Status/ipsec very slow
Access to status/ipsec (overview) is very slow (2mn)
i have 11 ipsec tunnels
Status/system logs/ipsec is also very slow…
Saving changes in ipsec config is fast if mode is agressive and slow if mode is main
Apply changes = 3 mn
is it normal or bad config or anything else ?
You said you have 11 tunnels, but how many phase 2 entries do you have total?
The only reason those usually slow down is because there are very large SAD/SPD contents, which you can also check on Status > IPsec, or by running
setkey -D setkey -DP
From the shell or Diagnostics > Command.
Are you using any hostnames as endpoints or only IP addresses? DNS resolution timeouts could also contribute to slowness.
there 1 one phase 2 per tunnel
Are you using any hostnames as endpoints
yes, all enpoints are dynamic ip with a dyndns hostname
i have changed dns config
System: General Setup
i have uncheched
Allow DNS server list to be overridden by DHCP/PPP on WAN
and i have added the isp dns server (the same as before) in the edit box with use gateway selected
and now i can put ipsec/status on the dashboard