[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec Tunel
 Date:  Tue, 21 Oct 2008 15:50:53 -0400
On Tue, Oct 21, 2008 at 8:54 AM, Odimas Zotelli do Nascimento
<Odimas at netart dot com dot br> wrote:
>

>

Assuming adequate CPU capacity for the throughput desired, and at
least 128 MB RAM, about 80-100 or so. Due to scalability issues of
racoon/ipsec-tools in FreeBSD, you're going to be limited to about
80-100 simultaneous connections before things become completely
unstable. One of the pfSense developers has a 400 site IPsec
deployment he manages, and hit these issues. With his efforts and some
assistance from an ipsec-tools developer, pfSense has a non-stock
version of ipsec-tools that is known to work reliably up to 400
connections (nobody has tried more). It's something that could be
pulled into m0n0wall if it were of interest, I'm not sure of specifics
though.

-Chris