Not having run into this I searched out of curiosity. Suggests fixing the issue rather than upping the limit: https://forum.pfsense.org/index.php?topic=92495.0
and https://forum.pfsense.org/index.php?topic=109601.0 mentions "MSS clamping may be required to reduce the effective MTU of the VPN" from https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols. -- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Hillie Sample Sent: Monday, October 2, 2017 3:57 PM To: [email protected] Subject: [pfSense] Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" on my monitor attached to my pfsense box. Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" on my monitor attached to my pfsense box. I increased System > Advanced, Firewall & NAT tab, "Firewall Maximum Fragment Entries" to 8192 from the default value of 5000 (Thanks Jim Pingle for the tip). I rebooted and unfortunately I am still having the message appear every so often. Should I increase the limit even higher? Memory, CPU ans swap use is all very low. 2.3.4-RELEASE-p1 (amd64) built on Fri Jul 14 14:52:43 CDT 2017 FreeBSD 10.3-RELEASE-p19 Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz Current: 3300 MHz, Max: 3301 MHz 4 CPUs: 1 package(s) x 4 core(s) 4GB Ram I am using openvpn. Any advice/suggestions appreciated. Thanks, Hillie _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
