PfSense - Web Configurator crash with 150 + ipsec tunnels

TheBlast

Hi there,
I'm trying to replace an old box with IPCop by a new one withe PFSense.
Looks like a great product but one things puzzles me.
The configuration is quite simple : two wans, Lan and DMZ, OpenVPN and 150 + Ipsec tunnels.

With RC1, RC2 and RC3, I experienced web configurator not responding after trying to get the IPSec status.
Restarting the weconfigurator through SSH did not help : only a reboot could do the job.

Is there a way to debug ? Looks like a php-helper job / process which stucks the webconfigurator.

cmb

You using dyndns names for the remote endpoints? Seth has done some where in that area to ensure large scale IPsec functions, he has 400+ connections on one system all with dyndns. There are some considerations there though, like he has to make sure to use an internal DNS server that has the hostnames cached, otherwise all the DNS lookups take forever going out to the Internet.

TheBlast

Hi,
yes, some tunnels are configured to use a FQDN with a domain 'hosted' by dns (with a very low TTL, making the cache useless).
And the problem get worse when the internet line is down so you must be right.

Thanks a lot !