Not having run into this I searched out of curiosity.
Suggests fixing the issue rather than upping the limit:
https://forum.pfsense.org/index.php?topic=92495.0
and https://forum.pfsense.org/index.php?topic=109601.0 mentions "MSS clamping
may be required to reduce the effective MTU of the VPN" from
https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Hillie Sample
Sent: Monday, October 2, 2017 3:57 PM
To: list@lists.pfsense.org
Subject: [pfSense] Every so often I am seeing "[zone: pf frag entries] PF frag
entries limit reached" on my monitor attached to my pfsense box.
Every so often I am seeing "[zone: pf frag entries] PF frag entries
limit reached" on my monitor attached to my pfsense box.
I increased System > Advanced, Firewall & NAT tab, "Firewall Maximum
Fragment Entries" to 8192 from the default value of 5000 (Thanks Jim
Pingle for the tip).
I rebooted and unfortunately I am still having the message appear every
so often.
Should I increase the limit even higher?
Memory, CPU ans swap use is all very low.
2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19
Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Current: 3300 MHz, Max: 3301 MHz
4 CPUs: 1 package(s) x 4 core(s)
4GB Ram
I am using openvpn.
Any advice/suggestions appreciated.
Thanks,
Hillie
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold