IPsec service very slow, sometimes timeouts



  • Hello pfsense community,
    our company is currently testing the pfsense firewall, which should replace our current Securepoint UTM. Unfortunately we face a problem with the IPsec service. We have about 81 IPsec tunnels to customers. After creating the tunnels the ipsec service is becoming very slow. After clicking the "Apply Changes" Button it takes minutes before the changes were made. Often we get a nginx 504 Timeout error. After a reboot the ipsec service needs about 10 - 15 minutes to start. If we disable most of the tunnels, the service is way faster. Do you have an idea whats wrong here? The hardware is a Server with a Quad-Core Xeon (AES-NI enabled), 8GB DDR3-ECC Ram, 2x RAID1 SSD, several Intel X710 network interfaces.
    Thank you.



  • @cyren91 Hello Cyren, please provide information about the system loads while the problem is occurring. How is the CPU and RAM utilization?



  • During the problem, the Memory usage is about 6% of 8052MiB, the cpu usage is about 30%. In Idle mode the cpu usage is at 5-10% and the RAM at 6%.
    We also have a second system (same hardware) with 24 tunnels, applying changes there take just a second.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy