4. Is there any limit on maximum number of ipsec tunnels

Is there any limit on maximum number of ipsec tunnels

  • M

    Hi,
    I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located  in different part of the world. I am wondering is there any limit?
    if no what is the meaning of this

    /var/etc/ipsec/strongswan.conf

    charon {

    number of worker threads in charon

    threads = 16
            ikesa_table_size = 32

    0

  • It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
    FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings.

    0
  • A

    Hello
    I've 50 phase 1 and 150 phase 2 on my pfsense server (hp G8).

    CPU Type	Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
8 CPUs: 2 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Hardware crypto	AES-CBC,AES-XTS,AES-GCM,AES-ICM

    The last tunnel I created is causing trouble. Phases 1 and 2 UP from time to time and when they are UP, I have no traffic passed.

    I tested this vpn on a virtual machine pfsense and everything is OK.

    I wonder if I'm reaching a tunnel limit. If yes, how to properly modify the ikesa_table_size value to 1024 so that it is taken into account in case of reboot / upgrade?

    Thank you for your help.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy