Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Max number of ipsec tunnel?

    Scheduled Pinned Locked Moved Hardware
    5 Posts 2 Posters 980 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bhawk6901
      last edited by

      Hello
      is there any limit to number of ipsec tunnels on pfsense?
      we have currently soekris net 6501-70 boards across all our branch offices
      i'd like to know how many ipsec tunnels can the soekris system handle situated at our HQ?
      And what throughput do you guys think can be achieved at max?
      Will be grateful if someone has any info regarding that

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka
        last edited by

        It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • B
          bhawk6901
          last edited by

          @Jason:

          It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

          yes throughput would be affected i know
          we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/

          1 Reply Last reply Reply Quote 0
          • J
            jasonlitka
            last edited by

            @bhawk6901:

            @Jason:

            It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

            yes throughput would be affected i know
            we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/

            8 IPSec tunnels is nothing so you're fine there.

            As to throughput, yes, if they're all running full out, expect no more than 10-20Mbit/s per location.  If you expect them to be running in that range you may want to consider limiters or traffic shaping as well, just to make sure that one location doesn't monopolize your entire capacity.

            I can break anything.

            1 Reply Last reply Reply Quote 0
            • B
              bhawk6901
              last edited by

              @Jason:

              @bhawk6901:

              @Jason:

              It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

              yes throughput would be affected i know
              we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/

              8 IPSec tunnels is nothing so you're fine there.

              As to throughput, yes, if they're all running full out, expect no more than 10-20Mbit/s per location.  If you expect them to be running in that range you may want to consider limiters or traffic shaping as well, just to make sure that one location doesn't monopolize your entire capacity.

              Thanks for your insight :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.