About the usage of memory when creating 100 ipsec tunnels of vit mode

Zero_Kong · August 01, 2020, 08:45:45 PM

I had tested 100 ipsec tunnels(vti mode) at several opnsenses of 20.1, and i had created 100 gateways for these 100 vti tunnels, so 100 dpinger processes had been created automatically too.
If i connect all SAs of these 100 tunnels at the same time, the memory(4G) will be cost in sevesal seconds. And i found that there were 100 processes of /usr/local/etc/rc.filter_configure running at the same time, which were caused by /usr/local/etc/rc.syshook.d/monitor/10-dpinger.
My questions are that:
1. Why it will cost so much memory at this situation?
2. If i remove the /usr/local/etc/rc.filter_configure from /usr/local/etc/rc.filter_configure, will it cause any problem?

Patrick M. Hausen · August 03, 2020, 09:18:59 AM

You could disable gateway monitoring for those gateways and use an external monitoring solution (Icinga, Nagios, Monit, ...)

About the usage of memory when creating 100 ipsec tunnels of vit mode

Zero_Kong

August 01, 2020, 08:45:45 PM

Patrick M. Hausen

August 03, 2020, 09:18:59 AM #1