IPSec Performance

muggidk · Sep 15, 2008, 1:03 PM

We have been using pfSense for a while and are very happy with it, epecially it's very user friendly web interface. But lately we have run into some problems:

We are running 32 IPSec tunnels on our pfSense box, and it takes ages for these connections to load whenever IPSec is restarted. It can take up to 24 hours befor they are all up and running again. We are running pfSense on a server with Intel Pentium 4, I think it is a 1 Ghz processor, and 128 MB Memory. Do we need to add more powerful hardware to fix this, or is it something else?!? At the moment I am trying to configure a tunnel, but for every change I have to wait 3 hours or more before I know if the tunnel connects.

Why is it not possible to just renegotiate the tunnel you are working on?

In the future our need for VPN tunnels will increase to several hundred. I have read somewhere on this forum that pfSense gets unstable when you have 100+ tunnels. What is the current situation?

Kind Regards,

Michael Sørensen

databeestje · Sep 15, 2008, 8:06 PM

Make sure to set a ping address so that the tunnel is initiated after such an event.

I have 390 draytek routers doing the same thing and they succeed in about 3 minutes.