Topics

1

20.1 Legacy Series / About the usage of memory when creating 100 ipsec tunnels of vit mode

« on: August 01, 2020, 08:45:45 pm »

I had tested 100 ipsec tunnels(vti mode) at several opnsenses of 20.1, and i had created 100 gateways for these 100 vti tunnels, so 100 dpinger processes had been created automatically too.
If i connect all SAs of these 100 tunnels at the same time, the memory(4G) will be cost in sevesal seconds. And i found that there were 100 processes of /usr/local/etc/rc.filter_configure running at the same time, which were caused by /usr/local/etc/rc.syshook.d/monitor/10-dpinger.
My questions are that:
    1. Why it will cost so much memory at this situation?
    2. If i remove the /usr/local/etc/rc.filter_configure from /usr/local/etc/rc.filter_configure, will it cause any problem?

2

20.1 Legacy Series / About adding more ipsec

« on: July 01, 2020, 04:14:58 am »

When I added the ipsec configuration, I found that it only supports up to 32 configurations.
Check the ipsec establishment to ipsec3200 in the terminal.
What is the maximum number of ipsec supported by opnsense?

Code: [Select]

LAN (vtnet7)    -> v4: 172.16.1.254/24
 OPT5 (vtnet5)   -> v4: 10.0.0.185/24
 test(ipsec1000) -> v4: 172.31.0.3/32
 opt1 (vtnet1)   -> v4: 1.1.2.1/24
 opt1(site2 - opt1) (ipsec27000) -> v4: 169.254.0.116/32
 opt1(site2 - opt2) (ipsec47000) ->
 opt1(site2 - opt3) (ipsec32000) -> v4: 169.254.0.126/32
 opt1(site2 - opt4) (ipsec37000) ->
 opt1(site2 - wan) (ipsec42000) ->
 opt1(site3 - opt1) (ipsec2000) -> v4: 169.254.0.18/32
 opt1(site3 - opt2) (ipsec22000) -> v4: 169.254.0.58/32
 opt1(site3 - opt3) (ipsec7000) -> v4: 169.254.0.28/32
 opt1(site3 - opt4) (ipsec12000) -> v4: 169.254.0.38/32
 opt1(site3 - wan) (ipsec17000) -> v4: 169.254.0.48/32
 opt2 (vtnet2)   -> v4: 1.1.3.1/24
 opt2(site2 - opt1) (ipsec31000) -> v4: 169.254.0.124/32
 opt2(site2 - opt2) (ipsec51000) ->
 opt2(site2 - opt3) (ipsec36000) ->
 opt2(site2 - opt4) (ipsec41000) ->
 opt2(site2 - wan) (ipsec46000) ->
 opt2(site3 - opt1) (ipsec6000) -> v4: 169.254.0.26/32
 opt2(site3 - opt2) (ipsec26000) -> v4: 169.254.0.66/32
 opt2(site3 - opt3) (ipsec11000) -> v4: 169.254.0.36/32
 opt2(site3 - opt4) (ipsec16000) -> v4: 169.254.0.46/32
 opt2(site3 - wan) (ipsec21000) -> v4: 169.254.0.56/32
 opt3 (vtnet3)   -> v4: 1.1.4.1/24
 opt3(site2 - opt1) (ipsec28000) -> v4: 169.254.0.118/32
 opt3(site2 - opt2) (ipsec48000) ->
 opt3(site2 - opt3) (ipsec33000) ->
 opt3(site2 - opt4) (ipsec38000) ->
 opt3(site2 - wan) (ipsec43000) ->
 opt3(site3 - opt1) (ipsec3000) -> v4: 169.254.0.20/32
 opt3(site3 - opt2) (ipsec23000) -> v4: 169.254.0.60/32
 opt3(site3 - opt3) (ipsec8000) -> v4: 169.254.0.30/32
 opt3(site3 - opt4) (ipsec13000) -> v4: 169.254.0.40/32
 opt3(site3 - wan) (ipsec18000) -> v4: 169.254.0.50/32
 opt4 (vtnet4)   -> v4: 1.1.5.1/24
 opt4(site2 - opt1) (ipsec29000) -> v4: 169.254.0.120/32
 opt4(site2 - opt2) (ipsec49000) ->
 opt4(site2 - opt3) (ipsec34000) ->
 opt4(site2 - opt4) (ipsec39000) ->
 opt4(site2 - wan) (ipsec44000) ->
 opt4(site3 - opt1) (ipsec4000) -> v4: 169.254.0.22/32
 opt4(site3 - opt2) (ipsec24000) -> v4: 169.254.0.62/32
 opt4(site3 - opt3) (ipsec9000) -> v4: 169.254.0.32/32
 opt4(site3 - opt4) (ipsec14000) -> v4: 169.254.0.42/32
 opt4(site3 - wan) (ipsec19000) -> v4: 169.254.0.52/32
 wan (vtnet0)    -> v4: 1.1.1.1/24
 wan(site2 - opt1) (ipsec30000) -> v4: 169.254.0.122/32
 wan(site2 - opt2) (ipsec50000) ->
 wan(site2 - opt3) (ipsec35000) ->
 wan(site2 - opt4) (ipsec40000) ->
 wan(site2 - wan) (ipsec45000) ->
 wan(site3 - opt1) (ipsec5000) -> v4: 169.254.0.24/32
 wan(site3 - opt2) (ipsec25000) -> v4: 169.254.0.64/32
 wan(site3 - opt3) (ipsec10000) -> v4: 169.254.0.34/32
 wan(site3 - opt4) (ipsec15000) -> v4: 169.254.0.44/32
 wan(site3 - wan) (ipsec20000) -> v4: 169.254.0.54/32