before looking for ones with lower priority. Further, it
169 reserves threads for certain priorities. A priority class having reserved
171 threads will always have
173 threads available for this class (either currently processing a job, or waiting
176 To ensure that there are always enough threads available for higher priority
177 tasks, threads must be reserved for each priority class.
179 .BR charon.processor.priority_threads.critical " [0]"
180 Threads reserved for CRITICAL priority class jobs
182 .BR charon.processor.priority_threads.high " [0]"
183 Threads reserved for HIGH priority class jobs
185 .BR charon.processor.priority_threads.medium " [0]"
186 Threads reserved for MEDIUM priority class jobs
188 .BR charon.processor.priority_threads.low " [0]"
189 Threads reserved for LOW priority class jobs
191 Let's consider the following configuration:
204 With this configuration, one thread is reserved for HIGH priority tasks. As
205 currently only liveness checking and stroke message processing is done with
206 high priority, one or two threads should be sufficient.
208 The MEDIUM class mostly processes non-blocking jobs. Unless your setup is
209 experiencing many blocks in locks while accessing shared resources, threads for
210 one or two times the number of CPU cores is fine.
212 It is usually not required to reserve threads for CRITICAL jobs. Jobs in this
213 class rarely return and do not release their thread to the pool.
215 The remaining threads are available for LOW priority jobs. Reserving threads
216 does not make sense (until we have an even lower priority).
218 To see what the threads are actually doing, invoke
219 .IR "ipsec statusall" .
220 Under high load, something like this will show up:
223 worker threads: 2 or 32 idle, 5/1/2/22 working,
224 job queue: 0/0/1/149, scheduled: 198
227 From 32 worker threads,
231 are running CRITICAL priority jobs (dispatching from sockets, etc.).
233 is currently handling a HIGH priority job. This is actually the thread currently
234 providing this information via stroke.
236 are handling MEDIUM priority jobs, likely IKE_SA_INIT or CREATE_CHILD_SA
239 are handling LOW priority jobs, probably waiting for an EAP-RADIUS response
240 while processing IKE_AUTH messages.
242 The job queue load shows how many jobs are queued for each priority, ready for
243 execution. The single MEDIUM priority job will get executed immediately, as
244 we have two spare threads reserved for MEDIUM class jobs.
246 .SH IKE_SA_INIT DROPPING
247 If a responder receives more connection requests per seconds than it can handle,
248 it does not make sense to accept more IKE_SA_INIT messages. And if they are
249 queued but can't get processed in time, an answer might be sent after the
250 client has already given up and restarted its connection setup. This
251 additionally increases the load on the responder.
253 To limit the responder load resulting from new connection attempts, the daemon
254 can drop IKE_SA_INIT messages just after reception. There are two mechanisms to
255 decide if this should happen, configured with the following options:
257 .BR charon.init_limit_half_open " [0]"
258 Limit based on the number of half open IKE_SAs. Half open IKE_SAs are SAs in
259 connecting state, but not yet established.
261 .BR charon.init_limit_job_load " [0]"
262 Limit based on the number of jobs currently queued for processing (sum over all
265 The second limit includes load from other jobs, such as rekeying. Choosing a
266 good value is difficult and depends on the hardware and expected load.
268 The first limit is simpler to calculate, but includes the load from new
269 connections only. If your responder is capable of negotiating 100 tunnels/s, you
270 might set this limit to 1000. The daemon will then drop new connection attempts
271 if generating a response would require more than 10 seconds. If you are
272 allowing for a maximum response time of more than 30 seconds, consider adjusting
273 the timeout for connecting IKE_SAs
274 .RB ( charon.half_open_timeout ).
275 A responder, by default, deletes an IKE_SA if the initiator does not establish
276 it within 30 seconds. Under high load, a higher value might be required.
279 To do stability testing and performance optimizations, the IKE daemon charon
280 provides the \fIload-tester\fR plugin. This plugin allows one to setup thousands
281 of tunnels concurrently against the daemon itself or a remote host.
284 Never enable the load-testing plugin on productive systems. It provides
285 preconfigured credentials and allows an attacker to authenticate as any user.
