pfSense Gold Subscription

Author Topic: is there any limit on maximum number of ipsec tunnels  (Read 82 times)

0 Members and 1 Guest are viewing this topic.

Offline manishchawla2017

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
is there any limit on maximum number of ipsec tunnels
« on: December 05, 2017, 11:28:01 am »
Hi,
I wanted to create around 40+ ipsec tunnels with 1 pfsense installation to 39 others located  in different part of the world. I am wondering is there any limit?
if no what is the meaning of this

/var/etc/ipsec/strongswan.conf

charon {
# number of worker threads in charon
        threads = 16
        ikesa_table_size = 32

Offline dotdash

  • Hero Member
  • *****
  • Posts: 1919
  • Karma: +99/-3
    • View Profile
Re: is there any limit on maximum number of ipsec tunnels
« Reply #1 on: December 05, 2017, 01:22:22 pm »
It's only limited by the hardware. Strongswan suggests tuning the ikesa_table_size if you are running thousands of connections. https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
FWIW, on old server-class hardware, I see 11/16 threads idle with 32 tunnels active. You should be fine with 40 tunnels, see the Strongswan doc for fine detail on the config settings.