• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Status/ipsec very slow

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
4 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    itbinfo
    last edited by Apr 20, 2011, 8:15 AM

    Access to status/ipsec (overview) is very slow (2mn)
    pfSense-2.0-RC1-4g-i386-20110419-2338

    i have 11 ipsec tunnels

    Status/system logs/ipsec is also very slow…

    Saving changes in ipsec config is fast if mode is agressive and slow if mode is main
    Apply changes = 3 mn

    is it normal or bad config or anything else ?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Apr 21, 2011, 6:14 PM

      You said you have 11 tunnels, but how many phase 2 entries do you have total?

      The only reason those usually slow down is because there are very large SAD/SPD contents, which you can also check on Status > IPsec, or by running

      setkey -D
setkey -DP

      From the shell or Diagnostics > Command.

      Are you using any hostnames as endpoints or only IP addresses? DNS resolution timeouts could also contribute to slowness.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • I
        itbinfo
        last edited by Apr 21, 2011, 9:22 PM

        there 1 one phase 2 per tunnel

        i have
        20 SAD
        24 SPD

        Are you using any hostnames as endpoints
        yes, all enpoints are dynamic ip with a dyndns hostname

        1 Reply Last reply Reply Quote 0
        • I
          itbinfo
          last edited by Apr 29, 2011, 5:28 PM

          i have changed dns config

          System: General Setup

          i have uncheched
          Allow DNS server list to be overridden by DHCP/PPP on WAN

          and i have added the isp dns server (the same as before) in the edit box with use gateway selected

          and now i can put ipsec/status on the dashboard

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            [[user:consent.lead]]
            [[user:consent.not_received]]