Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Zero_Kong

Pages: [1]

20.1 Legacy Series / About the usage of memory when creating 100 ipsec tunnels of vit mode

« on: August 01, 2020, 08:45:45 pm »

I had tested 100 ipsec tunnels(vti mode) at several opnsenses of 20.1, and i had created 100 gateways for these 100 vti tunnels, so 100 dpinger processes had been created automatically too.
If i connect all SAs of these 100 tunnels at the same time, the memory(4G) will be cost in sevesal seconds. And i found that there were 100 processes of /usr/local/etc/rc.filter_configure running at the same time, which were caused by /usr/local/etc/rc.syshook.d/monitor/10-dpinger.
My questions are that:
1. Why it will cost so much memory at this situation?
2. If i remove the /usr/local/etc/rc.filter_configure from /usr/local/etc/rc.filter_configure, will it cause any problem?

20.1 Legacy Series / Re: About adding more ipsec

« on: July 04, 2020, 08:39:41 am »

emmmm thx
I have another question about ospf.
Passive Interfaces have ipsec interface
But there are other virtual ipsec interface .
e.g. ipsce1000.....
Should these virtual ipsecs interface be selected?

20.1 Legacy Series / Re: About adding more ipsec

« on: July 01, 2020, 04:31:30 am »

65535/2=32767.5‬
If it is greater than 32767, an error will occur
Because opnsense creates ipsec every time it increases by 1000

Code: [Select]

root@DEV:~ # ifconfig ipsec32767 create
root@DEV:~ # ifconfig ipsec32768 create
ifconfig: SIOCIFCREATE2: No space left on device

ipsec32767 is ok but ipsec32768

20.1 Legacy Series / About adding more ipsec

« on: July 01, 2020, 04:14:58 am »

When I added the ipsec configuration, I found that it only supports up to 32 configurations.
Check the ipsec establishment to ipsec3200 in the terminal.
What is the maximum number of ipsec supported by opnsense?

Code: [Select]

 LAN (vtnet7)    -> v4: 172.16.1.254/24
 OPT5 (vtnet5)   -> v4: 10.0.0.185/24
 test(ipsec1000) -> v4: 172.31.0.3/32
 opt1 (vtnet1)   -> v4: 1.1.2.1/24
 opt1(site2 - opt1) (ipsec27000) -> v4: 169.254.0.116/32
 opt1(site2 - opt2) (ipsec47000) ->
 opt1(site2 - opt3) (ipsec32000) -> v4: 169.254.0.126/32
 opt1(site2 - opt4) (ipsec37000) ->
 opt1(site2 - wan) (ipsec42000) ->
 opt1(site3 - opt1) (ipsec2000) -> v4: 169.254.0.18/32
 opt1(site3 - opt2) (ipsec22000) -> v4: 169.254.0.58/32
 opt1(site3 - opt3) (ipsec7000) -> v4: 169.254.0.28/32
 opt1(site3 - opt4) (ipsec12000) -> v4: 169.254.0.38/32
 opt1(site3 - wan) (ipsec17000) -> v4: 169.254.0.48/32
 opt2 (vtnet2)   -> v4: 1.1.3.1/24
 opt2(site2 - opt1) (ipsec31000) -> v4: 169.254.0.124/32
 opt2(site2 - opt2) (ipsec51000) ->
 opt2(site2 - opt3) (ipsec36000) ->
 opt2(site2 - opt4) (ipsec41000) ->
 opt2(site2 - wan) (ipsec46000) ->
 opt2(site3 - opt1) (ipsec6000) -> v4: 169.254.0.26/32
 opt2(site3 - opt2) (ipsec26000) -> v4: 169.254.0.66/32
 opt2(site3 - opt3) (ipsec11000) -> v4: 169.254.0.36/32
 opt2(site3 - opt4) (ipsec16000) -> v4: 169.254.0.46/32
 opt2(site3 - wan) (ipsec21000) -> v4: 169.254.0.56/32
 opt3 (vtnet3)   -> v4: 1.1.4.1/24
 opt3(site2 - opt1) (ipsec28000) -> v4: 169.254.0.118/32
 opt3(site2 - opt2) (ipsec48000) ->
 opt3(site2 - opt3) (ipsec33000) ->
 opt3(site2 - opt4) (ipsec38000) ->
 opt3(site2 - wan) (ipsec43000) ->
 opt3(site3 - opt1) (ipsec3000) -> v4: 169.254.0.20/32
 opt3(site3 - opt2) (ipsec23000) -> v4: 169.254.0.60/32
 opt3(site3 - opt3) (ipsec8000) -> v4: 169.254.0.30/32
 opt3(site3 - opt4) (ipsec13000) -> v4: 169.254.0.40/32
 opt3(site3 - wan) (ipsec18000) -> v4: 169.254.0.50/32
 opt4 (vtnet4)   -> v4: 1.1.5.1/24
 opt4(site2 - opt1) (ipsec29000) -> v4: 169.254.0.120/32
 opt4(site2 - opt2) (ipsec49000) ->
 opt4(site2 - opt3) (ipsec34000) ->
 opt4(site2 - opt4) (ipsec39000) ->
 opt4(site2 - wan) (ipsec44000) ->
 opt4(site3 - opt1) (ipsec4000) -> v4: 169.254.0.22/32
 opt4(site3 - opt2) (ipsec24000) -> v4: 169.254.0.62/32
 opt4(site3 - opt3) (ipsec9000) -> v4: 169.254.0.32/32
 opt4(site3 - opt4) (ipsec14000) -> v4: 169.254.0.42/32
 opt4(site3 - wan) (ipsec19000) -> v4: 169.254.0.52/32
 wan (vtnet0)    -> v4: 1.1.1.1/24
 wan(site2 - opt1) (ipsec30000) -> v4: 169.254.0.122/32
 wan(site2 - opt2) (ipsec50000) ->
 wan(site2 - opt3) (ipsec35000) ->
 wan(site2 - opt4) (ipsec40000) ->
 wan(site2 - wan) (ipsec45000) ->
 wan(site3 - opt1) (ipsec5000) -> v4: 169.254.0.24/32
 wan(site3 - opt2) (ipsec25000) -> v4: 169.254.0.64/32
 wan(site3 - opt3) (ipsec10000) -> v4: 169.254.0.34/32
 wan(site3 - opt4) (ipsec15000) -> v4: 169.254.0.44/32
 wan(site3 - wan) (ipsec20000) -> v4: 169.254.0.54/32

Pages: [1]