Piling on SPI entries

hidalgo

I’m running a pfSense 2.2.2 with 2 vpn tunnels (to Fritzbox and to Draytek). On the status it shows many child SA entries (see attachment). Traffic works flawlessly but is that normal behavior? If not, what’s wrong and how to correct this?

![Bildschirmfoto 2015-05-03 um 11.52.22.png](/public/imported_attachments/1/Bildschirmfoto 2015-05-03 um 11.52.22.png)
![Bildschirmfoto 2015-05-03 um 11.52.22.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2015-05-03 um 11.52.22.png_thumb)

doktornotor

Yeah, you are about zillionth person reporting this. Please, search. Other than that, get latest 2.2.3 snapshot.

http://snapshots.pfsense.org/FreeBSD_releng/10.1/amd64/pfSense_RELENG_2_2/updates/
http://snapshots.pfsense.org/FreeBSD_releng/10.1/i386/pfSense_RELENG_2_2/updates/

hidalgo

After I updated I still have this on one of my vpn tunnel. Do I have to change the configuration of my vpn to the Fritzbox?

doktornotor

No idea. Strongswan == heap of beep

cmb

It's an artifact of rekeyed connections in some circumstance we haven't narrowed down yet. It doesn't appear to cause any problems though, and is safe to ignore.