Messages

I had tested 100 ipsec tunnels(vti mode) at several opnsenses of 20.1, and i had created 100 gateways for these 100 vti tunnels, so 100 dpinger processes had been created automatically too.
If i connect all SAs of these 100 tunnels at the same time, the memory(4G) will be cost in sevesal seconds. And i found that there were 100 processes of /usr/local/etc/rc.filter_configure running at the same time, which were caused by /usr/local/etc/rc.syshook.d/monitor/10-dpinger.
My questions are that:
    1. Why it will cost so much memory at this situation?
    2. If i remove the /usr/local/etc/rc.filter_configure from /usr/local/etc/rc.filter_configure, will it cause any problem?

emmmm thx
I have another question about ospf.
Passive Interfaces have ipsec interface
But there are other virtual ipsec interface .
e.g. ipsce1000.....
Should these virtual ipsecs interface be selected?

65535/2=32767.5‬
If it is greater than 32767, an error will occur
Because opnsense creates ipsec every time it increases by 1000

Code Select Expand


root@DEV:~ # ifconfig ipsec32767 create
root@DEV:~ # ifconfig ipsec32768 create
ifconfig: SIOCIFCREATE2: No space left on device

ipsec32767 is ok but ipsec32768  :-[ :-[

When I added the ipsec configuration, I found that it only supports up to 32 configurations.
Check the ipsec establishment to ipsec3200 in the terminal.
What is the maximum number of ipsec supported by opnsense?

Code Select Expand


LAN (vtnet7)    -> v4: 172.16.1.254/24
OPT5 (vtnet5)   -> v4: 10.0.0.185/24
test(ipsec1000) -> v4: 172.31.0.3/32
opt1 (vtnet1)   -> v4: 1.1.2.1/24
opt1(site2 - opt1) (ipsec27000) -> v4: 169.254.0.116/32
opt1(site2 - opt2) (ipsec47000) ->
opt1(site2 - opt3) (ipsec32000) -> v4: 169.254.0.126/32
opt1(site2 - opt4) (ipsec37000) ->
opt1(site2 - wan) (ipsec42000) ->
opt1(site3 - opt1) (ipsec2000) -> v4: 169.254.0.18/32
opt1(site3 - opt2) (ipsec22000) -> v4: 169.254.0.58/32
opt1(site3 - opt3) (ipsec7000) -> v4: 169.254.0.28/32
opt1(site3 - opt4) (ipsec12000) -> v4: 169.254.0.38/32
opt1(site3 - wan) (ipsec17000) -> v4: 169.254.0.48/32
opt2 (vtnet2)   -> v4: 1.1.3.1/24
opt2(site2 - opt1) (ipsec31000) -> v4: 169.254.0.124/32
opt2(site2 - opt2) (ipsec51000) ->
opt2(site2 - opt3) (ipsec36000) ->
opt2(site2 - opt4) (ipsec41000) ->
opt2(site2 - wan) (ipsec46000) ->
opt2(site3 - opt1) (ipsec6000) -> v4: 169.254.0.26/32
opt2(site3 - opt2) (ipsec26000) -> v4: 169.254.0.66/32
opt2(site3 - opt3) (ipsec11000) -> v4: 169.254.0.36/32
opt2(site3 - opt4) (ipsec16000) -> v4: 169.254.0.46/32
opt2(site3 - wan) (ipsec21000) -> v4: 169.254.0.56/32
opt3 (vtnet3)   -> v4: 1.1.4.1/24
opt3(site2 - opt1) (ipsec28000) -> v4: 169.254.0.118/32
opt3(site2 - opt2) (ipsec48000) ->
opt3(site2 - opt3) (ipsec33000) ->
opt3(site2 - opt4) (ipsec38000) ->
opt3(site2 - wan) (ipsec43000) ->
opt3(site3 - opt1) (ipsec3000) -> v4: 169.254.0.20/32
opt3(site3 - opt2) (ipsec23000) -> v4: 169.254.0.60/32
opt3(site3 - opt3) (ipsec8000) -> v4: 169.254.0.30/32
opt3(site3 - opt4) (ipsec13000) -> v4: 169.254.0.40/32
opt3(site3 - wan) (ipsec18000) -> v4: 169.254.0.50/32
opt4 (vtnet4)   -> v4: 1.1.5.1/24
opt4(site2 - opt1) (ipsec29000) -> v4: 169.254.0.120/32
opt4(site2 - opt2) (ipsec49000) ->
opt4(site2 - opt3) (ipsec34000) ->
opt4(site2 - opt4) (ipsec39000) ->
opt4(site2 - wan) (ipsec44000) ->
opt4(site3 - opt1) (ipsec4000) -> v4: 169.254.0.22/32
opt4(site3 - opt2) (ipsec24000) -> v4: 169.254.0.62/32
opt4(site3 - opt3) (ipsec9000) -> v4: 169.254.0.32/32
opt4(site3 - opt4) (ipsec14000) -> v4: 169.254.0.42/32
opt4(site3 - wan) (ipsec19000) -> v4: 169.254.0.52/32
wan (vtnet0)    -> v4: 1.1.1.1/24
wan(site2 - opt1) (ipsec30000) -> v4: 169.254.0.122/32
wan(site2 - opt2) (ipsec50000) ->
wan(site2 - opt3) (ipsec35000) ->
wan(site2 - opt4) (ipsec40000) ->
wan(site2 - wan) (ipsec45000) ->
wan(site3 - opt1) (ipsec5000) -> v4: 169.254.0.24/32
wan(site3 - opt2) (ipsec25000) -> v4: 169.254.0.64/32
wan(site3 - opt3) (ipsec10000) -> v4: 169.254.0.34/32
wan(site3 - opt4) (ipsec15000) -> v4: 169.254.0.44/32
wan(site3 - wan) (ipsec20000) -> v4: 169.254.0.54/32