Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Status/ipsec very slow

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      itbinfo
      last edited by

      Access to status/ipsec (overview) is very slow (2mn)
      pfSense-2.0-RC1-4g-i386-20110419-2338

      i have 11 ipsec tunnels

      Status/system logs/ipsec is also very slow…

      Saving changes in ipsec config is fast if mode is agressive and slow if mode is main
      Apply changes = 3 mn

      is it normal or bad config or anything else ?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You said you have 11 tunnels, but how many phase 2 entries do you have total?

        The only reason those usually slow down is because there are very large SAD/SPD contents, which you can also check on Status > IPsec, or by running

        setkey -D
setkey -DP

        From the shell or Diagnostics > Command.

        Are you using any hostnames as endpoints or only IP addresses? DNS resolution timeouts could also contribute to slowness.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • I
          itbinfo
          last edited by

          there 1 one phase 2 per tunnel

          i have
          20 SAD
          24 SPD

          Are you using any hostnames as endpoints
          yes, all enpoints are dynamic ip with a dyndns hostname

          1 Reply Last reply Reply Quote 0
          • I
            itbinfo
            last edited by

            i have changed dns config

            System: General Setup

            i have uncheched
            Allow DNS server list to be overridden by DHCP/PPP on WAN

            and i have added the isp dns server (the same as before) in the edit box with use gateway selected

            and now i can put ipsec/status on the dashboard

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.