Is there any limit on maximum number of ipsec tunnels
manishchawla2017 last edited by
I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located in different part of the world. I am wondering is there any limit?
if no what is the meaning of this
threads = 16
ikesa_table_size = 32
dotdash last edited by
It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings.
Arnros last edited by
I've 50 phase 1 and 150 phase 2 on my pfsense server (hp G8).
CPU Type Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz 8 CPUs: 2 package(s) x 4 core(s) AES-NI CPU Crypto: Yes (active) Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
The last tunnel I created is causing trouble. Phases 1 and 2 UP from time to time and when they are UP, I have no traffic passed.
I tested this vpn on a virtual machine pfsense and everything is OK.
I wonder if I'm reaching a tunnel limit. If yes, how to properly modify the ikesa_table_size value to 1024 so that it is taken into account in case of reboot / upgrade?
Thank you for your help.