Max number of ipsec tunnel?



  • Hello
    is there any limit to number of ipsec tunnels on pfsense?
    we have currently soekris net 6501-70 boards across all our branch offices
    i'd like to know how many ipsec tunnels can the soekris system handle situated at our HQ?
    And what throughput do you guys think can be achieved at max?
    Will be grateful if someone has any info regarding that



  • It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.



  • @Jason:

    It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

    yes throughput would be affected i know
    we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/



  • @bhawk6901:

    @Jason:

    It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

    yes throughput would be affected i know
    we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/

    8 IPSec tunnels is nothing so you're fine there.

    As to throughput, yes, if they're all running full out, expect no more than 10-20Mbit/s per location.  If you expect them to be running in that range you may want to consider limiters or traffic shaping as well, just to make sure that one location doesn't monopolize your entire capacity.



  • @Jason:

    @bhawk6901:

    @Jason:

    It's not the number of tunnels that's the problem, it's the throughput.  Those boxes aren't very fast and will top out pretty low.  I've long since stopped using my 6501 so I can't speak to improvements made in 2.2.x, but I doubt you'd see more than 70-80Mbit/s.

    yes throughput would be affected i know
    we have 8 branches so as per your estimate, throughtput will be hardly 10-20 mbit/s :/

    8 IPSec tunnels is nothing so you're fine there.

    As to throughput, yes, if they're all running full out, expect no more than 10-20Mbit/s per location.  If you expect them to be running in that range you may want to consider limiters or traffic shaping as well, just to make sure that one location doesn't monopolize your entire capacity.

    Thanks for your insight :)