Is there any limit on maximum number of ipsec tunnels

manishchawla2017

Hi,
I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located  in different part of the world. I am wondering is there any limit?
if no what is the meaning of this

/var/etc/ipsec/strongswan.conf

charon {

number of worker threads in charon

threads = 16
        ikesa_table_size = 32

dotdash

It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings.

Arnros

Hello
I've 50 phase 1 and 150 phase 2 on my pfsense server (hp G8).

CPU Type	Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
8 CPUs: 2 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Hardware crypto	AES-CBC,AES-XTS,AES-GCM,AES-ICM

The last tunnel I created is causing trouble. Phases 1 and 2 UP from time to time and when they are UP, I have no traffic passed.

I tested this vpn on a virtual machine pfsense and everything is OK.

I wonder if I'm reaching a tunnel limit. If yes, how to properly modify the ikesa_table_size value to 1024 so that it is taken into account in case of reboot / upgrade?

Thank you for your help.