4. Is there any limit on maximum number of ipsec tunnels

Is there any limit on maximum number of ipsec tunnels

  • M

    Hi,
    I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located  in different part of the world. I am wondering is there any limit?
    if no what is the meaning of this

    /var/etc/ipsec/strongswan.conf

    charon {

    number of worker threads in charon

    threads = 16
            ikesa_table_size = 32

    0

  • It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
    FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings.

    0
  • A

    Hello
    I've 50 phase 1 and 150 phase 2 on my pfsense server (hp G8).

    CPU Type	Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz
8 CPUs: 2 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Hardware crypto	AES-CBC,AES-XTS,AES-GCM,AES-ICM

    The last tunnel I created is causing trouble. Phases 1 and 2 UP from time to time and when they are UP, I have no traffic passed.

    I tested this vpn on a virtual machine pfsense and everything is OK.

    I wonder if I'm reaching a tunnel limit. If yes, how to properly modify the ikesa_table_size value to 1024 so that it is taken into account in case of reboot / upgrade?

    Thank you for your help.

    0
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy