Lots of SPIs for one tunnel - High RAM ?
-
Hi,
I'm experiencing a lot of SPIs created (267) for a tunnel running from A to C, while running a tunnel from B to C with exactly the same configuration just results in 4 SPIs created.
Site A
ipsec status con3 | grep INSTALLED | wc -l
267Site B
ipsec status con2 | grep INSTALLED | wc -l
4Any idea what might cause this behaviour ? I think this is what slowly fills up my RAM on Site A untill the box doesn't respond anymore...
ThanK you in advance.
-
Highly doubtful those are filling your RAM but it could be causing issues.
When a tunnel is rekeyed the old one is kept around until its lifetime expires.
I would look at the IPsec logs and see who is initiating the tunnels when one already exists. When that is determined, attempt to figure out why they are doing that.