1. Home
  2. pfSense® Software
  3. IPsec
  4. Lots of SPIs for one tunnel - High RAM ?

Lots of SPIs for one tunnel - High RAM ?

  • D

    Hi,

    I'm experiencing a lot of SPIs created (267) for a tunnel running from A to C, while running a tunnel from B to C with exactly the same configuration just results in 4 SPIs created.

    Site A
    ipsec status con3 | grep INSTALLED | wc -l
    267

    Site B
    ipsec status con2 | grep INSTALLED | wc -l
    4

    Any idea what might cause this behaviour ? I think this is what slowly fills up my RAM on Site A untill the box doesn't respond anymore...

    ThanK you in advance.

    0
  • Derelict
    LAYER 8 Netgate

    Highly doubtful those are filling your RAM but it could be causing issues.

    When a tunnel is rekeyed the old one is kept around until its lifetime expires.

    I would look at the IPsec logs and see who is initiating the tunnels when one already exists. When that is determined, attempt to figure out why they are doing that.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy