Is there any limit on maximum number of ipsec tunnels
-
Hi,
I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located in different part of the world. I am wondering is there any limit?
if no what is the meaning of this/var/etc/ipsec/strongswan.conf
charon {
number of worker threads in charon
threads = 16
ikesa_table_size = 32 -
It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings. -
Hello
I've 50 phase 1 and 150 phase 2 on my pfsense server (hp G8).CPU Type Intel(R) Xeon(R) CPU E5-2643 0 @ 3.30GHz 8 CPUs: 2 package(s) x 4 core(s) AES-NI CPU Crypto: Yes (active) Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
The last tunnel I created is causing trouble. Phases 1 and 2 UP from time to time and when they are UP, I have no traffic passed.
I tested this vpn on a virtual machine pfsense and everything is OK.
I wonder if I'm reaching a tunnel limit. If yes, how to properly modify the ikesa_table_size value to 1024 so that it is taken into account in case of reboot / upgrade?
Thank you for your help.