Status/ipsec very slow

  • Access to status/ipsec (overview) is very slow (2mn)

    i have 11 ipsec tunnels

    Status/system logs/ipsec is also very slow…

    Saving changes in ipsec config is fast if mode is agressive and slow if mode is main
    Apply changes = 3 mn

    is it normal or bad config or anything else ?

  • Rebel Alliance Developer Netgate

    You said you have 11 tunnels, but how many phase 2 entries do you have total?

    The only reason those usually slow down is because there are very large SAD/SPD contents, which you can also check on Status > IPsec, or by running

    setkey -D
    setkey -DP

    From the shell or Diagnostics > Command.

    Are you using any hostnames as endpoints or only IP addresses? DNS resolution timeouts could also contribute to slowness.

  • there 1 one phase 2 per tunnel

    i have
    20 SAD
    24 SPD

    Are you using any hostnames as endpoints
    yes, all enpoints are dynamic ip with a dyndns hostname

  • i have changed dns config

    System: General Setup

    i have uncheched
    Allow DNS server list to be overridden by DHCP/PPP on WAN

    and i have added the isp dns server (the same as before) in the edit box with use gateway selected

    and now i can put ipsec/status on the dashboard

Log in to reply