[strongSwan] max number of SAs
Martin Willi
martin at strongswan.org
Thu May 22 12:43:16 CEST 2014
Hi Miro,
> Security Associations (4595 up, 587 connecting)
>
> Is there a way to get more? What's the main blocker?
There is no hard limit for the number of SAs in strongSwan. Most likely
you are initiating just too many connections simultaneously, and your
responder can't handle that load.
To properly configure strongSwan to handle many tunnels, refer to [1]
and [2]. Usually public key cryptography is the limiting factor
regarding tunnel setup rate, [3] has some numbers.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
[2]http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration#Performance-consideration
[3]http://wiki.strongswan.org/projects/strongswan/wiki/PublicKeySpeed
More information about the Users
mailing list