[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

large ipsec deployments

Can anyone share their recent experiences with the list using large (> 500 tunnels) IPSEC deployments and OpenBSD as the terminating server ? There is not a lot of throughput involved, just a lot of endpoints.

I know with FreeBSD, having more than ~ 400 policies installed runs into trouble with the size of the PF_KEY socket being fixed. Does OpenBSD do it differently to avoid such limits ?


Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike_(_at_)_sentex_(_dot_)_net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike