On Mon, Mar 8, 2010 at 2:59 PM, Jim Pingle <[email protected]> wrote: > On 3/8/2010 5:51 PM, David Rees wrote: >> I've seen same or similar behavior on an ALIX box with a fairly large >> ruleset and decent number of VPNs. >> >> We could never get all the VPNs to come up properly and we eventually >> ended up with a corrupted configuration file while we were trying to >> disable/enable various VPNs (which takes a LONG time on ALIX hardware >> and is very tedious). >> >> Ended up dropping the config file into a more powerful machine and it >> works fine. >> >> I'm guessing that there is some sort of race condition somewhere in at >> least a couple places. > > How many VPNs? I've had as many as 9 IPsec tunnels going between ALIX > boxes on 1.2.3 and never had any issues.
Only a few more - 12. 6 VLANs connected to a T1 and a DSL line. About 250 different firewall rules across 8 interfaces, PPTP and IPsec interfaces. Does't seem like much, but we couldn't get more than a couple VPNs to come online using the ALIX box, but had no issues once we swapped in an old Pentuin 4 desktop and is actually running a 1.8GHz Pentium M now. Editing any IPsec VPN would take a LONG time. Probably about 10 seconds per VPN. Even on faster hardware it's slow. The config corrupted when we started editing multiple IPsec definitions at the same time to save time. Didn't have time to debug it much further. We were using the ALIX box previously to just load balance/failover the DSL/T1 line and it worked great for that. -Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