287 .SS Configuration details
288 For public key authentication, the responder uses the
289 .B \(dqCN=srv, OU=load-test, O=strongSwan\(dq
290 identity. For the initiator, each connection attempt uses a different identity
292 .BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
293 where the first number inidicates the client number, the second the
294 authentication round (if multiple authentication rounds are used).
296 For PSK authentication, FQDN identities are used. The server uses
297 .BR srv.strongswan.org ,
298 the client uses an identity in the form
299 .BR c1-r1.strongswan.org .
301 For EAP authentication, the client uses a NAI in the form
302 .BR 100000000010001@strongswan.org .
304 To configure multiple authentication rounds, concatenate multiple methods using,
307 initiator_auth = pubkey|psk|eap-md5|eap-aka
310 The responder uses a hardcoded certificate based on a 1024-bit RSA key.
311 This certificate additionally serves as CA certificate. A peer uses the same
312 private key, but generates client certificates on demand signed by the CA
313 certificate. Install the Responder/CA certificate on the remote host to
314 authenticate all clients.
316 To speed up testing, the load tester plugin implements a special Diffie-Hellman
317 implementation called \fImodpnull\fR. By setting
319 proposal = aes128-sha1-modpnull
321 this wicked fast DH implementation is used. It does not provide any security
322 at all, but allows one to run tests without DH calculation overhead.
325 In the simplest case, the daemon initiates IKE_SAs against itself using the
326 loopback interface. This will actually establish double the number of IKE_SAs,
327 as the daemon is initiator and responder for each IKE_SA at the same time.
328 Installation of IPsec SAs would fail, as each SA gets installed twice. To
329 simulate the correct behavior, a fake kernel interface can be enabled which does
330 not install the IPsec SAs at the kernel level.
332 A simple loopback configuration might look like this:
336 # create new IKE_SAs for each CHILD_SA to simulate
339 # turn off denial of service protection
346 # use 4 threads to initiate connections
349 # each thread initiates 1000 connections
351 # delay each initiation in each thread by 20ms
353 # enable the fake kernel interface to
361 This will initiate 4000 IKE_SAs within 20 seconds. You may increase the delay
362 value if your box can not handle that much load, or decrease it to put more
363 load on it. If the daemon starts retransmitting messages your box probably can
364 not handle all connection attempts.
366 The plugin also allows one to test against a remote host. This might help to
367 test against a real world configuration. A connection setup to do stress
368 testing of a gateway might look like this:
378 # 10000 connections, ten in parallel
381 # use a delay of 100ms, overall time is:
382 # iterations * delay = 100s
384 # address of the gateway
386 # IKE-proposal to use
387 proposal = aes128-sha1-modp1024
388 # use faster PSK authentication instead
392 # request a virtual IP using configuration
394 request_virtual_ip = yes
395 # enable CHILD_SA every 60s
402 .SH IKEv2 RETRANSMISSION
403 Retransmission timeouts in the IKEv2 daemon charon can be configured globally
404 using the three keys listed below:
408 .BR charon.retransmit_base " [1.8]"
409 .BR charon.retransmit_timeout " [4.0]"
410 .BR charon.retransmit_tries " [5]"
414 The following algorithm is used to calculate the timeout:
417 relative timeout = retransmit_timeout * retransmit_base ^ (n-1)
422 is the current retransmission count.
424 Using the default values, packets are retransmitted in:
430 Retransmission Relative Timeout Absolute Timeout
441 The variables used above are configured as follows:
447 ${random_device} @random_device@
448 ${urandom_device} @urandom_device@
456 /etc/strongswan.conf configuration file
457 /etc/strongswan.d/ directory containing included config snippets
458 /etc/strongswan.d/charon/ plugin specific config snippets
463 \fBipsec.conf\fR(5), \fBipsec.secrets\fR(5), \fBipsec\fR(8), \fBcharon-cmd\fR(8)
467 .UR http://www.strongswan.org
470 by Tobias Brunner, Andreas Steffen and Martin Willi.